-
Bug
-
Resolution: Fixed
-
Critical
-
None
-
-
iapetus, 1.0
Steps to reproduce:
- Generate a valid Github access token
- Use the /scm/github/validate endpoint to validate and create the credential
- Return to Github UI and revoke the access token
- Call /scm/github and note the credential is returned
- Call /scm/github/organizations?credentialId=github and note the 500 error
Response body:
{ "message" : "Server returned HTTP response code: 401, message: 'Unauthorized' for URL: https://api.github.com/user", "code" : 500, "errors" : [ ] }
Possible solutions
- I think ideally the /scm/github would re-validate the credential and return an error response if Github indicates the access token is invalid. From the UI's standpoint it would be helpful to discover this as early in the flow as possible. However, I know there would be a performance or rate-limit impact to doing this every time, so I understand if we decide not to go that route.
- Whether we do the above or not, I think the /organizations API should not return a 500 but perhaps instead a 403 (or 401) indicating that access was denied by Github.
Note: this same issue also affects the /organizations/repositories API as well.
- blocks
-
JENKINS-42103 Github creation flow doesn't handle revoked access token properly
- Closed