Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bad Credentials error when run in organization using service account #212

Open
JN-Hernandez opened this issue Sep 13, 2022 · 3 comments
Open

Bad Credentials error when run in organization using service account #212

JN-Hernandez opened this issue Sep 13, 2022 · 3 comments

Comments

@JN-Hernandez
Copy link

I'm able to run the add-to-project GitHub Action workflow without any issue in a personal repo, and feeling pleased with it, tried to implement it for my organization. Unfortunately, I haven't been able to make it work: I keep getting a "Bad Credentials" error message.

After pushing the add-to-project.yml to the repo, I used a service account with organization 'member' privileges to create a PAT (ensuring it had the same secret name indicated in the .yml file), giving it the 'repo', 'project', and 'workflow' scopes.
I then added this service account to the repo as a collaborator with owner/admin rights.
Next, I added a repository secret (named the same secret name indicated in the .yml file) to the repo.
Testing at this point resulted in a "Bad Credentials" error.

After conducting research, added the following scopes to the token:

  • write:org
  • read:org

Testing of this change did not work. More research found that some people had to added these additional scopes:

  • manage_runners:org
  • manage_runners:enterprise

Testing of this scope update still did not work, so I conducted more troubleshooting with the following attempts:

  • Creating the PAT from my personal account which has full owner/admin access of the entire org (set as owner/admin to repo)
  • Creating the PAT from a different service account which has full owner/admin access of the entire org (set as owner/admin to repo)
  • Updating the PAT to have full scope rather than limited to just 'repo', 'project', and 'workflow'
  • Create environment secret instead of repo secret (done with service account 1 and service account 2)
  • Create org secret instead of repo secret (done with service account 1 and service account 2)

Each test run resulted in the same "Bad Credentials" error. Not sure if I hit a bug, or if implementation for an org is different.
@kuzdogan
Copy link

In this issue #264 I see the output that for organizations a Github App is recommended but this is not documented in this README so maybe you need an App. I also wanted to have a similar setup (and assume many other people will do) but the access issues seem to be really annoying. Even having to add a PAT on the organizational level is difficult and there should be a way to link a Project to a repo IMO.

@luis-ok
Copy link

luis-ok commented Nov 30, 2022

I just wanted to say that I also had the same issue. Hoping this issue will be resolved soon 😄

@natke
Copy link

natke commented Jan 5, 2023

I also have the same issue. And it is complicated by the action not working with Projects (classic). I migrated my project to an org project and now have to deal with authentication at the org level rather than repo level.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@natke @kuzdogan @JN-Hernandez @luis-ok