Broken: APIs stopped accepting organization tokens in Basic Auth

We rely on dotnet-sonarscanner (GitHub - SonarSource/sonar-scanner-msbuild: SonarScanner for .NET · GitHub), and today it stopped authenticating with our organization API key.

After testing the validate API with the same token, it works when using Bearer Header, but not with Basic Auth.

dotnet-sonarscanner uses Basic Auth, and it was working yesterday.

It seems that Sonar has deprecated Basic Auth for organization tokens without first migrating their maintained dependencies.

Please address.

Current workaround is to generate a personal access token to use with dotnet-sonarscanner. Basic Auth still accepts PAT.

We are also seeing similar issues using the API curls when retrieving task info. Getting a 401 when calling URLS like this using a scoped organization token:
https://sonarcloud.io/api/ce/task?id=<task_id>

We use concourse ci and this resource GitHub - cathive/concourse-sonarqube-resource at fa14131b209b95bc5f732d31e18f87c17df60287 · GitHub

The same tokens are working to run the analysis, just not retrieve the task output.

Hello, thanks for reporting this. We’ve opened an incident on https://status.sonarqube.com/. In the short term, as you mentioned, using a PAT should resolve the 401 response for pipelines. For API curl requests try using Bearer authentication as we recommend in our documentation: Web API | SonarQube Cloud | Sonar Documentation.