We’re using Sonarqube 9.9.1. We have an issue when we try to create a project and select GitHub. It loads something and then responds with:
"You're not authorized to access this page. Please contact the administrator."
But I am administrator. Meanwhile everything seems to work well: I can authorize with GitHub credentials, I can run tests and get quality gates in porjects that I’ve added manually.
In “DevOps platforms integrations” we got both green checks on:
Quality Gate status reporting
Import repositories from your DevOps Platform
What could it be?
Welcome to the community!
You’re an admin in SonarQube. What are your permissions in GitHub? Or, perhaps more pertinently, what are the permissions the application has been granted in GitHub?
Is there anything interesting in your server logs?
Thank you for your response. In Access.log I see:
GET /oauth2/callback?error=redirect_uri_mismatch&error_description=The+redirect_uri+MUST+match+the+registered+callback+URL+for+this+application.&error_uri=https%3A%2F%2Fdocs.github.com%2Fapps%2Fmanaging-oauth-apps%2Ftroubleshooting-authorization-request-errors%2F%23redirect-uri-mismatch HTTP/1.0" 302
I assume it needs to be checked on oauth side of GitHub integration. It’s strange that the authentication itself is working. Will dig into this
I re-created the OAuth App for Sonarqube per manual and getting the same error. The only thing in Manual that confusing me is that Homepage URL and Authorization callback URL are different in the example. For the callback they suggest “https://yourinstance.sonarqube.com” while for base URL it’s “https://sonarqube.mycompany.com” what is the correct Callback URL here? Is it the same as base URL?
UPD: I’ve checked the webpage source and it seems that the GitHub URL requested is this:
Is it expected? In that case the redirect URI doesn’t match what I put in the callback and what is mentioned in the manual
The base URL is SonarQube’s URL as designated in Administration → General → Server base URL.
For homepage URL, the docs say you can use anything. But why not? Might as well use the Server base URL.
In this case, I think it’s an attempt to dump you out - after authentication - at the page you were originally trying to reach, rather than at the app homepage.
Right, but that is the link that being send to GitHub and after that I’m getting an error that redirect_uri don’t match. So the Authorization callback URL should be exactly my base URL? Well it is in my case, but it doesn’t solve the issue
Do you have a proxy in the middle here?
This is fixed.
For some reason it wasn’t working with OAuth app, but worked with GitHub App. I’ve just added a callback URL as for OAuth app and it worked.