GitHub Enterprise sign in fails without user email permission

Steps to reproduce:

  1. Install SonarQube 8.5.1-community with oteemocharts/sonarqube Helm chart version 9.5.1.
  2. Create a GitHub App (not an OAuth app) with details/permissions as shown in this docs page (GitHub Enterprise 2.22.5)
  3. Attempt to login to SonarQube using GitHub.

Expected result:
Users can login.

Actual result:
User receives an unauthorised error when trying to login. SonarQube logs show:

2021.03.19 12:53:53 WARN  web[***][o.s.s.a.AuthenticationError] Fail to callback authentication with 'github'
java.lang.IllegalStateException: Fail to execute request 'https://example.com/api/v3/user/emails'. HTTP code: 403, response: {"message":"Resource not accessible by integration","documentation_url":"https://docs.github.com/enterprise/2.22/rest/reference/users#list-email-addresses-for-the-authenticated-user"}

Workaround:
Configure the GitHub app with the users:email permission set to read-only (not mentioned in the docs page).

Hi @eboddington and welcome to the community :wave:

i am a bit confused, so maybe you can elaborate your problem a little bit? the users:email permission R/O requirement is listed in GitHub Integration | SonarQube Docs under Creating your GitHub App → If setting up GitHub Authentication

Yes it is, but the current docs are for 8.8 which was released after my previous post. Go back to the 8.7 docs and you’ll see that it’s not there, so clearly someone has realised and added this :slight_smile:

that makes sense now, thank you i didn’t had a look at the timing :slight_smile:
i will mark this as resolved as the information is now in the docs and thank you for the report

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.