Permission for Github integration

Hello,

My team would like to use the sonarqube (9.4.0.54424) instance of another team in my company.
To do that, my colleague (who installed sonarqube)activate the github authentication and i created a github app with right permissions.
I can authenticate myself on the Sonarqube interface with Github but i have a problem, when i try to create a project coming from github i always have this message :


You’re not authorized to access this page. Please contact the administrator.


I followed the documentation ton grant right permissions for the github app so i don’t think that it comming from here.

I precise that ma colleague add me to the the sonar-administrator group but it change nothing.

Maybe i forget a step, i’m a little bit lost .

Does anyone have an idea ?

(Sorry for my english, i’m french)

Hi,

Welcome to the community!

Do you have project creation rights within SonarQube?

 
Ann

Hi,

Thanks to take the time to answer to my question.

Yes i’ve check again this morning and i have creation right for my user

Emmanuel

Hi,

Sorry, but this isn’t quite clear to me. What page are you coming from, and what’s the URL (or just the path, if you like) where you see this error?

 
Thx,
Ann

So when I am on the page Projects :

  • Click on the button create project
  • Click on github
  • Then i’m redirect to /projects/create?mode=github (briefly) and i’m automatically redirect to the url /sessions/unauthorized with the message You’re not authorized to access this page. Please contact the administrator.

Hi,

Is there a proxy involved?

And… I assume you’re delegating authentication. By what method / to what system?

 
Ann

Hi

For the proxy i’m not sure i’m gonna ask to my colleague but for the authentication we use GitHub Authentication with client_secret, client_id, app id and private key .

Emmanuel

Hi,

I’m a little lost myself. I’ve referred this for more expert attention.

 
Ann

Thank you for your help Ann

My colleague just told me that we use a proxy ngninx ingress kubernetes (and our sonarqube instance is hosted on Goggle Kubernetes Engine )

Hi Ann,

Do you have any news from your colleague concerning my problem ?

Emmanuel

Hi,

Sorry, no.

 
Ann

Hi @Emmanuel_Prou,

Do you confirm your configuration is valid like this?

If yes, could you try again to reproduce the issue and zip up your $SONARQUBE_HOME/logs/ folder and share it here? I can help you look further.

1 Like

hi @Fan_Yang
Thanks for your help
Our configuration is slightly different, Quality gate status reporting Disabled , I havent’t found wich permission give to the the github apps to fix that, maybe this is the origin of my problem ?
Capture d’écran du 2022-06-02 15-17-20

But the Import repositories from your DevOps Platform is good

Quality gate status reporting Disabled can be checked later.

So could you try again to reproduce the issue and zip up your $SONARQUBE_HOME/logs/ folder and share it?

OK thanks
Here is an export of our logs directory
logs.zip (306.3 KB)

Unfortunately, there is not too much information in the server logs.

Can you do the following and share again the server logs at DEBUG level?

  • Turn the log level to DEBUG level (Global Administration > System > Logs Level )
  • Try to create a project from GitHub on SonarQube to reproduce the error
  • Return the log level to INFO level
  • Zip up the $SONARQUBE_HOME/logs/ folder and share it

logs.zip (314.9 KB)
Thanks

The error message is here, from access.log.

10.156.0.14 - - [03/Jun/2022:09:03:02 +0000] "GET /oauth2/callback?error=redirect_uri_mismatch&error_description=The+redirect_uri+MUST+match+the+registered+callback+URL+for+this+application.&error_uri=https%3A%2F%2Fdocs.github.com%2Fapps%2Fmanaging-oauth-apps%2Ftroubleshooting-authorization-request-errors%2F%23redirect-uri-mismatch HTTP/1.1" 302 - "https://sonarq.birdz.com/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36" "AYD+ETc4oyzAlBoJAL1v"

So you have a redirect_uri_mismatch because your redirect_uri does not match the registered callback URL for this SonarQube OAuth integration.

You need to set callback URL of GitHub App to the public URL for your SQ server.

This was indeed the problem !
Thank you very much @Fan_Yang !!!

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.