Permission for Github integration

Emmanuel_Prou · May 10, 2022, 9:25am

Hello,

My team would like to use the sonarqube (9.4.0.54424) instance of another team in my company.
To do that, my colleague (who installed sonarqube)activate the github authentication and i created a github app with right permissions.
I can authenticate myself on the Sonarqube interface with Github but i have a problem, when i try to create a project coming from github i always have this message :

You’re not authorized to access this page. Please contact the administrator.

I followed the documentation ton grant right permissions for the github app so i don’t think that it comming from here.

I precise that ma colleague add me to the the sonar-administrator group but it change nothing.

Maybe i forget a step, i’m a little bit lost .

Does anyone have an idea ?

(Sorry for my english, i’m french)

ganncamp · May 10, 2022, 3:09pm

Hi,

Welcome to the community!

Do you have project creation rights within SonarQube?

Ann

Emmanuel_Prou · May 11, 2022, 7:33am

Hi,

Thanks to take the time to answer to my question.

Yes i’ve check again this morning and i have creation right for my user

Emmanuel

ganncamp · May 11, 2022, 7:40am

Hi,

Sorry, but this isn’t quite clear to me. What page are you coming from, and what’s the URL (or just the path, if you like) where you see this error?

Thx,
Ann

Emmanuel_Prou · May 11, 2022, 11:38am

So when I am on the page Projects :

Click on the button create project
Click on github
Then i’m redirect to /projects/create?mode=github (briefly) and i’m automatically redirect to the url /sessions/unauthorized with the message You’re not authorized to access this page. Please contact the administrator.

ganncamp · May 11, 2022, 12:09pm

Hi,

Is there a proxy involved?

And… I assume you’re delegating authentication. By what method / to what system?

Ann

Emmanuel_Prou · May 12, 2022, 7:10am

Hi

For the proxy i’m not sure i’m gonna ask to my colleague but for the authentication we use GitHub Authentication with client_secret, client_id, app id and private key .

Emmanuel

ganncamp · May 12, 2022, 7:32am

Hi,

I’m a little lost myself. I’ve referred this for more expert attention.

Ann

Emmanuel_Prou · May 12, 2022, 8:05am

Thank you for your help Ann

My colleague just told me that we use a proxy ngninx ingress kubernetes (and our sonarqube instance is hosted on Goggle Kubernetes Engine )

Emmanuel_Prou · May 30, 2022, 1:13pm

Hi Ann,

Do you have any news from your colleague concerning my problem ?

Emmanuel

ganncamp · May 31, 2022, 11:37am

Hi,

Sorry, no.

Ann

Fan_Yang · June 2, 2022, 12:55pm

Hi @Emmanuel_Prou,

Do you confirm your configuration is valid like this?

If yes, could you try again to reproduce the issue and zip up your $SONARQUBE_HOME/logs/ folder and share it here? I can help you look further.

Emmanuel_Prou · June 2, 2022, 1:22pm

hi @Fan_Yang
Thanks for your help
Our configuration is slightly different, Quality gate status reporting Disabled , I havent’t found wich permission give to the the github apps to fix that, maybe this is the origin of my problem ?
Capture d’écran du 2022-06-02 15-17-20

But the Import repositories from your DevOps Platform is good

Fan_Yang · June 2, 2022, 1:32pm

Quality gate status reporting Disabled can be checked later.

So could you try again to reproduce the issue and zip up your $SONARQUBE_HOME/logs/ folder and share it?

Emmanuel_Prou · June 2, 2022, 2:02pm

OK thanks
Here is an export of our logs directory
logs.zip (306.3 KB)

Fan_Yang · June 3, 2022, 7:25am

Unfortunately, there is not too much information in the server logs.

Can you do the following and share again the server logs at DEBUG level?

Turn the log level to DEBUG level (Global Administration > System > Logs Level )
Try to create a project from GitHub on SonarQube to reproduce the error
Return the log level to INFO level
Zip up the $SONARQUBE_HOME/logs/ folder and share it

Emmanuel_Prou · June 3, 2022, 9:10am

logs.zip (314.9 KB)
Thanks

Fan_Yang · June 5, 2022, 6:20pm

The error message is here, from access.log.

10.156.0.14 - - [03/Jun/2022:09:03:02 +0000] "GET /oauth2/callback?error=redirect_uri_mismatch&error_description=The+redirect_uri+MUST+match+the+registered+callback+URL+for+this+application.&error_uri=https%3A%2F%2Fdocs.github.com%2Fapps%2Fmanaging-oauth-apps%2Ftroubleshooting-authorization-request-errors%2F%23redirect-uri-mismatch HTTP/1.1" 302 - "https://sonarq.birdz.com/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36" "AYD+ETc4oyzAlBoJAL1v"

So you have a redirect_uri_mismatch because your redirect_uri does not match the registered callback URL for this SonarQube OAuth integration.

You need to set callback URL of GitHub App to the public URL for your SQ server.

Emmanuel_Prou · June 7, 2022, 8:12am

This was indeed the problem !
Thank you very much @Fan_Yang !!!

system · June 17, 2022, 3:42pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.