Response status code does not indicate success: 403

jan.wagrowski · June 30, 2022, 7:52am

ALM used dev.azure.com
CI system used Azure Pipelines
Languages of the repository C#

Issue starts appearing on Azure pipeline during SonarCloudPrepare step.

we get error:
Failed to request and parse ‘https://sonarcloud.io/api/qualityprofiles/search?project=obfuscated&organization=obfuscated’: Response status code does not indicate success: 403 ().

Colin · June 30, 2022, 8:39am

Hey there.

This would indicate that the token provided to your SonarCloud Service Connection (that you’ve then elected to use in your Azure DevOps pipeline configuration) doesn’t have the correct permissions.

I would recommend using a new token generated from SonarCloud, generated by a user you’re sure has access to the project in question.

jan.wagrowski · June 30, 2022, 2:02pm

but the issue still exists.

Colin · June 30, 2022, 2:39pm

While this indicates a successful connection to SonarCloud, it doesn’t mean that token has rights on the project. Did you generate a new token that is being used here, from a user you know has access to the project you’re trying to analyze?

MAmmerlaan · February 27, 2023, 10:45am

Hmm… I have the same issue. But am struggling to break through.

Token is freshly generated.
I am project admin (and have logged out, and relogged since I was granted admin)

When pulling the mentioned URL just in the browser. I get a code 200, and about 600 lines of json code.

malighieri · August 11, 2023, 5:53am

I’m having the same issue here. Full permission to my user on organization and project. Fresh token, and still having de 403 response.
One thing that I noticed, I’m using the SonarScanner with the following command:

SonarScanner.MSBuild.exe begin /o:“my-organization” /k:“my-project-key” /d:sonar.host.url=“https://sonarcloud.io” /d:sonar.token=“my-token”

On my profile, in security section, I can see the token that was generated, and it shows the token was never used.

I generated another token, and tried again, and still have de 403 response and the new token also shows it was never used.

So, I did use the first one token to connect SonarLint on Visual Studio and it was done with no errors, and after that, the token shows it was used less than one hour ago.

What is possibly wrong with the command I’m using that the token seems not being using on the request?

malighieri · August 11, 2023, 6:27am

This post helped me solve the problem.

When using SonarCloud the parameter to informe the token must be sonar.login and not sonar.token as I was using.

malighieri · August 11, 2023, 7:20am

Well, after all, I just discovered I was using an old version of sonar scanner that does not support sonar.token parameter. I updated to the latest version and it says now supports sonar.token parameter as well as token.login