Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Can't opt out of giving Che OAuth access to GitHub, even for public repos #21436

Closed
amisevsk opened this issue May 31, 2022 · 2 comments · Fixed by eclipse-che/che-server#338
Closed
Assignees
Labels
area/che-server area/dashboard kind/bug Outline of a bug - must adhere to the bug report template. severity/P2 Has a minor but important impact to the usage or development of the system.
Milestone

Comments

@amisevsk
Copy link
Contributor

Describe the bug

Since eclipse-che/che-server#301, Che will always prompt for OAuth access and use this if granted to simplify user setup. However, Che will refuse to start workspaces from public GitHub repos unless full read/write access is granted, even for public repos. If a user doesn't want to grant this access to Che, the workspace start fails with a plaintext page that says

Authentication failed: access_denied

Che version

next (development version)

Steps to reproduce

  1. Attempt to open factory url from github, e.g. https://github.com/che-samples/golang-example/tree/devfilev2

Expected behavior

If OAuth isn't granted, Che should fall back to an unauthenticated flow.

Runtime

OpenShift

Screenshots

che-oauth-flow

Installation method

OperatorHub

Environment

Linux

Eclipse Che Logs

No response

Additional context

Original issue: #21346

@amisevsk amisevsk added the kind/bug Outline of a bug - must adhere to the bug report template. label May 31, 2022
@che-bot che-bot added the status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. label May 31, 2022
@benoitf benoitf added severity/P2 Has a minor but important impact to the usage or development of the system. and removed status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. labels Jun 1, 2022
@benoitf
Copy link
Contributor

benoitf commented Jun 1, 2022

Hello, setting as P2 for now.
Note sure how to handle the bug. Because I assume #20583 means that if oAuth is there then you need to accept the privileges to continue.
The whole story is to be authenticated as soon as you're using the product using oAuth.

cc @l0rd for adjusting the priority

@vinokurig vinokurig self-assigned this Jul 29, 2022
@l0rd
Copy link
Contributor

l0rd commented Aug 2, 2022

This issue has been associated to this Dev Spaces issue but my understanding is this issue is about a Che cluster where OAuth has been configured whereas CRW-3201 is about a Dev Spaces cluster where OAuth has NOT been configured.

For this particular issue: we have sacrificed the UX for users that won't trust Che (a minority I hope) to improve the UX for users that want to git push from their workspace (the majority I hope). So all in all we have made some progress.

And yes, it would be cool to fix the problem for those that won't trust Che but:

  1. the fix we should not affect the UX of those that want to git push from a workspace
  2. a workaround exist: create a secret with the personal access token

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area/che-server area/dashboard kind/bug Outline of a bug - must adhere to the bug report template. severity/P2 Has a minor but important impact to the usage or development of the system.
Projects
None yet
Development

Successfully merging a pull request may close this issue.

6 participants