how do you access a jenkins api which uses Github OAuth using CURL

13
votes

I have a jenkins server using the Github OAuth plugin and authorized in the "Authorized applications" section of github, it works fine from my browser, i can access to the jenkins server as long as i'm authenticated with github.

Is there a way to access to the jenkins server api using oauth credentials/token from CURL or a ruby client?

I've generated a token in https://github.com/settings/applications -> Personal access tokens -> Generate new token (there is no option to scope it to a third party application)

that token works fine to access github :

curl -H "Authorization: token cfbcff42e6a8a52a1076dd9fcxxxxxxxxxxxxxxx" https://api.github.com/user

however, that token is not valid for jenkins-server:

curl -H "Authorization: token cfbcff42e6a8a52a1076dd9fcxxxxxxxxxxxxxxx" https://jenkins-server/user/restebanez/api/json/\?pretty\=true

It generates this error:

<html><head><meta http-equiv='refresh' content='1;url=/securityRealm/commenceLogin?from=%2Fuser%2Frestebanez%2Fapi%2Fjson%2F%3Fpretty%3Dtrue'/><script>window.location.replace('/securityRealm/commenceLogin?from=%2Fuser%2Frestebanez%2Fapi%2Fjson%2F%3Fpretty%3Dtrue');</script></head><body style='background-color:white; color:white;'>


    Authentication required
<!--
You are authenticated as: anonymous
Groups that you are in:

                        Permission you need to have (but didn't): hudson.model.Hudson.Read
 ... which is implied by: hudson.security.Permission.GenericRead
 ... which is implied by: hudson.model.Hudson.Administer
-->

</body></html>

```

the jenkins server has installed GitHub API Plugin 1.58 and Github Authentication plugin 0.19

I'm probably missing some fundamentals of oauth b/c i have googled this for a while and i haven't found anything

4
apicurlgithuboauthjenkins
Same problem here. I even tried GET('https://jenkins/securityRealm/finishLogin?code=xxxx') and it didn't work...Danilo Bargen

4 Answers

16
votes

I'm not sure if you ever got to the bottom of this, but after trying several routes I finally got a scripted build using Github OAuth on Jenkins. The trick is that the API token is not one for GitHub but rather one from Jenkins.

For my setup I have a machine user on github, I logged in normally via the web with that user, then clicked on the username in the upper right corner. From there I clicked "Configure" on the left-hand menu, and finally "Show API Token" in the main content area.

Once I had that I could run:

curl --user <username>:<api_token> https://jenkins-server/user/<username>/api/json/?pretty=true

More information.

4
votes

You should just use a Jenkins API token. This is configurable per user. See $JENKINS_URL/me

This will allow your scripted client to access Jenkins regardless of whatever authentication strategy is being used.

0
votes

You should use "Basic" rather than "token"

For example:

curl -H "Authorization: Basic cfbcff42e6a8a52a1076dd9fcxx" 
https://jenkins-server/user/restebanez/api/json
-1
votes

This worked for me (using getting commit statuses as an example):

url=https://api.github.com/repos/myowner/myrepo/commits/f40ddce88593482919761f74910f42f4b84c004b/statuses

curl -X GET -u :${GITHUB_TOKEN} ${url}