vscode-pull-request-github: Failure to authenticate and load PRs and Issues in GitHub Enterprise

Creating a new issue from https://github.com/microsoft/vscode-pull-request-github/issues/3371#issuecomment-1253800533. I tested GitHub Enterprise support this morning with VSCode Insiders and still was not able to sign in with GitHub Enterprise.

Background info:

Extension version: v0.51.2022092110
VSCode Insiders version: 1.72.0-insider (Universal), Commit: 333754f29b719f605904f072b13c054c2231b9bd
GHES version: 3.3.3
OS, Arch: MacOS 12.6, ARM

Settings (host name redacted)

"github-enterprise.uri": "https://github.host.com/",
"githubPullRequests.logLevel": "debug",

Steps to Reproduce:

Loaded Insiders. I only see a prompt for GitHub auth flow and not for GitHub Enterprise auth flow.
Go through GitHub auth and login. Cancelling login does not show the GitHub Enterprise auth flow, only a successful login to GitHub does. logout after initial login.
Immediately logging out of GitHub auth or proceeding straight to GitHub Enterprise auth flow seems to make no difference in subsequent steps.
Go through GitHub Enterprise auth flows.
1. OAuth browser flow fails.
2. Local server flow fails.
3. Device activation succeeds.
The extension still fails to properly load PRs and issues

From these steps and the logs below, I noticed some things

VSCode does not understand that I only want to login to GHES. I have to go through the GitHub flow directly first for GitHub Enterprise auth flow to show. This might be the source of the issue?

It looks like the GitHub Enterprise auth tries to load two different sessions, one with and one without workflow scope. The one without workflow scope is found but the one with workflow scope is not found. See full logs below for more details.

[2022-09-21 11:20:02.418] [GitHub Enterprise Authentication] [info] Got 1 verified sessions.
[2022-09-21 11:20:02.418] [GitHub Enterprise Authentication] [info] Got 0 sessions for read:user,repo,user:email,workflow...
[2022-09-21 11:20:02.419] [GitHub Enterprise Authentication] [info] Getting sessions for read:user,repo,user:email...
[2022-09-21 11:20:02.419] [GitHub Enterprise Authentication] [info] Got 1 sessions for read:user,repo,user:email...

Do I need to manually clear the keychain on the OS somehow? Could prior login attempts be conflicting there?

Additional log details for the authentication extension logs:

Log (GitHub Enterprise Authentication)

[2022-09-21 11:19:19.414] [GitHub Enterprise Authentication] [info] Getting sessions for all scopes...
[2022-09-21 11:19:19.414] [GitHub Enterprise Authentication] [info] Got 0 sessions for ...
[2022-09-21 11:19:24.036] [GitHub Enterprise Authentication] [info] Reading sessions from keychain...
[2022-09-21 11:19:24.041] [GitHub Enterprise Authentication] [info] Getting sessions for read:user,repo,user:email,workflow...
[2022-09-21 11:19:24.049] [GitHub Enterprise Authentication] [info] Got stored sessions!
[2022-09-21 11:19:24.049] [GitHub Enterprise Authentication] [info] Got 0 verified sessions.
[2022-09-21 11:19:24.049] [GitHub Enterprise Authentication] [info] Got 0 sessions for read:user,repo,user:email,workflow...
[2022-09-21 11:19:24.052] [GitHub Enterprise Authentication] [info] Getting sessions for read:user,repo,user:email...
[2022-09-21 11:19:24.052] [GitHub Enterprise Authentication] [info] Got 0 sessions for read:user,repo,user:email...
[2022-09-21 11:19:24.053] [GitHub Enterprise Authentication] [info] Getting sessions for read:user,repo,user:email,workflow...
[2022-09-21 11:19:24.053] [GitHub Enterprise Authentication] [info] Got 0 sessions for read:user,repo,user:email,workflow...
[2022-09-21 11:19:24.071] [GitHub Enterprise Authentication] [info] Getting sessions for read:user,repo,user:email...
[2022-09-21 11:19:24.071] [GitHub Enterprise Authentication] [info] Got 0 sessions for read:user,repo,user:email...
[2022-09-21 11:19:24.788] [GitHub Enterprise Authentication] [info] Getting sessions for all scopes...
[2022-09-21 11:19:24.788] [GitHub Enterprise Authentication] [info] Got 0 sessions for ...
[2022-09-21 11:19:28.631] [GitHub Enterprise Authentication] [info] Logging in for the following scopes: read:user repo user:email
[2022-09-21 11:19:28.633] [GitHub Enterprise Authentication] [info] Trying without local server... (read:user repo user:email)
[2022-09-21 11:19:34.770] [GitHub Enterprise Authentication] [info] Exchanging code for token...
[2022-09-21 11:19:35.761] [GitHub Enterprise Authentication] [error] GitHubTokenExchangeError: Internal Server Error
	at v.exchangeCodeForToken (/Applications/Visual Studio Code - Insiders.app/Contents/Resources/app/extensions/github-authentication/dist/extension.js:1:716366)
	at process.processTicksAndRejections (node:internal/process/task_queues:96:5)
	at async /Applications/Visual Studio Code - Insiders.app/Contents/Resources/app/extensions/github-authentication/dist/extension.js:1:711948
[2022-09-21 11:19:42.690] [GitHub Enterprise Authentication] [info] Trying with local server... (read:user repo user:email)
[2022-09-21 11:19:43.976] [GitHub Enterprise Authentication] [info] Exchanging code for token...
[2022-09-21 11:19:44.993] [GitHub Enterprise Authentication] [error] GitHubTokenExchangeError: Internal Server Error
	at v.exchangeCodeForToken (/Applications/Visual Studio Code - Insiders.app/Contents/Resources/app/extensions/github-authentication/dist/extension.js:1:716366)
	at process.processTicksAndRejections (node:internal/process/task_queues:96:5)
	at async /Applications/Visual Studio Code - Insiders.app/Contents/Resources/app/extensions/github-authentication/dist/extension.js:1:713109
[2022-09-21 11:19:47.356] [GitHub Enterprise Authentication] [info] Trying device code flow... (read:user repo user:email)
[2022-09-21 11:20:01.639] [GitHub Enterprise Authentication] [info] Getting user info...
[2022-09-21 11:20:02.306] [GitHub Enterprise Authentication] [info] Got account info!
[2022-09-21 11:20:02.312] [GitHub Enterprise Authentication] [info] Storing 1 sessions...
[2022-09-21 11:20:02.384] [GitHub Enterprise Authentication] [info] Reading sessions from keychain...
[2022-09-21 11:20:02.384] [GitHub Enterprise Authentication] [info] Stored 1 sessions!
[2022-09-21 11:20:02.384] [GitHub Enterprise Authentication] [info] Login success!
[2022-09-21 11:20:02.416] [GitHub Enterprise Authentication] [info] Getting sessions for read:user,repo,user:email,workflow...
[2022-09-21 11:20:02.418] [GitHub Enterprise Authentication] [info] Token acquired from secret storage.
[2022-09-21 11:20:02.418] [GitHub Enterprise Authentication] [info] Got stored sessions!
[2022-09-21 11:20:02.418] [GitHub Enterprise Authentication] [info] Read the following session from the keychain with the following scopes: read:user repo user:email
[2022-09-21 11:20:02.418] [GitHub Enterprise Authentication] [info] Got 1 verified sessions.
[2022-09-21 11:20:02.418] [GitHub Enterprise Authentication] [info] Got 0 sessions for read:user,repo,user:email,workflow...
[2022-09-21 11:20:02.419] [GitHub Enterprise Authentication] [info] Getting sessions for read:user,repo,user:email...
[2022-09-21 11:20:02.419] [GitHub Enterprise Authentication] [info] Got 1 sessions for read:user,repo,user:email...

GitHub Pull Request

[Debug 1663773968.476s] RateLimit> API call count: 17 (/user)
[Debug 1663773968.481s] RateLimit> API call count: 18 (/user)
[Debug 1663773968.901s] RateLimit> Rate limit remaining: 4982
[Debug 1663773968.906s] RateLimit> API call count: 19 (/user)
[Debug 1663773969.04s] RateLimit> Rate limit remaining: 4981
[Debug 1663773969.04s] RateLimit> API call count: 18 (/user)
[Debug 1663773969.227s] RateLimit> Rate limit remaining: 4980
[Debug 1663773969.229s] No remotes found. The following remotes are missing: origin, upstream
[Debug 1663773969.229s] FolderRepositoryManager> Displaying configured remotes: origin, upstream
[Debug 1663773969.23s] No GitHub remotes found
[Debug 1663773969.24s] Authentication> No GitHub Enterprise token found.
[Debug 1663773969.24s] Review> Queuing additional validate state
[Debug 1663773969.24s] Review> Validating state...
[Debug 1663773969.241s] No remotes found. The following remotes are missing: origin, upstream
[Debug 1663773969.241s] FolderRepositoryManager> Displaying configured remotes: origin, upstream
[Debug 1663773969.271s] No GitHub remotes found
[Debug 1663773969.315s] Review> no matching pull request metadata found for current branch <branch>
[Debug 1663773969.315s] Review> no matching pull request metadata found on GitHub for current branch <branch>
[Debug 1663773969.315s] PullRequestTree> Removing PR #undefined from tree
[Debug 1663773969.353s] RateLimit> Rate limit remaining: 4979
[Debug 1663773969.353s] No remotes found. The following remotes are missing: origin, upstream
[Debug 1663773969.353s] FolderRepositoryManager> Displaying configured remotes: origin, upstream
[Debug 1663773969.353s] No GitHub remotes found
[Debug 1663774029.682s] RateLimit> API call count: 19 (/user)
[Debug 1663774030.116s] RateLimit> Rate limit remaining: 179986
[Debug 1663774030.12s] RateLimit> API call count: 20 (/user)
[Debug 1663774030.61s] RateLimit> Rate limit remaining: 179985
[Debug 1663774030.627s] No remotes found. The following remotes are missing: origin, upstream
[Debug 1663774030.627s] FolderRepositoryManager> Displaying configured remotes: origin, upstream
[Debug 1663774030.637s] No GitHub remotes found

About this issue

Original URL
State: closed
Created 2 years ago
Comments: 28 (12 by maintainers)

Commits related to this issue

Add logging of rate_limit response headers Part of investigation for #3973 — committed to microsoft/vscode-pull-request-github by alexr00 2 years ago
Add logging of rate_limit response headers (#4016) Part of investigation for #3973 — committed to microsoft/vscode-pull-request-github by alexr00 2 years ago
Try a fallback when server doesn't have known headers Fixes #3973 — committed to microsoft/vscode-pull-request-github by alexr00 2 years ago
Try a fallback when server doesn't have known headers (#4040) Fixes #3973 — committed to microsoft/vscode-pull-request-github by alexr00 2 years ago
Try to correctly handle unauthed enterprise Fixes #3973 — committed to microsoft/vscode-pull-request-github by alexr00 2 years ago
Try to correctly handle unauthed enterprise (#4044) Fixes #3973 — committed to microsoft/vscode-pull-request-github by alexr00 2 years ago
Log server response when detecting enterprise Fixes #3973 — committed to microsoft/vscode-pull-request-github by alexr00 2 years ago
Log server response when detecting enterprise (#4071) Fixes #3973 — committed to microsoft/vscode-pull-request-github by alexr00 2 years ago
Offer Enterprise button when remote is unknown Fixes #3973 — committed to microsoft/vscode-pull-request-github by alexr00 2 years ago
Offer Enterprise button when remote is unknown (#4096) Fixes #3973 — committed to microsoft/vscode-pull-request-github by alexr00 2 years ago

Most upvoted comments

Thanks for verifying that the issue is fixed!

If you feel confident the first two auth options fail because of issues with your Enterprise setup, then I don’t think we need to create an issue for that. If you think that those two options should be working, then yes, please do file an issue!

alexr00 on Oct 24, 2022

Thanks for your patience and help with this @wrslatz. I think I found the problem. I’ll let you know it’s available in a pre-release build (should be tomorrow).

alexr00 on Oct 12, 2022

At the bottom of the activity bar (by default the bottom left corner of VS Code) there’s an “Accounts” icon. Can you try signing out of your GitHub Enterprise account from there, reload the window, then sign back in using the “Sign in” button in GitHub view?

alexr00 on Sep 29, 2022

Sorry for the delay in responding to this!

I have to go through the GitHub flow directly first for GitHub Enterprise auth flow to show.

You might need to wait 5 seconds before signing in, but you should get taken directly to the GitHub Enterprise auth flow. The delay comes from this extension waiting for the git extension to provide some information. I’ll see if I can wait to show the button until we’ve reached that point. We were also falling back to a github.com login in the enterprise login didn’t work. I’m removing that fallback when we are very sure that the open repo is enterprise.

Actually, it looks like all auth flows are trying to login without workflow scope. Not sure if that is intended or not.

We updated our scopes to include workflow 5 months ago. To make it easier on our users, we continue to accept logins that were missing workflow. For this reason you will see some logs that don’t contain the workflow scope. You should never actually be prompted to log in without the workflow scope though, which leads me to:

The extension still fails to properly load PRs and issues

I haven’t been able to reproduce this issue. Are you using an official VS Code build? There are quirks in auth for unofficial builds, so knowing whether you’re using an official build will help narrow down the issue.

alexr00 on Sep 29, 2022

New behavior: If we can’t tell that the remote is github.com or GitHub Enterprise there will be a “Sign in with GitHub Enterprise” button in the GitHub view. If you choose that then we’ll try to help you set up GitHub Enterprise. Sixth time’s the charm 😅.

The change is available in the latest pre-release version of the extension with VS Code insiders.

alexr00 on Oct 21, 2022

Thanks for sticking with this @wrslatz. It seems that your GitHub Enterprise server isn’t providing any information at all that we can use to know that it’s actually GitHub Enterprise. I’ll need to add a separate “Sign in with GitHub Enterprise” button since it seems that there are cases where the Enterprise server is simply not configured to respond in a known way.

alexr00 on Oct 20, 2022

Ok, seems like there’s still some difference between what the server I’m testing with and the one that you’re using returns. I assumed that they’d return the same unauthenticated response, but it seems that yours doesn’t return a json response. I’m adding logging for the server response so we can see what your server is returning. Thanks again for persisting on this!

alexr00 on Oct 17, 2022

Thanks for all the logs. This seems to be the important line, which indicates that your git remote doesn’t appear to be a GitHub remote:

[Debug 1664824385.41s] GitHubServer> Host https://github.host.com/org/repo is associated with GitHub: 0

In the extension, we make a request to your host then check to see if the headers in the response include x-github-request-id. This is how we tell if the git remote is actually a GitHub (enterprise or not) remote.

It looks like your enterprise server isn’t responding with that header. I don’t know why that might be the case. I’ve tested with GitHub Enterprise 3.3, and the expected headers are in the response there. If you’re ok with emailing me the URL of your enterprise host, then please do and use the email in my profile. In parallel, I will add some logging for these headers so I can see if there’s some other header that I should be looking for (these logging changes won’t make it into the pre-release build for a few more days as we are stabilizing for release, which is why I’m also asking for the email if possible).

alexr00 on Oct 4, 2022

One more question about your setup then: Do you have a folder open in VS Code that contains a git repo with GitHub Enterprise remotes?

Can you grab logs by doing the following:

Set "githubPullRequests.logLevel": "debug"
Reload your window
Try to log in
Share the output from GitHub Pull Requests

alexr00 on Oct 3, 2022

Can you try signing out of your GitHub Enterprise account from there, reload the window, then sign back in using the “Sign in” button in GitHub view?

Just tried that. It still defaults to logging into GitHub from the GitHub view “Sign in” button. Signing in to github.com... and opens a github.com link in the browser. GitHub Enterprise authentication never triggers.

wrslatz on Sep 30, 2022