How to setup drone server to work with github oauth - oauth

I am trying to setup a local drone server to be used as our CI environment. Our source code is managed by Github.
First, I create an oauth application on Github and get the client_id and client_secret.
Then install docker and drone, after that I did below configuration on /etc/drone/dronerc
REMOTE_DRIVER=github
REMOTE_CONFIG=https://github.com?client_id=XXXXXX&client_secret=XXXXXX
DATABASE_DRIVER=sqlite3
DATABASE_CONFIG=/var/lib/drone/drone.sqlite
Then I run below command to start drone docker container:
sudo docker run \
--volume /var/lib/drone:/var/lib/drone \
--volume /var/run/docker.sock:/var/run/docker.sock \
--env-file /etc/drone/dronerc \
--restart=always \
--publish=80:8000 \
--detach=true \
--name=drone \
drone/drone:0.4
I access the drone link on the browser, I can see a login button. As shown below.
When I click on the login button, my callback url is notified with below error message:
error=redirect_uri_mismatch&error_description=The+redirect_uri+MUST+match+the+registered+callback+URL+for+this+application.
Below is the server code for the Github callback url:
get '/oauth/authorize' do
# get temporary GitHub code...
session_code = request.env['rack.request.query_hash']['code']
# ... and POST it back to GitHub
result = RestClient.post('https://github.com/login/oauth/access_token',
{:client_id => CLIENT_ID,
:client_secret => CLIENT_SECRET,
:code => session_code},
:accept => :json)
# extract the token and granted scopes
access_token = JSON.parse(result)['access_token']
redirect 'http://10.0.0.24/'
end
In the last line of the above code, the redirect address is drone server address.
I may be do a wrong thing on the OAuth authentication part but I don't know how to do that in a correct way. Does anyone know how to implement that part to allow drone to get access on my Github account?
Thanks

When you create the Drone application in GitHub there is a redirect url field that should be set to something like http://hostname.com/authorize
When performing the oauth flow, Drone provides a redirect_url query parameter to GitHub indicating where to redirect after successful login. The below error message suggests the redirect_url query parameter does not match what was configured in GitHub
The+redirect_uri+MUST+match+the+registered+callback+URL+for+this+application
From the github documentation
If you provide a redirect_uri that doesn't match what you've registered with your application, GitHub will redirect to the registered callback URL with the following parameters summarizing the error
Note that these values must be an exact match. Even a simple http vs https mismatch will cause an error.
It is a bit unclear what the purpose of the Ruby code is, since Drone is written in Go. So unfortunately that is not something I am able to comment on.
I can say the most common error is incorrectly configuring the redirect url, or running Drone behind a reverse proxy without configuring X-Forwarded-For and X-Forwarded-Proto per the documentation. Drone uses these values, when running behind a reverse proxy, to determine its own URL which is in turn used when setting the redirect_url value.

Related

Jenkins "Error 403 No valid crumb was included in the request"

I am trying to trigger a Jenkins build by post request from my Windows computer, using the following commands.
First, I obtain the crumb using...
curl http://JENKINS-URL/crumbIssuer/api/xml?xpath=//crumb
The response is this...
<crumb>string-of-digits<\crumb>
I then use the command
curl -u USERNAME:PASSWORD -X POST -H "Jenkins-Crumb:string-of-digits" http://JENKINS-URL/job/my-job/buildWithParameters?token=my-token
The username is correct, the password is correct, the crumb is exactly the string of digits that I got from the first command (everything between the crumb> at the beginning and <\crumb> at the end), the token matches the token I have specified in Jenkins. But still, I am getting the response
Error 403 No valid crumb was included in the request
In Configure Global Security -> CSRF Protection, I also have "Enable proxy compatibility" checked and am using "Default Crumb Issuer".
Does it look like I am missing anything here? Forgetting any steps? Improperly formatted commands? Anything else you might be able to think of?
I have followed the steps and formatted my command like the solution here as well, and still no luck..
https://linuxacademy.com/community/posts/show/topic/28964-no-valid-crumb-was-included-in-the-request
In addition to this, I have also tried saving the cookies from the first request to get the crumb, and then I pass the file I saved the cookies to into the second curl command, see below for the command. Still I am getting the 403 No valid crumb...
Here are the commands using cookies...
wget --keep-session-cookies --save-cookies cookies.txt --auth-no-challenge --user admin --password my_password -q --output-document - http://JENKINS-URL/crumbIssuer/api/xml?xpath=//crumb
curl --cookie cookies.txt -u admin:my_password -H "JenkinsCrumb: string-of-digits-from-stdout" -X POST http://JENKINS-URL/job/my-job/buildWithParameters?token=my-token
I have finally discovered the answer. I thought that I could specify my actual account password, but it turns out that I needed to use an API token to authenticate. Using the API token instead of my password on the above commands with cookies allowed me to trigger my build remotely.
enter image description here
I finally resolved this issue by selecting the jenkins own user database in security realm

How to pass crumb info via bitbucket-hook to jenkins?

curl -X POST http://xxx.yyy.zzz:5555/job/job-name/build --user john-devops-jenkins:11df3ed41129c5c7da1518e9c3149896de -H 'Jenkins-Crumb:31827a74a160347a641c87ddbc8e3b6e'
The above curl code with a post request is absolutely working fine in triggering the Jenkins build.
Tried:
http://xxx.yyy.zzz:5555/bitbucket-hook?token=auth_token&crumb=xyz_crumb
http://xxx.yyy.zzz:5555/job/job-name/build?token=auth_token&crumb=xyz_crumb
Error: No valid crumb was included in the request
No luck still, How to configure bitbucket hook to container header information of crumb or how to pass it via url without relying on third party plugins?
I am late here, but coming with the second edition of my answer for the folks who were blocked due to Jenkins's latest updates.
Now, with the latest Jenkins latest changes the Bitbucket webhook url looks as below:
http://jenkins-username:token-generated-for-loggedin-user#url:port/job/job-name/build?crumb=Jenkins-Crumb:crumb_long_token
Crumb long token can be generated using the below command:
wget -q --auth-no-challenge --user jenkins-username --password jenkins-password --output-document - 'http://jenkins-url:8081/crumbIssuer/api/xml?xpath=concat(//crumbRequestField,":",//crumb)'
The output will be: Jenkins-Crumb:6f2dcf2182efd19511b2ebf7b787e%
To fetch token-generated-for-loggedin-user
You must create it going to:
http://jenkins-url:8081/user/jenkins-username/configure
In API Token, Click Generate. Once the token is Generated, save it somewhere. The same should be passed to the URL that we form later.
You can verify coming back to this URL: http://jenkins-url:8081/user/jenkins-username/configure, you will notice how many times that token was used for correct configuration.
There are a few more changes that you should do along with this.
You must install: Bitbucket, bitbucket-pipeline, strict crumb issuer plugins from Manage Jenkins
Finally, GoTo:
http://jenkins-url:8081/configureSecurity/
And in CSRF Protection
Change Default Crumb Issuer to Strict Crumb Issuer
Strict Crumb Issuer is what we installed above
A lot of effort in the investigation made this change work. Hope this helps and unblocks.
After a day of effort and brainstorming of how curl requests execute, finally resolved this issue by configuring bitbucket webhook as below:
http://jenkins-username:jenkins-password#jenkins-url:5555/job/job-name/build?crumb=crumb_token.
Hope it helps, many questions are unanswered and all are suggesting to use third party or generic-web-hooks and so on.
The CRUMB_TOKEN is nothing but AUTHENTICATION_TOKEN which we generate through Jenkins configuration
Follow these steps below to get authentication token:
Log in to Jenkins.
Click your name.
Click Configure.
Click Show API Token.
Do not get confuse with this URL: JENKINS_URL/job/policy-vault/build?token=TOKEN_NAME which is mentioned next to Trigger builds remotely input option
The correct URL which should be configured to build remotely is as below:
http://jenkins-username:jenkins-password#xxx.xxx.xxxx.xxx:5555/job/project-id/build?crumb=AUTHENTICATION_TOKEN
The Webhooks should also be configured from Bitbucket
Settings -> Repository Settings -> Webhooks
Title: PROJECT-XYZ-HOOK
URL: http://jenkins-username:jenkins-password#xxx.xxx.xxxx.xxx:5555/job/project-id/build?crumb=AUTHENTICATION_TOKEN
I am using jenkins 2.350, and it worked for me, thanks Mithun. just need to update the following part as it took a while for me to work it out.
Crumb long token can be generated using the below command:
Open the this link in browser; JENKINS_URL:PORT/crumbIssuer/api/xml
you will get;
crumb:f5a4de9c398c97d178d2bb4~~~58ee3420a1d5e91ce2a773251a092832ae116c49442007e211bac4d2cd4b07ac968783445cd49411####6cd59d6af3df1d41bf
crumbRequestField: Jenkins-Crumb
Hence your long Crumb would be as:
Jenkins-Crumb: f5a4de9c398c97d178d2bb4~~~58ee3420a1d5e91ce2a773251a092832ae116c49442007e211bac4d2cd4b07ac968783445cd49411####6cd59d6af3df1d41bf
Now add the above Crumb in the following URL at the end.
http://jenkins-username:token-generated-for-loggedin-user#url:port/job/job-name/build?crumb=Jenkins-Crumb:crumb_long_token
Rest just follow as Mithun said, Thanks

Jenkins: 403 No valid crumb was included in the request

I configured Jenkins in Spinnaker as follows and setup the Spinnaker pipeline.
jenkins:
# If you are integrating Jenkins, set its location here using the baseUrl
# field and provide the username/password credentials.
# You must also enable the "igor" service listed separately.
#
# If you have multiple Jenkins servers, you will need to list
# them in an igor-local.yml. See jenkins.masters in config/igor.yml.
#
# Note that Jenkins is not installed with Spinnaker so you must obtain this
# on your own if you are interested.
enabled: ${services.igor.enabled:false}
defaultMaster:
name: default
baseUrl: http://server:8080
username: spinnaker
password: password
But I am seeing the following error when trying to run the Spinnaker pipeline.
Exception ( Start Jenkins Job )
403 No valid crumb was included in the request
Finally, this post helped me to do away with the crumb problem, but still securing Jenkins from a CSRF attack.
Solution for no-valid crumb included in the request issue
Basically, we need to first request for a crumb with authentication and then issue a POST API calls with a crumb as a header along with authentication again.
This is how I did it,
curl -v -X GET http://jenkins-url:8080/crumbIssuer/api/json --user <username>:<password>
The response was,
{
"_class":"hudson.security.csrf.DefaultCrumbIssuer",
"crumb":"0db38413bd7ec9e98974f5213f7ead8b",
"crumbRequestField":"Jenkins-Crumb"
}
Then the POST API call with the above crumb information in it.
curl -X POST http://jenkins-url:8080/job/<job-name>/build --user <username>:<password> -H 'Jenkins-Crumb: 0db38413bd7ec9e98974f5213f7ead8b'
This solution is safe to use
We came along this issue when we changed Jenkins to be accessible via a reverse proxy.
There is an option in the "Configure Global Security" that "Enable proxy compatibility"
This helped with my issue.
Another solution
In the GitHub payload URL, make your URL look like this:
https://jenkins:8080/github-webhook/
Don’t forget to mention / at the end.
To resolve this issue I unchecked "Prevent Cross Site Request Forgery exploits" in jenkins.com/configureSecurity section and it started working.
I solved this by using an API token as a basic authentication password. Here is how:
curl -v -X POST http://jenkins-url:8080/job/<job-name>/buildWithParameters?param=value --user <username>:<token>
Note: To create the API token under the accounts icon → Configure → API Token → Add New token.
A crumb is nothing but an access token. Below is the API to get the crumb:
https://jenkins.xxx.xxx.xxx/crumbIssuer/api/json
// Replace it with your Jenkins URL and make a GET call in your Postman or REST API caller.
This will generate output like:
{
"_class": "hudson.security.csrf.DefaultCrumbIssuer",
"crumb": "ba4742b9d92606f4236456568a",
"crumbRequestField": "Jenkins-Crumb"
}
Below are more details and link related to same:
How to request for the crumb issuer for Jenkins
Jenkins wiki page.
If you are calling the same via REST API call, checkout the below link where it is explained how to do a REST call using jenkins-crumb.
https://blog.dahanne.net/2016/05/17/how-to-update-a-jenkins-job-posting-config-xml/
Example:
curl -X POST http://anthony:anthony#localhost:8080/jenkins/job/pof/config.xml --data-binary "#config.xml" -data ".crumb=6bbabc426436b72ec35e5ad4a4344687"
For the new release of Jenkins you should follow the solution below:
From Upgrading to Jenkins 2.176.3:
Upgrading to Jenkins 2.176.2 Improved CSRF protection
SECURITY-626
CSRF tokens (crumbs) are now only valid for the web session they were
created in to limit the impact of attackers obtaining them. Scripts
that obtain a crumb using the /crumbIssuer/api URL will now fail to
perform actions protected from CSRF unless the scripts retain the web
session ID in subsequent requests. Scripts could instead use an API
token, which has not required a CSRF token (crumb) since Jenkins 2.96.
To disable this improvement you can set the system property
hudson.security.csrf.DefaultCrumbIssuer.EXCLUDE_SESSION_ID to true.
Alternatively, you can install the Strict Crumb Issuer Plugin which
provides more options to customize the crumb validation. It allows
excluding the web session ID from the validation criteria, and instead
e.g. replacing it with time-based expiration for similar (or even
better) protection from CSRF
In my case, it helped for the installation of the Strict Crumb Issuer Plugin, rebooting Jenkins and applying a less strict policy for the web interface of Jenkins as it is suggested on the vendor's site.
According to Jenkins Directive
First you have to check your Jenkins version if the version is < 2.176.2 then per Jenkins guideline CSRF tokens (crumbs) are now only valid for the web session they were created in to limit the impact of attackers obtaining them. Scripts that obtain a crumb using the /crumbIssuer/api URL will now fail to perform actions protected from CSRF unless the scripts retain the web session ID in subsequent requests.
Alternatively, you can install the Strict Crumb Issuer Plugin which provides more options to customize the crumb validation. It allows excluding the web session ID from the validation criteria, and instead e.g. replacing it with time-based expiration for similar (or even better) protection from CSRF.
Steps :
you have to installed the plugin called "Strict Crumb Issuer"
Once installed restart the jenkins service
got to "Manage Jenkins" --> "Configure Global Security" --> Under CSRF Protection, select "Strict Crumb Issue" from the drop down list --> Click on Advance and uncheck everything but select "Prevent Breach Attack" option. --> Apply and save.
Now run you crumb script.
It should work now.
Check this image for your reference
You need a two-step procedure to first get a crumb from the server and then use it.
I am using this Bash script and cURL for that:
#!/bin/bash
# buildme.sh Runs a build Jenkins build job that requires a crumb
# e.g.
# $ ./buildme.sh 'builderdude:monkey123' 'awesomebuildjob' 'http://paton.example.com:8080'
# Replace with your admin credentials, build job name and Jenkins URL
#
# More background:
# https://support.cloudbees.com/hc/en-us/articles/219257077-CSRF-Protection-Explained
USERPASSWORD=$1
JOB=$2
SERVER=$3
# File where web session cookie is saved
COOKIEJAR="$(mktemp)"
CRUMB=$(curl -f -u "$USERPASSWORD" --cookie-jar "$COOKIEJAR" "$SERVER/crumbIssuer/api/xml?xpath=concat(//crumbRequestField,%22:%22,//crumb)")
status=$?
if [[ $status -eq 0 ]] ; then
curl -f -X POST -u "$USERPASSWORD" --cookie "$COOKIEJAR" -H "$CRUMB" "$SERVER"/job/"$JOB"/build
status=$?
fi
rm "$COOKIEJAR"
exit $status
Here is an example of executing this script with the parameters you need:
./buildme.sh 'builderdude:monkey123' 'awesomebuildjob'
Output:
'http://paton.example.com:8080'
This script will return an error code if one of the cURL command fails for any reason.
More details can be found from cloudbees.
I did get the same "403 No valid crumb was included in request" error when I created a Jenkins job from a Java program using jenkins-client library, i.e., com.offbytwo.jenkins. Then I used the Jenkins API token instead of password in the following code. Now, the issue is fixed.
JenkinsServer jServer = new JenkinsServer(new URI(jenkins_url), jnkn_username, jnkn_password);
We can generate an API token from the Jenkins console. Profile → Configure → API Token (Add new token).
The same API token can also be used instead of a password with curl.
curl -v -X POST http://jenkins-url:port/job/<job-name>/buildWithParameters?param=value --user <jen_username>:<jenkins_api_token>
I lost a bunch of time trying to figure this out. At the end, I just installed the plugin Build Authorization Token Root and enabled build permissions to anonymous users.
At the end doesn't really matter, because the Jenkins instance is behind a VPN and I'm using https://smee.io to forward the webhook to the Jenkins instance.
Also the Jenkins instance is behind a reverse proxy, so the "Enable proxy compatibility" option is checked as well, and the "ignore_invalid_headers" setting set to off in the Nginx configuration at the server level. I am sharing my solution just in case someone else is struggling as well. I'm sure there are better ways to do it, but this is one option.
Note that with this plugin the build URL is set to buildByToken/build?job=JobName&token=TokenValue and the token is generated in the job settings.
This is in Jenkins 2.235.2 which doesn't have an option to disable CSRF.
Since this question is the first SO link when searching for "No valid crumb was included in the request" in Google, I think it's worth mentioning that the same error is generated if you omit/forget the Authorization HTTP header or use a blank username/password:
Relevant error messages related to the Authorization header are only generated when a value is passed:
And, yes, the crumb passed in the first screenshots is actually valid; everything works with the correct username/password:
So, not sure if that's a bug or not, but "No valid crumb was included in the request" could also mean you accidentally forgot the Authorization header.
Jenkins 2.222.3, Ubuntu Server 20.04, Java Runtime 1.8.0_252-8u252-b09-1ubuntu1-b09
For me, the below solutions work in Bitbucket:
I updated the URL to:
http://jenkinsurl:8080/bitbucket-hook/
Bitbucket Webhook:
Visiting Jenkins with https://... instead of http://... solved the problem for me.
For me the solution was to pass the X-Forwarded-Host and X-Forwarded-Port headers
as suggested in the reverse-proxy-configuration-troubleshooting chapter of the Handbook.
HaProxy config, inside the frontend section:
http-request set-header X-Forwarded-Host %[hdr(host)]
http-request set-header X-Forwarded-Port %[dst_port]
I had the same issue while using a GitLab webhook with a Jenkins Multibranch pipeline.
On the GitLab webhook page, I changed the Jenkins job URL base path word job to project, as I found on in this link:
From: http://127.0.0.1:8080/job/user-test-repo
To: http://127.0.0.1:8080/project/user-test-repo
I followed this comment: In Dashboard → Manage Jenkins → Configure Global Security. Under CSRF Protection, choose option Enable proxy compatibility. It works for me.
When I was trying to build a job in Jenkins by following options like build steps, accessing Git code, whatever the options, etc., I
faced the error
jenkins-403-no-valid-crumb-was-included-in-the-request
Seriously, I tried a number of ways to resolve it... But there wasn't any luck...!
Surprisingly, I changed my Wi-Fi network, and then it worked.
In my case, I was able to bypass the error by using Remote Desktop into the Jenkins server directly and using
a localhost-based URL instead of trying to go through the corporate proxy from my computer.
I also faced a similar problem. I was using a password instead of a token.
When updated, it solved my problem. There isn't any need to uncheck anything and make it insecure. Below are the complete steps that I followed to have Jenkins CLI working:
Step 1: Prepare environment variables
export JENKINS_URL=http://localhost:8080/
export JENKINS_USER=admin
export JENKINS_PASSWORD=b7f04f4efe5ee117912a1.....
export JENKINS_CRUMB=f360....
export FOLDER=test
Obtain a token as:
How to get the API token for Jenkins
Get the crumb as:
http://localhost:8080/crumbIssuer/api/json
Step 2: Prepare the XML file, file name creds.xml
<com.cloudbees.plugins.credentials.impl.UsernamePasswordCredentialsImpl>
<scope>GLOBAL</scope>
<id>TEST-CLI</id>
<username>test</username>
<password>test123</password>
<description>this secret if created confirms that jenkins-cli is working</description>
</com.cloudbees.plugins.credentials.impl.UsernamePasswordCredentialsImpl>
Step 3: POST using cURL
curl -X POST -u $JENKINS_USER:$JENKINS_PASSWORD -H "Jenkins-Crumb:${JENKINS_CRUMB}" -H 'content-type:application/xml' -d #creds.xml "$JENKINS_URL/job/$FOLDER/credentials/store/folder/domain/_/createCredentials"
Here is my solution to this issue (Git hooks to launch a Jenkins job behind a reverse proxy).
Get the crumb from a first call and store the sessionid in a cookie jar:
CRUMB=$(/usr/bin/curl --cookie-jar ./cookie -sX GET https://******.net/crumbIssuer/api/json|cut -d'"' -f8)
Launch the job:
/usr/bin/curl --cookie ./cookie -X POST https://******.net/job/PROJECTNAME/build -H "Jenkins-Crumb: $CRUMB"
The guide CSRF Protection Explained explains how to generate a Jenkins crumb, save the cookies and use both the crumb and the saved cookies in the subsequent requests that require authentication. This is a must for Jenkins after version 2.176.2.
For Java code to access the Jenkins API I will let my advise out.
The answer of Santhosh does resolve the problem. That consists in changing the password for a token, but as far as I know, the token is now a legacy manner to do it.
So I tried other way, and find out a solution inside Java code.
Here how I did it.
In my Java code I use the com.offbytwo.jenkins package and the class that I use is JenkinsServer.
My problem was to create a job in Jenkins because I was getting an error: "403 No valid crumb was included in request"
Then I found a Boolean parameter called crumbFlag and passed true on it and everything worked.
My code was like this:
jenkins.createJob(job.getName(), config);
Then, I changed for this, and it worked like a charm:
jenkins.createJob(job.getName(), config, true);
This parameter is inside almost all methods of this package, by example:
createJob(String jobName, String jobXml, Boolean crumbFlag)
updateJob(String jobName, String jobXml, boolean crumbFlag)
renameJob(String oldJobName, String newJobName, Boolean crumbFlag)
Others.
The technical documentation inside the code is:
#param crumbFlag true to add crumbIssuer
* false otherwise.
I understood if you pass true for this parameter it will issue a crumb automatically.
Well, the official documentation has this information in detail. If you wish, take a look here:
Class JenkinsServer
I had the same issue when trying to set up a GitHub project with the GitHub Pull Request Builder plugin.
Here is an example of the response I was getting from my Jenkins server
Response content
The problem was happening because my payload URL was missing a forward slash at the end, /.
adding a forward slash at the end of the URL solves the problem
your payload URL should look like this: https://jenkins.host.com/ghprbhook/
Examples after adding the forward slash
I am running with a reverse proxy with nignx. I changed a Jenkins option in the "Configure Global Security", that "Enable proxy compatibility".
This fixed with my issue.
First create a user API token by going to user → API Token → Add new token.
Then use the below script for triggering.
import jenkins,requests
job_name='sleep_job'
jenkins_url = "http://10.10.10.294:8080"
auth = ("jenkins","1143e7efc9371dde2e4f312345bec")
request_url = "{0:s}/job/{1:s}/buildWithParameters".format(jenkins_url,
job_name, )
crumb_data = requests.get("{0:s}/crumbIssuer/api/json".format(jenkins_url),
auth=auth, ).json()
headers = {'Jenkins-Crumb': crumb_data['crumb']}
jenkins_job_params={}
jenkins_job_params['NODE_NAME']='10_10_1_29'
jenkins_job_params['SLEEP_TIME']='1h'
response = requests.post(request_url, data=jenkins_job_params, auth=auth, )
response.raise_for_status()
Head over to Manage Jenkins => Configure global security.
Then uncheck "Prevent Cross Site Request Forgery exploits"
I have run into the same issue. I have only refreshed my browser, logged back in to Jenkins, did the same process and everything worked.

Is it possible to use some auth credentials of travis-ci or my user to use github api

for Testing on Travis-CI I need to download some projects from github by wget. Here is what I have in travis logs:
Requesting a tar: 'wget https://api.github.com/repos/apache/hbase/tarball/1.1.0.1 -O src/main/java/apache-hbase.tar.gz'
--2015-06-28 18:24:16-- https://api.github.com/repos/apache/hbase/tarball/1.1.0.1
Resolving api.github.com (api.github.com)... 192.30.252.139
Connecting to api.github.com (api.github.com)|192.30.252.139|:443... connected.
HTTP request sent, awaiting response... 403 Forbidden
2015-06-28 18:24:16 ERROR 403: Forbidden.
Github support explained that as:
You're probably hitting the rate limit for unauthenticated requests:
https://developer.github.com/v3/#rate-limiting
If you switch to making authenticated requests -- you should get a
much better API rate limit. We don't provide support for the Travis
platform, so you should reach out to Travis support to understand the
options for making authenticated requests using their platform.
So questions is: is it possible to safely reuse Travis-CI credentials or credentials of my travis user to work with github api without limitations of 60 request per hour?
You should be able to use a Github OAuth token by storing it securely in an encrypted variable in Travis CI and then passing it to your wget call like this:
// First encrypt your Github OAuth token
travis encrypt MY_GITHUB_OAUTH_TOKEN=token --add
The previous call will automatically add the environment variable hash to your .travis.yml file.
Then you should be able to use it like this in your wget call:
wget \
--header='Authorization: token $MY_GITHUB_OAUTH_TOKEN' \
https://api.github.com/repos/apache/hbase/tarball/1.1.0.1 \
-O src/main/java/apache-hbase.tar.gz
Hope this helps!

Use Redmine REST API for authentication

I am working on a service which requires authentication.
I would like to base the authentication on my Redmine and grant access to registered users which are members in a private project.
The membership I have figured out:
curl -v -u account:secret \
https://myredmine/projects/private/memberships.json
But how to find out if a user can authenticate?
Use /users/current.json:
curl -v -u account:secret \
https://myredmine/users/current.json
It will return 401 if the user fails to login.
Add ?include=memberships to the URL to retrieve a list of associated projects.
I don't think it will work with OpenID though.
Use the built-in API. You can enable it for each user, once you get the key:
// Pseudo-code
api_key = '65454ftfg53543f34g34f23g'
url = "http://www.myredminesite.com/projects/my_project/issues.json?key=" + api_key
You can enable the API key if you log in and click on "My Account", then on the right should be your API access key.project.
There where some issues with older version I think. I run Redmine 2.1.2.stable and that works great.

Resources