add-to-project icon indicating copy to clipboard operation
add-to-project copied to clipboard
verified publisher icon actions

Bad Credentials error when run in organization using service account

Open JN-Hernandez opened this issue 3 years ago • 3 comments

I'm able to run the add-to-project GitHub Action workflow without any issue in a personal repo, and feeling pleased with it, tried to implement it for my organization. Unfortunately, I haven't been able to make it work: I keep getting a "Bad Credentials" error message.

After pushing the add-to-project.yml to the repo, I used a service account with organization 'member' privileges to create a PAT (ensuring it had the same secret name indicated in the .yml file), giving it the 'repo', 'project', and 'workflow' scopes. I then added this service account to the repo as a collaborator with owner/admin rights. Next, I added a repository secret (named the same secret name indicated in the .yml file) to the repo. Testing at this point resulted in a "Bad Credentials" error.

After conducting research, added the following scopes to the token:

  • write:org
  • read:org

Testing of this change did not work. More research found that some people had to added these additional scopes:

  • manage_runners:org
  • manage_runners:enterprise

Testing of this scope update still did not work, so I conducted more troubleshooting with the following attempts:

  • Creating the PAT from my personal account which has full owner/admin access of the entire org (set as owner/admin to repo)
  • Creating the PAT from a different service account which has full owner/admin access of the entire org (set as owner/admin to repo)
  • Updating the PAT to have full scope rather than limited to just 'repo', 'project', and 'workflow'
  • Create environment secret instead of repo secret (done with service account 1 and service account 2)
  • Create org secret instead of repo secret (done with service account 1 and service account 2)

Each test run resulted in the same "Bad Credentials" error. Not sure if I hit a bug, or if implementation for an org is different.

JN-Hernandez avatar Sep 13 '22 17:09 JN-Hernandez

In this issue https://github.com/actions/add-to-project/issues/264 I see the output that for organizations a Github App is recommended but this is not documented in this README so maybe you need an App. I also wanted to have a similar setup (and assume many other people will do) but the access issues seem to be really annoying. Even having to add a PAT on the organizational level is difficult and there should be a way to link a Project to a repo IMO.

kuzdogan avatar Nov 23 '22 16:11 kuzdogan

I just wanted to say that I also had the same issue. Hoping this issue will be resolved soon 😄

luis-ok avatar Nov 30 '22 15:11 luis-ok

I also have the same issue. And it is complicated by the action not working with Projects (classic). I migrated my project to an org project and now have to deal with authentication at the org level rather than repo level.

natke avatar Jan 05 '23 19:01 natke