jfrog
Unable to use Reference Token with Azure DevOps Service Connection even though the connection Validates using a Reference Token
Describe the bug
[!IMPORTANT] Please see my comment below. I'm leaving the original issue as stated for broader context purposes, but the issue is not what it at first seemed. What follows below is the original issue, but please see my comment for the real issue at hand.
I have an Azure DevOps Server ServiceConnection to Artifactory which is using token-based authentication for the connection.
However, when using the JfrogDotNetCore@1 task in an Azure DevOps YAML pipeline with the following configuration:
- task: JFrogDotNetCore@1
displayName: Restore NuGet Packages
inputs:
command: restore
artifactoryConnection: ${{ parameters.artifactoryConnection }}
targetResolveRepo: ${{ parameters.artifactoryRepository }}
rootPath: ${{ parameters.solutionOrProjectPathGlob }}
collectBuildInfo: ${{ parameters.collectBuildInfo }}
${{ if eq(parameters.collectBuildInfo, true) }}:
buildName: '$(Build.DefinitionName)'
buildNumber: '$(Build.BuildNumber)'
running the build results in the following error output:
D:\Agent04\_work\_tool\dotnet\sdk\9.0.100-rc.1.24452.12\NuGet.targets(751,5): error : Value cannot be null or empty string. (Parameter 'username') [D:\Agent04\_work\111\s\src\MyProject\MyProject.csproj]
16:21:50 [Error] exit status 1
##[error]Error: Command failed: D:\Agent04\_work\_tool\jf\2.53.1\x64\jf.exe dotnet restore --build-name="my-project" --build-number="v8.0.0-ci.4.24290.73267.6360"
If I'm using a ServiceConnection, then I should not need to provide a username input to the task.
Current behavior
If you don't specify a username input to the JfrogDotNetCore@1 task in a YAML pipeline even though you are using a ServiceConnection, the task ends in an error.
Reproduction steps
Run a build pipeline with a valid task configured as shown below:
- task: JFrogDotNetCore@1
displayName: Restore NuGet Packages
inputs:
command: restore
artifactoryConnection: ${{ parameters.artifactoryConnection }}
targetResolveRepo: ${{ parameters.artifactoryRepository }}
rootPath: ${{ parameters.solutionOrProjectPathGlob }}
collectBuildInfo: ${{ parameters.collectBuildInfo }}
${{ if eq(parameters.collectBuildInfo, true) }}:
buildName: '$(Build.DefinitionName)'
buildNumber: '$(Build.BuildNumber)'
When using a ServiceConnection with token-based authentication, a username should not be required. (The Classic build pipeline editor does not prompt for a Username whin using a ServiceConnection.)
Expected behavior
The task does not require a username input when using a ServiceConnection.
Azure DevOps extension name and version
2.92 I think.....
JFrog CLI version
2.53.1
Operating system type and version
Windows Server 2019
JFrog Artifactory version (if relevant)
No response
JFrog Xray version (if relevant)
No response
JFrog Distribution version (if relevant)
No response
Never mind. So, when I created the user account for build server integration, I also created an access token, both a JWT and a Reference token. The help bubble for the Reference Token says that it can be used anywhere as a password, API Key, or, and this is the important one, a Bearer token. That, apparently, is not true, at least, not for Nuget. Here's more of the log from a failing build:
21:08:19 [Warn] couldn't extract payload from Access Token.
The provided access token is not a valid JWT, probably a reference token.
Some package managers only support basic authentication which requires also a username.
If you plan to work with one of those package managers, please provide a username.
Determining projects to restore...
D:\Agent04\_work\_tool\dotnet\sdk\9.0.100-rc.1.24452.12\NuGet.targets(751,5): error : Value cannot be null or empty string. (Parameter 'username') [D:\Agent04\_work\111\s\src\MyProject\MyProject.csproj]
21:08:20 [Error] exit status 1
##[error]Error: Command failed: D:\Agent04\_work\_tool\jf\2.53.1\x64\jf.exe dotnet restore --build-name="my-project" --build-number="v8.0.0-ci.4.24291.4057.6362"
So, I cannot use the reference token as a bearer token, I have to use the full JWT token. But here's the thing, I validated the ServiceConnection in Azure DevOps with the Reference token and it validated just fine—the connection to the API could be established. This seems like a bug to me—perhaps in Azure DevOps Server. So, I'm going to change the title of this issue and let someone else decide whether this is not a Jfrog problem. (It's possible it's a littel of both.)
This issue has been marked as stale due to 6 months of inactivity. As part of our effort to address every issue properly, please feel free to remove the stale label or keep this issue active by leaving a comment. Otherwise, it will be closed in 7 days
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
This issue was closed due to 7 days of inactivity after being marked as stale. Feel free to reopen it if it remains relevant.