GitHub Maven Authentication #119679
-
Select Topic AreaBug BodyGitHub Maven Authentication BugIssue DescriptionWhen attempting to build a project, Maven fails to resolve dependencies due to authentication issues when accessing GitHub packages. The error message suggests that the authentication information provided in the Error Message
Settings.xml Configuration<servers>
<server>
<id>github</id>
<configuration>
<httpHeaders>
<property>
<name>Authorization</name>
<value>Bearer MyTokenHere</value>
</property>
</httpHeaders>
</configuration>
</server>
</servers> The provided settings.xml file contains the necessary authentication configuration for accessing GitHub packages. Additional ContextMaven attempts to retrieve metadata from A cURL request using the Authorization header fails: curl -H "Authorization: Bearer MyTokenHere" 'https://mavenregistryv2prod.blob.core.windows.net/mavenregistryv2prod/blobs/124037065/****/1.0.0-SNAPSHOT/4d52eb80-fb1c-11ee-9a11-eb4ecd1f897f?se=2024-04-15T11%3A55%3A48Z&sig=2GRYlvPWHcavoSuWE0TOxt3bhVd4GvR2QG4Wt6ALKGc%3D&sp=r&spr=https&sr=b&sv=2020-04-08'
However, changing Authorization to X-Github-Token resolves the issue: curl -H "X-Github-Token: Bearer MyTokenHere" 'https://mavenregistryv2prod.blob.core.windows.net/mavenregistryv2prod/blobs/124037065/****/1.0.0-SNAPSHOT/4d52eb80-fb1c-11ee-9a11-eb4ecd1f897f?se=2024-04-15T11%3A55%3A48Z&sig=2GRYlvPWHcavoSuWE0TOxt3bhVd4GvR2QG4Wt6ALKGc%3D&sp=r&spr=https&sr=b&sv=2020-04-08' This adjustment successfully retrieves the necessary metadata. However, when changing Authorization to X-Github-Token in the settings.xml file, a 401 Unauthorized error is encountered. |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments
-
@abdelmoez-guetat Bearer token auth with header worked for me for some time, though at this point I am not certain if it was documented or I just found that somewhere on stackoverflow. However it seems that it is no longer the case As Github documentation suggests - I used username/password authentication instead and it works |
Beta Was this translation helpful? Give feedback.
-
Writing my notes up here in case they're useful for others. tl;dr is, instead of defining the header directly, do:
Replace The longer explanation: https://maven.pkg.github.com doesn't seem to be the direct URL for packages, it always returns a 302 (redirect) with a link to elsewhere that doesn't require authentication. It seems that redirected domain has recently changed - for older packages it seems to have typically been Ordinarily this wouldn't matter because it's a straight redirect, but Maven also forwards the authorization header onto the redirected URL. The older URL didn't require it, but also didn't care if it was there, so no problem. The newer URL though does care, insists on not having it, and seems to throw the This is also why curl works when you specify the On the flip side, if you specify the above specifically in user / pass format, it seems Maven doesn't pass that auth on, Github ignores the username, just looks at the token, and so all is happy. As a disclaimer, the above is purely anecdotal from the poking around I've done. I could be entirely wrong or missing the mark, but it seems to line up. |
Beta Was this translation helpful? Give feedback.
Writing my notes up here in case they're useful for others. tl;dr is, instead of defining the header directly, do:
Replace
ghp_xxxxxxxxxxxxxxxxxxxxxxxxxxx
with your token, but crucially you don't need to replaceUSERNAME
with your actual username.The longer explanation:
https://maven.pkg.github.com doesn't seem to be the direct URL for packages, it always returns a 302 (redirect) with a link to elsewhere that doesn't require authentication. It seems that redirected domain has recently changed - for older packages it seems to have typically been
g…