Problem Definition

Admins are currently allowed (even though not recommended) to integrate github.com accounts through GitHub Apps for DVCS integration. Unlike oAuth tokens (gho_), these are ghu_ tokens.

As per Github documentation: Behind GitHub’s new authentication token formats these two are different types of tokens:

• gho for OAuth access tokens
• ghu for GitHub user-to-server tokens

So even though Jira DVCS plugin allows Jira admins to create the integration with these ghu_ tokens (created via Github apps), the oAuth refresh fails at every 8 hours interval and starts throwing Bad credentials (401) errors:

2023-04-06 22:10:26,299+0000 Caesium-1-2 WARN ServiceRunner     [c.a.j.p.d.spi.github.GithubClientWithTimeout] Failed to execute request [GET /users/ORG1234] response code: 401, errors: 
    Bad credentials (401)
2023-04-06 22:10:26,299+0000 Caesium-1-2 DEBUG ServiceRunner     [c.a.j.p.d.spi.github.GithubCommunicator] Could not find user/organization ORG1234
org.eclipse.egit.github.core.client.RequestException: Bad credentials (401)

Suggested Solution

Introduce the auth token refresh for Non-OAuth tokens viz., ghu_ tokens created via GitHub Apps.

Workaround

Until this feature is implemented:

• Follow our documentation and integrate DVCS with github.com through oAuth tokens: Linking GitHub accounts
• Alternatively, Jira admins would have to refresh the tokens manually every 8 hours - Account Tools >> Reset OAuth Settings - (Same client ID and Secret will continue to work but the refresh would need to be done manually)