Verifying Github Oauth 2.0 tokens in Jira

Summary

If you have not setup or updated your DVCS connection from Jira to Github since April 5, 2021, then there's a chance that the tokens used by Jira to access the repository are in an outdated format.

Although they will work, they are being deprecated by GitHub and you will be notified via email by Github that you should update the token utilized to be the modern-formatted token.

The NEW token formats have a "gho_" prefix for Oauth based connections and additional information about this change is available here.

Environment

Any Jira environment that had DVCS links to Github created prior to April 5, 2021

Diagnosis

•  The Jira Administrator or Repository Owner will receive an email from Github indicating that the repository has been accessed with an outdated token.

  1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 We noticed that an application, <Application>, owned by an organization you are an admin of, <Organization>, used a token with an outdated format to access the GitHub API on <Date> In order to provide additional security benefits to all our customers, we recently updated the format of our API authentication tokens. We encourage you to reset any authentication tokens used by this app, as well as tokens used by any other apps you may have, with our reset token API (https://docs.github.com/en/rest/reference/apps#reset-a-token). Alternatively, you can prompt your users to step through the authorization flow again, as outlined in the docs for either GitHub App (https://docs.github.com/en/developers/apps/identifying-and-authorizing-users-for-github-apps) and OAuth Apps (https://docs.github.com/en/developers/apps/authorizing-oauth-apps). To understand more about this change and why it's important, visit: https://github.blog/2021-04-05-behind-githubs-new-authentication-token-formats Thanks, The GitHub Team

• Your DBA can confirm the Token Used with the following Query:

  1 2 3 4 5 6 7 8 9 10 11 select "NAME"      ,"ID"      , "DVCS_TYPE"      ,"HOST_URL"      ,"LAST_POLLED"      ,"OAUTH_KEY"      ,"OAUTH_SECRET"      ,"ACCESS_TOKEN"      ,"STATUS"      ,"TOKEN_ID" FROM "AO_E8B6CC_ORGANIZATION_MAPPING";

Cause

Tokens generated prior to April 5, 2021 could be using an outdated formatted token. These are tokens that do not contain the correct prefix in the token value.

Solution

Regenerate the Oauth Token used by Jira, for each repository.

1. In Jira:

   1. Login to Jira as an Administrator

   2. Click on Settings → Applications → DVCS Accounts

   3. Click to Edit your Github DVCS account

   4. Click "Reset OAuth Settings"

   5. Copy the Current Key

2. In Github:

   1. Login to Github as the User who configured the DVCS GitHub Account

   2. Click On Settings → Developer Settings → Oauth Apps

   3. Find the corresponding Key from the OAuth App

   4. Generate a New Secret for that Key

3. Back in Jira → DVCS Accounts

   1. Click Edit

   2. Type in the Key and Secret from Github

   3. Click on "Regenerate Access Token"

As the Oauth Key has now been regenerated, Jira will perform a Full Sync against the repository. You can confirm that this is occurring by reviewing the application-jira.log file for lines such as: