1

I'm using the Sonarqube github authentication plugin. I want to make it so that only users in my Github organisation can sign up.

It does not appear to work because even users that are in my organisation are blocked with the reason:

Reason: 'username' must be a member of at least one organization: 'https://github.com/{{organisation_name}}'

The link above is my organisation page on Github. I have used {{organisation_name}} as the configuration value in Sonarqube. The user is definitely a member of the organisation.

What value should I use for the organisation name?

EDIT: I found https://jira.sonarsource.com/projects/SQAUTHGITH/issues/SQAUTHGITH-16?filter=allopenissues which suggests that possibly the org id is required. Using the Github API to get the organisation id for the user and then using that as a config value does not work either.

EDIT: Looking at the flow I think there might be a bug...

This is the url sending the user to github to get a token

https://github.com/login/oauth/authorize?response_type=code&client_id=123abc&redirect_uri=https://example.com/oauth2/callback/github&scope=user:email,read:org&state=123abc

It looks like there is no scope to read the org?

Andy
  • 307
  • 2
  • 5
  • 16

1 Answers1

4

I just setup SonarQube and ran into the exact same issue. Turns out that Sonar's GH integration docs are hot garbage for anything beyond the most basic setup. To correct this, I updated my GitHub application with read-only access to the "Members" permission. Furthermore, and this might only be for my setup, but Sonar (v8.2) required read-only access to the "Email addresses" permission as well. I know this answer came nine months later, but hopefully it helps someone.

ProfCrazynuts
  • 41
  • 2