Search code examples
herokugithubjekyllhttp-status-code-403jekyll-extensions

Authorization problems with Jekyll-Auth

I have set up Jekyll-Auth for a private GitHub repository. This was quite complicated, so I wrote an installation guide which can be found here: http://fabian-kostadinov.github.io/2014/11/13/installation-of-jekyll-auth/. Yet, no matter what I do I cannot get past the login screen. All I ever receive after login to the hosted website is a HTTP 403 and the image of the bouncer.

Here's my setup:

  1. My organization is foo-org. There is a team bar-team and a private repo baz-repo.

  2. I am both owner and member of foo-org, and also team member of bar-team.

  3. I grant write access to all members in bar-team. (Organisation owners have admin rights anyway.)

  4. I make sure that bar-team is listed under the repo's list of collaborators. (Organisation owners and members are listed there too. Organisation members have write access.)

  5. Inside Heroku's dashboard there is my Heroku app with the config vars. Besides the other vars there is a var "GITHUB_TEAM_ID" and I set the value to "@foo-org/bar-team" (without double quotes but with the leading at character).

  6. I have completely deleted the "whitelist" entry (also the "ssl" entry) from _config.yml. (When I whitelist everything, then I can indeed access the website. But of course it's not protected then. Still this demonstrates that everything seems to be set up right.)

  7. Before every new attempt, I deliberately delete all cookies in my browser. I also tried to revoke granted access rights in GitHub to no avail.

Still, access is not granted. Heroku's logs do not say very much. The app is up and running without errors. It looks like the callback works fine between Heroku and GitHub. However, I can see that all HTTP GETs to any file on the protected website results in a 403 access denied.

Now I am out of ideas. Could there be something wrong with the org/team id? Any help is appreciated.

Solution

  • Ok, I finally was able to solve this issue. The problem was that GITHUB_TEAM_ID must be an ID number , that is an integer. Unfortunately, you cannot simply look this number up. Instead, you need to access the GitHub API to find out with cURL. I wrote an article on how to achieve this: http://fabian-kostadinov.github.io/2015/01/16/how-to-find-a-github-team-id/