hub complains "Unauthorized (HTTP 401)" and "Bad credentials"

Are you sure you haven't removed anything from the below output:

% env HUB_VERBOSE=1 hub checkout http://github.com/apple/swift/pull/862
github.com username: gparker42
github.com password for gparker42 (never stored): 
> GET https://api.github.com/repos/apple/swift/pulls/862
> Authorization: token 
< HTTP 401
{"message":"Bad credentials","documentation_url":"https://developer.github.com/v3"}

It seems incomplete. Like it didn't try to obtain an OAuth token at all.

Do you still have this issue?

Still reproduces with hub-2.2.2. I haven't tried building hub from source.

The output shown above is exactly what I see, except for some colorization of the verbose output.

Thanks for updating. This is really weird. According to your HTTP log, it never even tries to exchange your username/password for OAuth token. I've never seen this behavior before. Which version of OS X are you on?

This is OS X 10.11.4 beta (build 15E27e). I might have a 10.11.2 or 10.11.3 machine to try.

I'm seeing the same problem, using Gentoo Linux. "hub create" simply shows 401:

kakra@jupiter ~/src/php-graveyard [git:master] $ HUB_VERBOSE=1 hub create
$ git config alias.create
$ git rev-parse -q --git-dir
> GET https://api.github.com/repos/kakra/php-graveyard
> Authorization: token [REDACTED]
< HTTP 401
{"message":"Bad credentials","documentation_url":"https://developer.github.com/v3"}
> POST https://api.github.com/user/repos
> Authorization: token [REDACTED]
{"owner":{},"name":"php-graveyard","private":false,"pushed_at":"0001-01-01T00:00:00Z","created_at":"0001-01-01T00:00:00Z","updated_at":"0001-01-01T00:00:00Z","permissions":{"Admin":false,"Push":false,"Pull":false}}

< HTTP 401
{"message":"Bad credentials","documentation_url":"https://developer.github.com/v3"}
Error creating repository: Unauthorized (HTTP 401)
Bad credentials

Nevermind: After removing $HOME/.config/hub it works. It asked my user/pass and stored a new token. I expected it to be found in $HOME/.gitconfig because there I removed it the first time.

With hub-2.2.3 on OS X 10.11.3 (15D21) it now sometimes works and sometimes fails when there is no ~/.config/hub file.

Success and failure output below. I manually redacted anything that looked like it might be sensitive, in addition to the output's own redactions. Note that the "successful" output also starts with a bunch of failed requests.

curl still works every time. hub-2.2.2 still fails every time. hub-2.2.2 works after hub-2.2.3 successfully creates a ~/.config/hub file.

Success:

% env HUB_VERBOSE=1 hub checkout http://github.com/apple/swift/pull/862
$ git config alias.checkout
$ git config hub.host
github.com username: gparker42
github.com password for gparker42 (never stored): 
> POST https://api.github.com/authorizations
> Authorization: Basic [REDACTED]
{"scopes":["repo"],"note":"hub for [email protected]","note_url":"http://hub.github.com/"}

< HTTP 422
{"message":"Validation Failed","errors":[{"resource":"OauthAccess","code":"already_exists","field":"description"}],"documentation_url":"https://developer.github.com/v3/oauth_authorizations/#create-a-new-authorization"}
> POST https://api.github.com/authorizations
> Authorization: Basic [REDACTED]
{"scopes":["repo"],"note":"hub for [email protected] 2","note_url":"http://hub.github.com/"}

< HTTP 422
{"message":"Validation Failed","errors":[{"resource":"OauthAccess","code":"already_exists","field":"description"}],"documentation_url":"https://developer.github.com/v3/oauth_authorizations/#create-a-new-authorization"}
> POST https://api.github.com/authorizations
> Authorization: Basic [REDACTED]
{"scopes":["repo"],"note":"hub for [email protected] 3","note_url":"http://hub.github.com/"}

< HTTP 422
{"message":"Validation Failed","errors":[{"resource":"OauthAccess","code":"already_exists","field":"description"}],"documentation_url":"https://developer.github.com/v3/oauth_authorizations/#create-a-new-authorization"}
> POST https://api.github.com/authorizations
> Authorization: Basic [REDACTED]
{"scopes":["repo"],"note":"hub for [email protected] 4","note_url":"http://hub.github.com/"}

< HTTP 422
{"message":"Validation Failed","errors":[{"resource":"OauthAccess","code":"already_exists","field":"description"}],"documentation_url":"https://developer.github.com/v3/oauth_authorizations/#create-a-new-authorization"}
> POST https://api.github.com/authorizations
> Authorization: Basic [REDACTED]
{"scopes":["repo"],"note":"hub for [email protected] 5","note_url":"http://hub.github.com/"}

< HTTP 422
{"message":"Validation Failed","errors":[{"resource":"OauthAccess","code":"already_exists","field":"description"}],"documentation_url":"https://developer.github.com/v3/oauth_authorizations/#create-a-new-authorization"}
> POST https://api.github.com/authorizations
> Authorization: Basic [REDACTED]
{"scopes":["repo"],"note":"hub for [email protected] 6","note_url":"http://hub.github.com/"}

< HTTP 201
< Location: https://api.github.com/authorizations/28401207
{"id":28401207,"url":"https://api.github.com/authorizations/28401207","app":{"name":"hub for [email protected] 6","url":"http://hub.github.com/","client_id":"00000000000000000000"},"token":"[REDACTED]","hashed_token":"[REDACTED]","token_last_eight":"[REDACTED]","note":"hub for [email protected] 6","note_url":"http://hub.github.com/","created_at":"2016-02-22T15:18:42Z","updated_at":"2016-02-22T15:18:42Z","scopes":["repo"],"fingerprint":null}
> GET https://api.github.com/user
> Authorization: token [REDACTED]
< HTTP 200
{"login":"gparker42", [...]}
> GET https://api.github.com/repos/apple/swift/pulls/862
> Authorization: token [REDACTED]
< HTTP 200
{"url":"https://api.github.com/repos/apple/swift/pulls/862", [...]}
[...]

Failure:

% env HUB_VERBOSE=1 hub checkout http://github.com/apple/swift/pull/862
$ git config alias.checkout
$ git config hub.host
github.com username: gparker42
github.com password for gparker42 (never stored): 
> POST https://api.github.com/authorizations
> Authorization: Basic [REDACTED]
{"scopes":["repo"],"note":"hub for [email protected]","note_url":"http://hub.github.com/"}

< HTTP 422
{"message":"Validation Failed","errors":[{"resource":"OauthAccess","code":"already_exists","field":"description"}],"documentation_url":"https://developer.github.com/v3/oauth_authorizations/#create-a-new-authorization"}
> POST https://api.github.com/authorizations
> Authorization: Basic [REDACTED]
{"scopes":["repo"],"note":"hub for [email protected] 2","note_url":"http://hub.github.com/"}

< HTTP 422
{"message":"Validation Failed","errors":[{"resource":"OauthAccess","code":"already_exists","field":"description"}],"documentation_url":"https://developer.github.com/v3/oauth_authorizations/#create-a-new-authorization"}
> POST https://api.github.com/authorizations
> Authorization: Basic [REDACTED]
{"scopes":["repo"],"note":"hub for [email protected] 3","note_url":"http://hub.github.com/"}

< HTTP 422
{"message":"Validation Failed","errors":[{"resource":"OauthAccess","code":"already_exists","field":"description"}],"documentation_url":"https://developer.github.com/v3/oauth_authorizations/#create-a-new-authorization"}
> POST https://api.github.com/authorizations
> Authorization: Basic [REDACTED]
{"scopes":["repo"],"note":"hub for [email protected] 4","note_url":"http://hub.github.com/"}

< HTTP 422
{"message":"Validation Failed","errors":[{"resource":"OauthAccess","code":"already_exists","field":"description"}],"documentation_url":"https://developer.github.com/v3/oauth_authorizations/#create-a-new-authorization"}
> POST https://api.github.com/authorizations
> Authorization: Basic [REDACTED]
{"scopes":["repo"],"note":"hub for [email protected] 5","note_url":"http://hub.github.com/"}

< HTTP 201
< Location: https://api.github.com/authorizations/28401173
{"id":28401173,"url":"https://api.github.com/authorizations/28401173","app":{"name":"hub for [email protected] 5","url":"http://hub.github.com/","client_id":"00000000000000000000"},"token":"[REDACTED]","hashed_token":"[REDACTED]","token_last_eight":"[REDACTED]","note":"hub for [email protected] 5","note_url":"http://hub.github.com/","created_at":"2016-02-22T15:18:00Z","updated_at":"2016-02-22T15:18:00Z","scopes":["repo"],"fingerprint":null}
> GET https://api.github.com/user
> Authorization: token [REDACTED]
< HTTP 401
{"message":"Bad credentials","documentation_url":"https://developer.github.com/v3"}
> GET https://api.github.com/repos/apple/swift/pulls/862
> Authorization: token 
< HTTP 401
{"message":"Bad credentials","documentation_url":"https://developer.github.com/v3"}
Error getting pull request: Unauthorized (HTTP 401)
Bad credentials

It works for me after updating the oauth_token value within ~/.config/hub

@gparker42 Thanks for all that info. Do you still have a persistent issue, or did it go away?

I'm on hub version 2.2.3 and I have the exact same problem:

 env HUB_VERBOSE=1 hub browse                                                                        ⏎
$ git config alias.browse
$ git rev-parse -q --git-dir
$ git remote -v
$ git config hub.host
> GET https://api.github.com/user
> Authorization: token [REDACTED]
< HTTP 401
{"message":"Bad credentials","documentation_url":"https://developer.github.com/v3"}
Error getting current user: Unauthorized (HTTP 401)
Bad credentials

I have no ~/.config/hub file.

what is the content that needs to go in ~/.config/hub ? if I could hand create that I would hope I could get pass this and actually get hub working again for me ;)

Tried writeup my own ~/.config/hub looking something like:

github.com:
- user: maxandersen
  oauth_token: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
  protocol: https

but still get same errors.

Also tried remove the oauth_token to hope it would re-auth but nope, still same errors about not being authorized.

I'm seeing the same thing. hub used to work fine, and stopped at some point. I'm finally getting around to figuring out why. I have no ~/.config/hub file.

cat ~/.config/hub
cat: /Users/[blah]/.config/hub: No such file or directory

The log from hub:

env HUB_VERBOSE=1 hub pull-request
$ git config alias.pull-request
$ git rev-parse -q --git-dir
$ git remote -v
$ git config hub.host
> GET https://api.github.com/user
> Authorization: token [REDACTED]
< HTTP 401
{"message":"Bad credentials","documentation_url":"https://developer.github.com/v3"}
Error getting current user: Unauthorized (HTTP 401)
Bad credentials

This suggests to me that a token is being found... somewhere. But I'm not sure where.

I had this same problem. Turns out I had set GITHUB_TOKEN in my .zshrc long ago, to a token that was no longer valid. Removing this fixed the issue.

@cacrawford, brilliant! Your suggestion led me to investigate the files I was sourcing in my ZSH setup. It turns out I had a .zlocal with my GITHUB_TOKEN set. Doh!

where can I store the ~/.config/hub file when hub command is invoked through, for example, popen, vai python?
since there is no ~directory, is there a global configuration for hub, to store the username and the token?

@erictrade Have you found a solution for this?

where can I store the ~/.config/hub file when hub command is invoked through, for example, popen, vai python?

@erictrade Are you saying that in those cases, HOME environment variable isn't set? Hub wasn't designed to operate in such a case. Do you feel like it should?

hi @c-geek and @mislav !
I edited weblate sources to workaround my problems, and it's working really good for me. I edited 2 files, to be exactly. It fixed 2 problems I was having.
But this code is not really clean, because I hardcoded some strings for not knowing weblate full structure. Also, I needed to create the github repository, creating another method. I think I shoud creat it also on its base class, but I didn't because of our rush here.
I can submit a pull request as is, so you can analyse the code, and refactor to get it cleaner. I can comment everything to show exactly why I changed, and why it's working now. Does it help anyway? If so, I'll fork the repository and submit a pull request, explaining everything. =)

Just to be documented, I got the idea of how to fix it on this already closed issue on hub project:
https://github.com/github/hub/issues/1164

Well I finally managed to make it work, actually I was misunderstanding hub push behavior (no hub credential used) compared to hub pull-request (hub crediential used) along with other things commented on this weblate issue.

Anyway, @erictrade, putting yout solution could help future users crawling the web up to this issue!

@erictrade I'm not sure if I follow what your issue is. Is something a blocker for you? Did you solve it? Would you share your solution with us, maybe in the aforementioned thread if it's on-topic? Do you think many people are affected by this?

I can share the piece of code here, and I can make a PR on weblate open source project, with the entire solution to my problem. About hub and popen, here is the trick:

        process = subprocess.Popen(
            args,
            cwd=cwd,
            env=get_clean_env({'GIT_SSH': ssh_file(SSH_WRAPPER),
                               'HUB_CONFIG': '/home/youruser/.config/hub'}),
            stdout=subprocess.PIPE,
            stderr=subprocess.PIPE,
        )

As it was a clean enviroment I was using, it could not find the hub config file. So, adding 'HUB_CONFIG': '/home/youruser/.config/hub' it works. Of course, hard coding this path is not a good solution, but the idea is exactly this.
So, I guess the issue is not hub's problem, but the implementation when using it.

Does anyone still have a problem with 401 "Bad Credentials" error messages when using a recent version of hub? Otherwise I'm inclined to close this issue. Thanks everyone for your input!

This fails for me with hub 2.2.8 on OSX 10.11.4 talking to an internal GHE host. When I wrote my own ~/.config/hub using @maxandersen 's comment as a template, and using an oauth token I generated from the Settings page myself, everything works fine.

@dbushong Does your GHE host allow authentication via username & password?

Via the API? I'm not sure. We log into the website via an SSO front-door and do git operations via ssh. That might be the problem. Might want to add something to the docs about how to set up the ~/.config/hub file manually.

Yes that is a very common request with GHE. I'm going to add a command that helps you configure your GHE authentication by prompting you to paste a Personal Access token that you generated yourself. That will help a great deal, I think.

$ hub --version                                                           ⏎
git version 2.7.4 (Apple Git-66)
hub version 2.2.8
$ git co https://github.com/almighty/almighty-devdoc/pull/61
Error getting pull request: Unauthorized (HTTP 401)
Bad credentials
$ export GITHUB_TOKEN=<secret>
$  git co https://github.com/almighty/almighty-devdoc/pull/61
Updating ALRubinger
remote: Counting objects: 6, done.
remote: Compressing objects: 100% (6/6), done.
...

so afaik its still not fixed. hub always say i'm unauthorized and does not ask for setting up token/auth of any kind.

@maxandersen In the meantime, until hub implements re-authorization, can you just swap your token in ~/.config/hub with the one that you pasted as GITHUB_TOKEN?

Yes, that does seem to work.

I'm seeing this on macOS Sierra:

git version 2.9.3 (Apple Git-75)
hub version 2.2.9

I'm trying to pull a private repo from Github, consistently erring out with Error getting repository: Unauthorized (HTTP 401).

I don't have a ~/.config/hub file. Should I expect to experience this bug if I don't have the file?

@AndrewSB If you don't have a ~/.config/hub file, I can only assume you have GITHUB_TOKEN set via environment variable, and that token is outdated.

@AndrewSB If you don't have a ~/.config/hub file, I can only assume you have GITHUB_TOKEN set via environment variable, and that token is outdated.

This also happens when there is _no_ GITHUB_TOKEN set. I always have to set it if I don't have a ./config/hub file.

That makes sense, but if I don't have a GITHUB_TOKEN, shouldn't the CLI
promoting me for a usernwme and password authenticate me and save a
token/use it just for that session?
On Fri, Nov 11, 2016 at 8:38 AM Max Rydahl Andersen <
[email protected]> wrote:

@AndrewSB https://github.com/AndrewSB If you don't have a ~/.config/hub
file, I can only assume you have GITHUB_TOKEN set via environment variable,
and that token is outdated.

This also happens when there is _no_ GITHUB_TOKEN set. I always have to
set it.

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/github/hub/issues/1067#issuecomment-259998006, or mute
the thread
https://github.com/notifications/unsubscribe-auth/ADo1dGvJVx6bqi-f6kZhnykQy_Wn6mkGks5q9Jn0gaJpZM4G-qDe
.

@AndrewSB @maxandersen If there is no GITHUB_TOKEN environment variable (or if it's empty), and there is no ~/.config/hub file, hub will prompt you for username/password, and save the resulting token.

If you are getting 401 Unauthorized, steps to resolve:

1. Check your GITHUB_TOKEN environment variable;
2. If (1) is empty, check the saved token in ~/.config/hub;
3. If (2) isn't the culprit, you are passing in the wrong credentials when asked for username/password.

Hub will try to handle this in a more user-friendly manner in the next release, but in the meantime, is there something not clear here?

That makes sense.

Strangely enough, I don't have a GITHUB_TOKEN environment variable:

> printenv
TMPDIR=/var/folders/9f/9htd0_bn2fg32gnmj15qdjqc0000gn/T/
TERM_PROGRAM_VERSION=387
Apple_PubSub_Socket_Render=/private/tmp/com.apple.launchd.h8l20ctN0H/Render
LANG=en_US.UTF-8
TERM_PROGRAM=Apple_Terminal
XPC_SERVICE_NAME=0
XPC_FLAGS=0x0
TERM_SESSION_ID=8E9389FC-A858-49BE-837C-F40D3BCD2AAF
SSH_AUTH_SOCK=/private/tmp/com.apple.launchd.9zLKxyajl2/Listeners
TERM=xterm-256color
__CF_USER_TEXT_ENCODING=0x1F5:0x0:0x0
SHELL=/bin/zsh
HOME=/Users/asb
LOGNAME=asb
USER=asb
PATH=/Users/asb/.rvm/gems/ruby-2.3.0/bin:/Users/asb/.rvm/gems/ruby-2.3.0@global/bin:/Users/asb/.rvm/rubies/ruby-2.3.0/bin:/Users/asb/go/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/Users/asb/.rvm/bin
SHLVL=1
PWD=/Users/asb
OLDPWD=/Users/asb
ZSH=/Users/asb/.oh-my-zsh
CDPATH=Developer/
GOPATH=/Users/asb/go
REACT_EDITOR=atom
PAGER=less
LESS=-R
LC_CTYPE=en_US.UTF-8
LSCOLORS=Gxfxcxdxbxegedabagacad
CLICOLOR=1
rvm_prefix=/Users/asb
rvm_path=/Users/asb/.rvm
rvm_bin_path=/Users/asb/.rvm/bin
_system_type=Darwin
_system_name=OSX
_system_version=10.12
_system_arch=x86_64
rvm_version=1.27.0 (latest)
GEM_HOME=/Users/asb/.rvm/gems/ruby-2.3.0
GEM_PATH=/Users/asb/.rvm/gems/ruby-2.3.0:/Users/asb/.rvm/gems/ruby-2.3.0@global
MY_RUBY_HOME=/Users/asb/.rvm/rubies/ruby-2.3.0
IRBRC=/Users/asb/.rvm/rubies/ruby-2.3.0/.irbrc
RUBY_VERSION=ruby-2.3.0
_=/usr/bin/printenv

nor do I have a .config/hub

> cat ~/.config/hub
cat: /Users/asb/.config/hub: No such file or directory

and I'm almost completely sure I'm typing in my password correctly (to the point where I've saved my password in my clipboard, pasted it into github.com/signup on incognito, successfully signed in, and then pasted the same text into my terminal prompt for password)

> hub clone proxyco/consumer-ios
github.com username: AndrewSB
github.com password for AndrewSB (never stored): 
Error getting repository: Unauthorized (HTTP 401)
Bad credentials

I'm thoroughly confused- hub was previously working for me fine on an old machine, I just setup a new machine ~3 days ago and have been having this issue since

@AndrewSB Thanks for all the info. That indeed looks like a bug.

If you run HUB_VERBOSE=1 hub clone proxyco/consumer-ios, there will be more debugging info about HTTP requests for you to inspect. Maybe you will find something interesting. Just remember to strip away all the sensitive info (such as tokens) before pasting any of that information here.

If you want to unblock yourself for now while we investigate this, you can generate a Personal Access Token from your settings online and paste it in a ~/.config/hub file that you create:

github.com:
- user: AndrewSB
  oauth_token: MYTOKEN
  protocol: https

Here's the output from the verbose clone:

➜ HUB_VERBOSE=1 hub clone proxyco/consumer-ios
$ git config alias.clone
github.com username: AndrewSB
github.com password for AndrewSB (never stored): 
> POST https://api.github.com/authorizations
> Authorization: Basic [REDACTED]
{"scopes":["repo"],"note":"hub for [email protected]","note_url":"http://hub.github.com/"}

< HTTP 422
{"message":"Validation Failed","errors":[{"resource":"OauthAccess","code":"already_exists","field":"description"}],"documentation_url":"https://developer.github.com/v3/oauth_authorizations/#create-a-new-authorization"}
> POST https://api.github.com/authorizations
> Authorization: Basic [REDACTED]
{"scopes":["repo"],"note":"hub for [email protected] 2","note_url":"http://hub.github.com/"}

< HTTP 422
{"message":"Validation Failed","errors":[{"resource":"OauthAccess","code":"already_exists","field":"description"}],"documentation_url":"https://developer.github.com/v3/oauth_authorizations/#create-a-new-authorization"}
> POST https://api.github.com/authorizations
> Authorization: Basic [REDACTED]
{"scopes":["repo"],"note":"hub for [email protected] 3","note_url":"http://hub.github.com/"}

< HTTP 422
{"message":"Validation Failed","errors":[{"resource":"OauthAccess","code":"already_exists","field":"description"}],"documentation_url":"https://developer.github.com/v3/oauth_authorizations/#create-a-new-authorization"}
> POST https://api.github.com/authorizations
> Authorization: Basic [REDACTED]
{"scopes":["repo"],"note":"hub for [email protected] 4","note_url":"http://hub.github.com/"}

< HTTP 422
{"message":"Validation Failed","errors":[{"resource":"OauthAccess","code":"already_exists","field":"description"}],"documentation_url":"https://developer.github.com/v3/oauth_authorizations/#create-a-new-authorization"}
> POST https://api.github.com/authorizations
> Authorization: Basic [REDACTED]
{"scopes":["repo"],"note":"hub for [email protected] 5","note_url":"http://hub.github.com/"}

< HTTP 422
{"message":"Validation Failed","errors":[{"resource":"OauthAccess","code":"already_exists","field":"description"}],"documentation_url":"https://developer.github.com/v3/oauth_authorizations/#create-a-new-authorization"}
> POST https://api.github.com/authorizations
> Authorization: Basic [REDACTED]
{"scopes":["repo"],"note":"hub for [email protected] 6","note_url":"http://hub.github.com/"}

< HTTP 422
{"message":"Validation Failed","errors":[{"resource":"OauthAccess","code":"already_exists","field":"description"}],"documentation_url":"https://developer.github.com/v3/oauth_authorizations/#create-a-new-authorization"}
> POST https://api.github.com/authorizations
> Authorization: Basic [REDACTED]
{"scopes":["repo"],"note":"hub for [email protected] 7","note_url":"http://hub.github.com/"}

< HTTP 422
{"message":"Validation Failed","errors":[{"resource":"OauthAccess","code":"already_exists","field":"description"}],"documentation_url":"https://developer.github.com/v3/oauth_authorizations/#create-a-new-authorization"}
> POST https://api.github.com/authorizations
> Authorization: Basic [REDACTED]
{"scopes":["repo"],"note":"hub for [email protected] 8","note_url":"http://hub.github.com/"}

< HTTP 422
{"message":"Validation Failed","errors":[{"resource":"OauthAccess","code":"already_exists","field":"description"}],"documentation_url":"https://developer.github.com/v3/oauth_authorizations/#create-a-new-authorization"}
> POST https://api.github.com/authorizations
> Authorization: Basic [REDACTED]
{"scopes":["repo"],"note":"hub for [email protected] 9","note_url":"http://hub.github.com/"}

< HTTP 422
{"message":"Validation Failed","errors":[{"resource":"OauthAccess","code":"already_exists","field":"description"}],"documentation_url":"https://developer.github.com/v3/oauth_authorizations/#create-a-new-authorization"}
> GET https://api.github.com/repos/proxyco/consumer-ios
> Authorization: token 
< HTTP 401
{"message":"Bad credentials","documentation_url":"https://developer.github.com/v3"}
Error getting repository: Unauthorized (HTTP 401)
Bad credentials

@AndrewSB You have somehow accumulated too many tokens named "hub for [email protected]". Deleting them in the web interface and re-running the process should clear this up for you. Any idea how you accumulated so many tokens in the first place? See https://github.com/github/hub/issues/1314#issuecomment-256045366 for a similar issue caused by hub's config directory being non-writeable.

@mislav ahh, I see. Why does hub have a limit on the number of tokens it's allowed to generate for an account?

I frequently switch machines, on the order of once a month or so, so it's because I've used hub from that many machines.
I can nuke all my current tokens, and see if that fixes the issue; at the very least, now, I'll know what to do when I see this error in the future

EDIT: revoking all my tokens on the web interface solved the issue for me. Thanks @mislav!

Deleting them in the web interface and re-running the process should clear this up for you

Where is that in the web interface ? looked everywhere on github.com but I had no luck finding it.

I frequently switch machines, on the order of once a month or so, so it's because I've used hub from that many machines.

@AndrewSB That could explain it. But are all those called "Andrews-MacBook-Pro.local"?

Hub doesn't have a limit on the number of token generated, per se, but for the same hostname it will only try to generate a token with a label hub for <USER>@<HOSTNAME> N where N is 1-9. It doesn't go over that limit to avoid getting caught in an infite loop. In a normal use-case, I don't see why someone would need to have more than 10 Personal Access Tokens for the same hostname.

@maxandersen It's here https://github.com/settings/tokens

They all are called "Andrews-MacBook-Pro.local" 😟. I'd say my use case is abnormal, and the guard you guys have against generating infinite tokens makes complete sense.

This has been fixed for me, so the issue can be closed if theres nothing else to be fixed from this thread

Had the same issue that occurred because I must have deleted the token from the web interface but it didn't try to relogin or anything - it was just kind of stuck until I removed that file.

Just wanted to drop a note that I was also getting this same HTTP Unauthorized error on macOS Sierra and hub version 2.2.9 installed via brew. Using HUB_VERBOSE it looked like everything was going through correctly, and indeed github.com showed a new personal access token created, but hub was still showing the error and asking for my credentials every time I ran it. The fix for me was creating the ~/.config directory manually (this is a pretty fresh install of Sierra and it didn't exist) and then re-running hub.

@andymorris Thanks for sharing. It's weird that hub would have problems creating the ~/.config directory itself. Do you think it might have had insufficient permissions?

I don't think so. I noticed the token on github.com, was asked for credentials again by hub, tried to check the contents of ~/.config/hub and noticed there was no ~/.config, did an mkdir, then re-ran my hub command and it worked. No su, sudo, weird permissions on ~, etc.

I'm having a similar issue but maybe a different cause. As above, I have no env variable active, no ~/.config/hub file. I have only one SSH key, only one personal access token. I'm on Mac OS El Capitan, git version 2.8.4 (Apple Git-73), hub version 2.2.9, no idea what my company's github version is.

HUB_VERBOSE returns > POST https://github.xxx.com/api/v3/authorizations

Authorization: Basic [REDACTED]
{"scopes":["repo"],"note":"hub for xxx@xxx","note_url":"http://hub.github.com/"}

AFAIK, my company has disabled https and only allows ssh. Is that the problem here? Can I force hub to use ssh? That's what I thought I was doing by specifying "[email protected]"

Can I force hub to use ssh? That's what I thought I was doing by specifying [email protected]

No, that doesn't work. Hub needs to access the GitHub API over HTTPS and that has nothing to do with git push/pull protocol (which is ssh for you).

You can generate a Personal Access token from your user settings and manually configure hub to use it. Create a ~/.config/hub file with:

my.example.org:
- user: rsworden
  oauth_token: YOURTOKENHERE
  protocol: https

Note that "protocol" value here can only be https or http, but not ssh.

I just hit this problem on a fresh OS X install, and had to manually create a ~/.config/hub file in order to work around it.

My shell environment definitely has no GITHUB_TOKEN, and I did not previously have a ~/.config/hub; as soon as I created one with the same password I was giving to hub, it started working.

$ set | grep GITHUB_
$ hub --version
git version 2.14.2
hub version 2.2.9

Here is the verbose output of hub before I created the config file:

$ HUB_VERBOSE=1 hub co https://github.com/adhocteam/certwatcher/pull/5
$ git config alias.co
$ git config --get-all hub.host
github.com username: llimllib
github.com password for llimllib (never stored):
> POST https://api.github.com/authorizations
> Authorization: Basic [REDACTED]
{"scopes":["repo"],"note":"hub for llimllib@hickory","note_url":"http://hub.github.com/"}

< HTTP 401
{"message":"Bad credentials","documentation_url":"https://developer.github.com/v3"}
> GET https://api.github.com/repos/adhocteam/certwatcher/pulls/5
> Authorization: token
< HTTP 401
{"message":"Bad credentials","documentation_url":"https://developer.github.com/v3"}
Error getting pull request: Unauthorized (HTTP 401)
Bad credentials

An interesting thing to note here is that hub for llimllib@hickory is an old personal access token of mine, so my conjecture here is that hub is for some reason ignoring the password that I've entered and trying an old (no longer valid) password, and correctly getting an HTTP 401 from github.

If there's anything I can do to further help you debug this, please let me know, it cost me a few hours this morning and I'd love to spare somebody else the pain.

I hit this issue with:

-> % hub --version
git version 2.16.1
hub version 2.2.9

...but I don't recall using hub or creating a ~/.config/hub file, but one was present. So I deleted it and re-ran hub, entered my GitHub info, then my 2FA code and it worked.

If you're reading this, worse case if you have a ~/.config/hub file just make a copy (or just delete it) and start from scratch on auth'ing hub.

Worked for me.

I just ran into this issue.
The fix was:

vi ~/.config/hub

There was some strange code there, perhaps an old token from a late night code binge. It was wrong.
Set the correct access token (created in Github Settings) making the file look like:

---
github.com:
- user: pboling
  oauth_token: this-is-my-special-token-please-dont-steal-it-:D

It should be more helpful error message

BTW, I update my oauth_token in ~/.config/hub and it works just fine.

Just verified that this problem still exists, as I re-provisioned my laptop. No config file was present, nor was a GITHUB_TOKEN.

@llimllib Did you try setting the correct token? vi ~/.config/hub

---
github.com:
- user: your-user-name
  oauth_token: this-is-my-special-token-please-dont-steal-it-:D
  protocol: https

@pboling yes, and just like last time that worked. However this bug is about hub rejecting valid credentials.

If I put in my username and token, it should accept them, not throw a 401 until I put the same username and token into a config file.

@llimllib When hub prompts you for username and password, it actually wants your password, not a personal access token you've generated. It sounds like you've been passing username and token instead. If you gave your password, it would have worked (and your password is never stored anywhere).

However, I agree that pasting a token with sufficient permissions should work just as well. This needs to be more user-friendly so people don't have to edit ~/.config/hub.

@mislav you're totally right. I've been trained by 2fa in github and google to never use my _actual_ password so well that I didn't even believe that it wanted a password and not an auth token.

So sorry I never figured this out!

I will try to find the time to PR a fallback to checking if it's an auth token rather than a password, as long as you agree that's sensible, as it seems you do

I think this issue could probably be closed now

I found that in my ~/.config/hub file the protocol was set to https. I deleted the offending line and it started working 😄

Regenerate your token at: https://github.com/settings/tokens/
Open the config file as vim ~/.config/hub
Paste your generated token like the following:
oauth_token: PASTE_HERE

Now you can use:
hub create

I solved the problem by running hub pr list. This caused hub to prompt me for my username and password and then create an OAuth token on my behalf. After going to GitHub and enabling SSO, it's working flawlessly!

I'm still getting the 404 error here in 2020. I've tried all of above, and no luck

I have tried a bounch of things listed here and gess what ? Big 401 for me, again and again. First time ever i tried to use hub, i have installed from the latest binary (2.14.2) on Linux Mint 20.

I'm sorry everyone for the bad experience. Hub error messaging should be more helpful in terms of what exactly failed and how to fix it.

The best course of action would be to completely refresh your credentials. To do that:

1. Make sure that you _don't_ have GITHUB_TOKEN set in your environment - check echo $GITHUB_TOKEN;
   
   
   
   • If there is some token there, check your shell initialization files for where that's set and clear it.
   
   
2. Go to https://github.com/settings/tokens/ and generate a new token with repo and gist scopes;
3. (Optionally) Authorize that token for your org with SSO;
4. Open (or create new file) ~/.config/hub and paste the following:
   yaml github.com: <ul> <li>user: YOURUSERNAME<br /> oauth_token: YOURTOKEN<br />