Hub: Error creating pull request: Unauthorized (HTTP 401)

I'm running the latest tagged version 1.11.2. I also can't find a ~/.config/hub file, curiously. So I don't understand how it is even trying to authenticate.

@pwaller I'm sorry you had troubles authenticating. Let's start from the beginning: what is the outcome that you get when hub asks you for your GH credentials? It should ask you for username, password (your actual GH password; never stored), and 2FA code if you have that enabled. Does it ask you for all three, and fails after that? Is the error message that you pasted the full error output?

After you entered your actual GH credentials + 2FA code, even if the pull-request operation ultimately failed, can you check did hub manage to create a token for itself? It should be visible under Personal access tokens, and its name should simply be "hub" with "repo" scope.

Ultimately, if you're still blocked on this, here is how you can provide auth info to hub manually:

1. Create a Personal Access Token (like you did already). This acts as an OAuth token
2. Save the following information in ~/.config/hub:

``` yml
github.com:

• user: pwaller
  oauth_token: ACCESS_TOKEN
  ```

Hi @mislav,

When I wrote this post I got it working by making .config/hub as you've described.

I've just realised that I have GITHUB_PASSWORD set to an access token, and that's why it was failing without prompting me to login. I recall that I tried unsetting $GITHUB_PASSWORD and supplying a token at the commandline when prompted for a password but that didn't work. It would be great if either of these things worked.

Right now, hub is designed in a way that it doesn't want you to manually create an access token and pass it to it. It wants to exchange your real credentials for an OAuth token so you don't have to go through manual steps. In the future, we might add extra authentication features for pasting a Personal access token.

The problem is that from the command line it isn't obvious what hub needs you to do if you have 2FA enabled, if I'm understanding correctly. That lead to a broken experience, and caused me to not use hub for several months after using it for years.

From what I understood, the problem was that when hub asked you for your actual GitHub password, you provided the Personal access token (which is not a stand-in for a password always), either by pasting it or via $GITHUB_PASSWORD. Is that correct?

if so, it doesn't sound like hub was broken. It just sounds you were doing auth the wrong way.

How would you like me to solve this issue? Detect whether you tried to use a Personal access token in the wrong place, and warn you about it?

Hm. I guess the actual problem in my case is that other utilities work with GITHUB_PASSWORD being an oauth token, and that was what confused me. Maybe it would have helped if upon seeing "Unauthorized" it could have told me it got the credentials from the environment. I was quite mystified as to why it wasn't working at all.

I think at some point I figured out to unset GITHUB_PASSWORD, and tried passing my password on the CLI (which didn't work because 2FA), and when that didn't work I tried an oauth token on the CLI and that didn't work either. Then I concluded that it was a bug with hub and it would get fixed eventually, which it didn't, which was why I posted here. Maybe this is just my problem but not working with 2FA in an obvious manner from the command line is an issue.

OK, so the actual problem of hub is that it's not user-friendly enough when it comes to auth issues.

Yeah, other utilities can work with a password being an OAuth token if they use Basic Authentication for the API. We don't, however. I just realized we had this discussion in #463. We should improve the situation around this. Follow that ticket for updates.

:+1:

github.com:
- user: pwaller
- oauth_token: ACCESS_TOKEN

This led me astray. Should be:

 github.com:
 - user: pwaller
   oauth_token: ACCESS_TOKEN

Hopefully this helps someone, five years later! 😂