abotero1

GitHub Hook support for token instead of credentials

Discussion created by abotero1 on Nov 12, 2014
Latest reply on Nov 12, 2014 by jgodfrey
Rally (at least rally1 (https://rally1.rallydev.com)) recently changed the password policy, which included changing passwords every three or so months.

We created an account that we used for integration with GitHub Rally WebHook. As you can imagine, we enabled the hook in hundreds of repositories, and it had worked wonderfully until now.

Thing is, the account now requires renewing its password, which means ALL our hooks are making attempts at accessing the Rally with the wrong credentials which means:
  1. After third erroneous attempt, the account is locked for 20 minutes.
  2. The error message we get from the API is something like:       
    DETAILS: 401 The username or password you entered is incorrect...
         Obviously, it’s not that the credentials are wrong (we already made the mistake once of resetting the password to try), it’s just a bad error message. It should explain the account is locked.
  3. Kind of the same thing happens if we try to access with the account through the UI. It will report error with credentials, but nothing about it being locked.
  4. Only after getting the email for resetting the credentials is that we realize the account was locked.
We are using pyral for our scripts, in case it helps to know.

Could you please implement a token-based authentication system, like GitHub’s where you simply generate an application token and it never expires?

Thanks in advance for your support.

Outcomes