Score:0

Finding the use of an OAuth token on TeamCity

jp flag

I'm getting occasional email notices from GitHub saying that our TeamCity server is using an outdated token format. The old access tokens are indistinguishable from SHA hashes. The new tokens start with a readily greppable 3 character header, and have a slightly higher entropy, while retaining the same key length

I've found and re-generated all of the Personal Access Tokens and OAuth access tokens that I can, but about once a month, I'm still getting an email that looks something like this:

We noticed that an application, TeamCity(ci.support.example.com), owned by an organization you are an admin of, ExampleSolutions, used a token with an outdated format to access the GitHub API on September 20th, 2021 at 17:07 (UTC), with a user-agent header of TeamCity Server 2021.1.2 (build 92869).

The trouble is that at this point, I don't know which personal access token or OAuth token is causing the problem. We have dozens of build notifications and a hand full of other GitHub API calls.

I've looked through the TeamCity logs for the date and time in question (As downloaded from Administration > Diagnostics > Server Logs > Recent). The logs are pretty spammy, and I'm not finding any one-to-one correlations between the timestamps of the emails from GitHub and what I'm seeing in the logs, and what is there is hard to trace back to a given build config.

The notices that I've gotten all seem to fall on the 20th of the month, so I'm going to try to increase log levels on that day. I could probably run wireshark to find outbound connections to GitHub, but I'd really prefer to log OAuth events on TeamCity.

I guess I'm looking for one of the following:

  • Is there a way to specifically log OAuth events in Github, and if so
    • Can I tie it back to a given build config
  • Is there a way of approaching this problem that I haven't thought of?
jp flag
We have this same issue. We raised it with JetBrains and they suggested that this isn't the date that the communication is occurring but more likely a scheduled email from GitHub. They also could not suggest any further reason why our server was communicating with an old token. We had aleady switched up our VCS credentials to new style tokens, and recreated the Connection to GitHub via OAuth although recreating that token just looked like the old style. They also suggested they might implement a check in TeamCity that shows up old style tokens. No idea when that might be available though.
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.