Failed to login Github for Android Studio

Question

I want to share my Android Studio project on Github but when I click to share, it appear to

http://127.0.0.1:63342/api/github/oauth/authorization_code?code=14c943d3435fe66a54f7

and it ask for username and password. I try to log in using my Github username and password but failed.

*Just started programming for 2 weeks

Do you have special characters in your password? e.g. @(At sign) — nuhkoca, Aug 24 '21 at 12:46
I have an exactly same situation. The login screen is really strange that not the normal login dialog. more like a system login dialog. I end up with personal access token (which use authority token instead of login) you can check [here](https://stackoverflow.com/questions/68191392/password-authentication-is-temporarily-disabled-as-part-of-a-brownout-please-us). — yellowgray, Aug 27 '21 at 07:41
This question is nothing but complaining about some misconfiguration... without providing the least details about the configuration - and that's why I've downvoted it. `127.0.0.1` obviously is not `github.com`. Just add SSH keys and you will not have to use any personal access tokens (which are merely good for their API). Besides, GitHub does not use any `http` URL ...check for malware. — Martin Zeitler, Sep 11 '21 at 14:14

score 23 · Answer 1 · answered Sep 25 '21 at 18:51

This is not a phishing attack. See thread here: Intellij Android Studio opens localhost page to login on github

Intellij support says that this is an Android Studio bug and recommends using a token as a workaround.

Generating the token

Log in to you GitHub account and navigate to Settings > Developer Settings > Personal Access Tokens

Click "Generate new token"

Add a note so you know this token is for Android Studio and then check the following boxes: repo, read:org, and gist

Click "Generate token"

Now copy the generated token and return to Android Studio.

Log In With Token From Android Studio

In Android Studio, Navigate to File > Settings > Version Control > GitHub

Select the '+' and then choose "Log In with token".

Paste the copied token and click "Add Account"

Thank you. Bless you. FSM be praised! – portsample Jan 04 '22 at 17:21 — portsample, Jan 04 '22 at 17:21

Martin Zeitler · Answer 2 · 2021-09-11T15:03:42.793

In case you've entered your GitHub access credentials into that - apparently SSL tunnel - which may lead somewhere very else than to https://api.github.com - your GitHub account likely had been compromised by a phishing attack ...urgently login on the web and change your account password first, then regenerate all personal access tokens, replace all the SSH keys, check if anything else changed. Also check your local PC for malware infection, because to me this seems to be what you're actually dealing with.

For example... any rouge Gradle plugin can patch local config files, alike the one from that GitHub login dialog, or locally install a SSL tunnel as backdoor (these may work both ways). Then some clueless guy comes around, does not understand where he just entered his access credentials, complains that it is not working and takes to the internet, in order to complain some more about it.

140.82.121.4 would be the correct IP address... and it's all over the news (despite 2020).

Also see: OAuth 2.0 authentication vulnerabilities ...in order to back up my claim.

score 2 · Answer 3 · answered Oct 01 '21 at 18:55

This is a bug within Android Studio. It still exists in the (as of today) current version 2020.3.1.

Bugtracker describing this issue: https://issuetracker.google.com/issues/174787515

As a work-around you can create a token in Github and use that to log in. https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token

The token must have the repo, the gist and the read:org scopes enabled in your account permissions.

score 0 · Answer 4 · answered Sep 11 '21 at 14:32

0

I try to log in using my Github username and password but failed

Apparently, you are using an old version of git on your system. Because, if your git version was up to date it would pop out a window with username and personal access token.

First of all, update your git to the last version. Second, create a personal access token. See this Support for password authentication was removed. Please use a personal access token instead

answered Sep 11 '21 at 14:32

A Farmanbar

4,381
5
24
42

Your answer ignores the IP address and also gives fairly bad advice. Those access tokens which you suggest are exactly the problem - unless using SSH to login and GPG to sign all commits, neither the identify of the other side is guaranteed, nor the identify of committers is. So what is the IP address of `api.github.com` ?? These guys fell victim to a phishing attack and rationalizing the fact, that one had been dearly owned, is probably no sane psychology. GitHub hacking became a reality and they even may hold repositories hostage, for ransom. – Martin Zeitler Sep 11 '21 at 14:38
@MartinZeitler, This is the recommended authentication method that got started recently as a default authentication method. Here the OP is not about security consideration. – A Farmanbar Sep 11 '21 at 14:55
This issue has been confirmed by Google & JetBrains - and I've already suggested additional security checks to them... which prevent the client-side oAuth2 flow from being hijacked by DNS poisoning. This is well known. – Martin Zeitler Oct 27 '21 at 01:21
You might also have noticed, that Android Studio doesn't run Gradle scripts anymore, when opening some project for the first time ...this is also part of the effort to tackle this. – Martin Zeitler Oct 27 '21 at 01:29

score 0 · Answer 5 · answered Feb 14 '22 at 02:04

I solved this problem following these steps:

Use SSH (forget https) (E.g., don't use https url for cloning)
Use Personal Access Token (PAT) (forget username/password)

(e.g., Settings > Developer Settings > Personal Access Token)

Update git to latest version (e.g., 2.35.1) //I think this is important
In Github, Uncheck Settings > Developer Settings > Keep my email addresses private

Conclusion: You add Personal Access token in Github. Then from any IDE (e.g., Android Studio, IntelliJ IDEA etc.) you can add remote using ssh (e.g., name: origin, URL: git@github.com:your_github_username/your_git_repo.git. That's it

If not already done,

Configure git global username and email

git config --global user.name "your_username" && git config --global user.email "your_email"

If in windows, you can add windows credentials for your user, control panel > users > manage your credential > Windows Credentials > Add a generic credential >

Internet address will be git:https://github.com and you need to type in your username and password will be your GitHub Personal Access Token => Click Ok and you are done

score 0 · Answer 6 · answered Jun 22 '23 at 15:42

0

I faced the same problem.

Just authorized the token to be used for the organization.

Learn more about it here.

answered Jun 22 '23 at 15:42

Arhat Baid

1,011
10
18

Failed to login Github for Android Studio

6 Answers6