Hello! Suddenly I started getting: : {“errors”:[{“message”:“Not Authorized”,“help”:“For more information on API status codes and how to handle them, read the docs on errors: Errors”}]} even though it worked perfectly week ago and i didnt touch the script. I generated new ASANA_SECRET but it didnt help.
What could it be?
@sasha_f @Phil_Seeman…
Hello! Can you help me there? I saw this error already in some topics and it was some internal Asana problem
Hi @Daria17 and welcome,
Sasha doesn’t work for Asana any longer (and FYI I’m a volunteer here, I don’t work for Asana).
Can you provide some more context here - is this an external app you wrote, a custom script rule action, an App Component, etc.? Also, showing some of your code might be helpful as well. Also if you have other forum posts that you think are related, providing links to those might be helpful as well for context. Thanks!
Hello @Phil_Seeman! Thanks a lot for you volunteer work!
Yes, so basicly I have asana-github integration by ASANA_SECRET.
This is my workflow file:
name: Sync Asana Task Status and Comments
on:
pull_request:
types: [opened]
pull_request_review:
types: [submitted]
jobs:
handle-asana-task:
runs-on: ubuntu-latest
name: Sync Asana Task Status and Comments
steps:
- name: Extract Asana Task ID from PR
id: extract
run: |
PR_TEXT="${{ github.event.pull_request.title }}${{ github.event.pull_request.body }}"
TASK_ID=$(echo "$PR_TEXT" | grep -oE 'task/[0-9]{16,}' | head -1 | cut -d/ -f2)
echo "ASANA_TASK_ID=$TASK_ID" >> $GITHUB_ENV
- name: Add PR Opened Comment to Asana
if: github.event_name == 'pull_request' && github.event.action == 'opened' && env.ASANA_TASK_ID != ''
run: |
COMMENT_TEXT="Pull Request [${{ github.event.pull_request.title }}](${{ github.event.pull_request.html_url }}) was opened"
curl -X POST "https://app.asana.com/api/1.0/tasks/$ASANA_TASK_ID/stories" \
-H "Authorization: Bearer ${{ secrets.ASANA_SECRET }}" \
-H "Content-Type: application/json" \
-d "{\"text\": \"$COMMENT_TEXT\"}"
- name: Set Asana status to Review Needed
if: github.event_name == 'pull_request' && github.event.action == 'opened' && env.ASANA_TASK_ID != ''
run: |
curl -X PUT "https://app.asana.com/api/1.0/tasks/$ASANA_TASK_ID" \
-H "Authorization: Bearer ${{ secrets.ASANA_SECRET }}" \
-H "Content-Type: application/json" \
-d '{
"custom_fields": {
"1204341243817358": "1204341243817361"
}
}'
- name: Set Asana status to In Review on PR review comment
if: >
github.event_name == 'pull_request_review' &&
github.event.action == 'submitted' &&
github.event.review.state != 'approved' &&
env.ASANA_TASK_ID != ''
run: |
curl -X PUT "https://app.asana.com/api/1.0/tasks/$ASANA_TASK_ID" \
-H "Authorization: Bearer ${{ secrets.ASANA_SECRET }}" \
-H "Content-Type: application/json" \
-d '{
"custom_fields": {
"1204341243817358": "1207831943928012"
}
}'
So as I understand I do not have any external apps. I athorized in github in asana, created workflow file and ASANA_SECRET. And such integration worked just fine, but suddenly I started getting Not Authorized error. I am pretty sure that my rights in asana weren’t changed and ASANA_SECRET is existing.
This is the post that I think is related to my problem: Sudden 'No Authorization' error on API calls
Thank you!
@John_Baldo could you maybe take a look at this?
Hey @Daria17 Welcome to our community forum.
Given that your GitHub Action workflow includes custom fields for code review processes, it seems like this is likely a shared workflow used by multiple team members in your organization.
Taking a look at your GitHub Action Workflow it looks like it:
- Extracts an Asana Task ID from the pull request text
- Makes an API call to add a comment to an Asana task
- Updates the custom field of an Asana task
- Updates the custom field of an Asana task
Based off what I know, I can see a scenario where you would get a “Not Authorized”:
The Personal Access Token (PAT) stored in the ASANA_SECRET
GitHub Action environment variable does not have permissions to modify the task.
- Asana Personal Access Tokens have the same set of permission that the users that generated the token has. So if the user does not have access to a task that would mean the token would also not have access to that task
- It looks like the
TASK ID
is extract from the PR text → if someone submits a PR with a task ID that the ASANA_SECRET
does not have access to that would explain the error. Similarly with the custom field.
- I don’t have access to your workflow run but perhaps you might want to look at which step failed and debug from there.
Perhaps a Service Account Token might be better suited for your use case.
NOTE: Service Account Tokens have a lot of permissions so be careful with using this.
5 Likes
Great input from @John_Vu ! I also noticed that the task ID is being extracted from the PR text using grep
based on a specific pattern. This approach could potentially return an unintended value if multiple matches are present in the text. If this flow has worked with previous PRs, I’d suggest comparing their content to ensure the extracted task ID is indeed accessible with the PAT being used.
2 Likes