Sudden "Not Authorized" error

Hello! Suddenly I started getting: : {“errors”:[{“message”:“Not Authorized”,“help”:“For more information on API status codes and how to handle them, read the docs on errors: Errors”}]} even though it worked perfectly week ago and i didnt touch the script. I generated new ASANA_SECRET but it didnt help.

What could it be?

@sasha_f @Phil_Seeman
Hello! Can you help me there? I saw this error already in some topics and it was some internal Asana problem

Hi @Daria17 and welcome,

Sasha doesn’t work for Asana any longer (and FYI I’m a volunteer here, I don’t work for Asana).

Can you provide some more context here - is this an external app you wrote, a custom script rule action, an App Component, etc.? Also, showing some of your code might be helpful as well. Also if you have other forum posts that you think are related, providing links to those might be helpful as well for context. Thanks!

Hello @Phil_Seeman! Thanks a lot for you volunteer work!

Yes, so basicly I have asana-github integration by ASANA_SECRET.
This is my workflow file:

name: Sync Asana Task Status and Comments

on:
  pull_request:
    types: [opened]
  pull_request_review:
    types: [submitted]

jobs:
  handle-asana-task:
    runs-on: ubuntu-latest
    name: Sync Asana Task Status and Comments

    steps:
      - name: Extract Asana Task ID from PR
        id: extract
        run: |
          PR_TEXT="${{ github.event.pull_request.title }}${{ github.event.pull_request.body }}"
          TASK_ID=$(echo "$PR_TEXT" | grep -oE 'task/[0-9]{16,}' | head -1 | cut -d/ -f2)
          echo "ASANA_TASK_ID=$TASK_ID" >> $GITHUB_ENV


      - name: Add PR Opened Comment to Asana
        if: github.event_name == 'pull_request' && github.event.action == 'opened' && env.ASANA_TASK_ID != ''
        run: |
          COMMENT_TEXT="Pull Request [${{ github.event.pull_request.title }}](${{ github.event.pull_request.html_url }}) was opened"
          curl -X POST "https://app.asana.com/api/1.0/tasks/$ASANA_TASK_ID/stories" \
            -H "Authorization: Bearer ${{ secrets.ASANA_SECRET }}" \
            -H "Content-Type: application/json" \
            -d "{\"text\": \"$COMMENT_TEXT\"}"

      - name: Set Asana status to Review Needed
        if: github.event_name == 'pull_request' && github.event.action == 'opened' && env.ASANA_TASK_ID != ''
        run: |
          curl -X PUT "https://app.asana.com/api/1.0/tasks/$ASANA_TASK_ID" \
            -H "Authorization: Bearer ${{ secrets.ASANA_SECRET }}" \
            -H "Content-Type: application/json" \
            -d '{
              "custom_fields": {
                "1204341243817358": "1204341243817361"
              }
            }'

      - name: Set Asana status to In Review on PR review comment
        if: >
          github.event_name == 'pull_request_review' &&
          github.event.action == 'submitted' &&
          github.event.review.state  != 'approved' &&
          env.ASANA_TASK_ID != ''
        run: |
          curl -X PUT "https://app.asana.com/api/1.0/tasks/$ASANA_TASK_ID" \
            -H "Authorization: Bearer ${{ secrets.ASANA_SECRET }}" \
            -H "Content-Type: application/json" \
            -d '{
              "custom_fields": {
                "1204341243817358": "1207831943928012"
              }
            }'

So as I understand I do not have any external apps. I athorized in github in asana, created workflow file and ASANA_SECRET. And such integration worked just fine, but suddenly I started getting Not Authorized error. I am pretty sure that my rights in asana weren’t changed and ASANA_SECRET is existing.

This is the post that I think is related to my problem: Sudden 'No Authorization' error on API calls

Thank you!

@John_Baldo could you maybe take a look at this?

Hey @Daria17 Welcome to our community forum.

Given that your GitHub Action workflow includes custom fields for code review processes, it seems like this is likely a shared workflow used by multiple team members in your organization.

Taking a look at your GitHub Action Workflow it looks like it:

  1. Extracts an Asana Task ID from the pull request text
  2. Makes an API call to add a comment to an Asana task
  3. Updates the custom field of an Asana task
  4. Updates the custom field of an Asana task

Based off what I know, I can see a scenario where you would get a “Not Authorized”:

The Personal Access Token (PAT) stored in the ASANA_SECRET GitHub Action environment variable does not have permissions to modify the task.

  • Asana Personal Access Tokens have the same set of permission that the users that generated the token has. So if the user does not have access to a task that would mean the token would also not have access to that task
  • It looks like the TASK ID is extract from the PR text → if someone submits a PR with a task ID that the ASANA_SECRET does not have access to that would explain the error. Similarly with the custom field.
  • I don’t have access to your workflow run but perhaps you might want to look at which step failed and debug from there.

Perhaps a Service Account Token might be better suited for your use case.

NOTE: Service Account Tokens have a lot of permissions so be careful with using this.

5 Likes

Great input from @John_Vu ! I also noticed that the task ID is being extracted from the PR text using grep based on a specific pattern. This approach could potentially return an unintended value if multiple matches are present in the text. If this flow has worked with previous PRs, I’d suggest comparing their content to ensure the extracted task ID is indeed accessible with the PAT being used.

2 Likes