SupportConsoleDevelopersStart a trialContact

Chapter 2. Enabling the GitHub authentication provider

Red Hat Developer Hub uses a built-in GitHub authentication provider to authenticate users in GitHub or GitHub Enterprise.

2.1. GitHub App​ overview

GitHub Apps are generally preferred to OAuth apps because they use fine-grained permissions, give more control over which repositories the application can access, and use short-lived tokens. For more information, see GitHub Apps overview in the GitHub documentation.

2.2. Registering a GitHub​ App

In a GitHub App, you configure the allowed scopes as part of that application, therefore, you must verify the scope that your plugins require. The scope information is available in the plugin README files.

To add GitHub authentication, complete the steps in Registering a GitHub App on the GitHub website.

Use the following examples to enter the information about your production environment into the required fields on the Register new GitHub App page:

  • Application name: Red Hat Developer Hub
  • Homepage URL: https://developer-hub-<NAMESPACE_NAME>.<KUBERNETES_ROUTE_HOST>
  • Authorization callback URL: https://developer-hub-<NAMESPACE_NAME>.<KUBERNETES_ROUTE_HOST>/api/auth/github/handler/frame
Note

The Homepage URL points to the Developer Hub front end, while the authorization callback URL points to the authentication provider backend.

2.3. Configuring a GitHub App in Developer Hub

To add GitHub authentication for Developer Hub, you must configure the GitHub App in your app-config.yaml file.

The GitHub authentication provider uses the following configuration keys:

  • clientId: the client ID that you generated on GitHub. For example: b59241722e3c3b4816e2
  • clientSecret: the client secret tied to the generated client ID.
  • enterpriseInstanceUrl (optional): the base URL for a GitHub Enterprise instance. For example: https://ghe.<company>.com. The enterpriseInstanceUrl is only needed for GitHub Enterprise.
  • callbackUrl (optional): the callback URL that GitHub uses when initiating an OAuth flow. For example: https://your-intermediate-service.com/handler. The callbackUrl is only needed if Developer Hub is not the immediate receiver, such as in cases when you use one OAuth app for many Developer Hub instances.

To configure the GitHub App, add the provider configuration to your app-config.yaml file under the root auth configuration. For example: 

auth:
 environment: production
 providers:
   github:
     production:
       clientId: ${GITHUB_APP_CLIENT_ID}
       clientSecret: ${GITHUB_APP_CLIENT_SECRET}
       ## uncomment if using GitHub Enterprise
       # enterpriseInstanceUrl: ${GITHUB_URL}

2.4. Adding the GitHub provider to the Developer Hub front end​

To add the provider to the front end, add the sign in configuration to your app-config.yaml file. For example: 

signInPage: github

Additional resources

Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.