Ce contenu n'est pas disponible dans la langue sélectionnée.
Chapter 9. GitHub authentication provider
Red Hat Developer Hub uses a built-in GitHub authentication provider to authenticate users in GitHub or GitHub Enterprise.
9.1. GitHub App overview
GitHub Apps are generally preferred to OAuth apps because they use fine-grained permissions, give more control over which repositories the application can access, and use short-lived tokens. For more information, see GitHub Apps overview in the GitHub documentation.
9.2. Registering a GitHub App
In a GitHub App, you configure the allowed scopes as part of that application, therefore, you must verify the scope that your plugins require. The scope information is available in the plugin README files.
To add GitHub authentication, complete the steps in Registering a GitHub App on the GitHub website.
Use the following examples to enter the information about your production environment into the required fields on the Register new GitHub App page:
- Application name: Red Hat Developer Hub
-
Homepage URL:
https://developer-hub-<NAMESPACE_NAME>.<KUBERNETES_ROUTE_HOST> -
Authorization callback URL:
https://developer-hub-<NAMESPACE_NAME>.<KUBERNETES_ROUTE_HOST>/api/auth/github/handler/frame
The Homepage URL points to the Developer Hub front end, while the authorization callback URL points to the authentication provider backend.
9.3. Configuring a GitHub App in Developer Hub
To add GitHub authentication for Developer Hub, you must configure the GitHub App in your app-config.yaml file.
The GitHub authentication provider uses the following configuration keys:
-
clientId: the client ID that you generated on GitHub. For example: b59241722e3c3b4816e2 -
clientSecret: the client secret tied to the generated client ID. -
enterpriseInstanceUrl(optional): the base URL for a GitHub Enterprise instance. For example:https://ghe.<company>.com. TheenterpriseInstanceUrlis only needed for GitHub Enterprise. -
callbackUrl(optional): the callback URL that GitHub uses when initiating an OAuth flow. For example: https://your-intermediate-service.com/handler. ThecallbackUrlis only needed if Developer Hub is not the immediate receiver, such as in cases when you use one OAuth app for many Developer Hub instances.
To configure the GitHub App, add the provider configuration to your app-config.yaml file under the root auth configuration. For example:
auth:
environment: production
providers:
github:
production:
clientId: ${GITHUB_APP_CLIENT_ID}
clientSecret: ${GITHUB_APP_CLIENT_SECRET}
## uncomment if using GitHub Enterprise
# enterpriseInstanceUrl: ${GITHUB_URL}9.4. Adding the GitHub provider to the Developer Hub front end
To add the provider to the front end, add the sign in configuration to your app-config.yaml file. For example:
signInPage: github
Additional resources
- For information about authenticating Backstage access with GitHub, see GitHub Authentication Provider in the community documentation.
- For information about adding the provider to the Backstage front end, see Enabling authentication in Showcase in the community documentation.
