OAuth for OpenShift allows to obtain OpenShift token.

Procedure
  1. Register Che OAuth client in OpenShift (see Register an OAuth client in OpenShift).

    $ oc create -f <(echo '
    kind: OAuthClient
    apiVersion: oauth.openshift.io/v1
    metadata:
     name: che
    secret: "<random set of symbols>"
    redirectURIs:
     - "<Che api url>/oauth/callback"
    grantMethod: prompt
    ')
  2. Add the OpenShift SSL certificate to the Che Java trust store.

  3. Update the OpenShift deployment configuration (see Che configMaps and their behavior, Che installed using a Helm Chart).

    CHE_OAUTH_OPENSHIFT_CLIENTID: <client-id>
    CHE_OAUTH_OPENSHIFT_CLIENTSECRET: <openshift-secret>
    CHE_OAUTH_OPENSHIFT_OAUTH__ENDPOINT: <oauth-endpoint>
    CHE_OAUTH_OPENSHIFT_VERIFY__TOKEN__URL: <verify-token-url>
    • <client-id> a name specified in the OpenShift OAuthClient.

    • <openshift-secret> a secret specified in the OpenShift OAuthClient.

    • <oauth-endpoint> the URL of the OpenShift OAuth service:

      • For OpenShift 3 specify the OpenShift master URL.

      • For OpenShift 4 specify the oauth-openshift route.

    • <verify-token-url> request URL that is used to verify the token. <OpenShift master url>/api can be used for OpenShift 3 and 4.

Tags: