Configuring OAuth 2.0 for GitHub

To enable users to work with a remote Git repository that is hosted on GitHub:

  1. Set up the GitHub OAuth App (OAuth 2.0).

  2. Apply the GitHub OAuth App Secret.

Setting up the GitHub OAuth App

Set up a GitHub OAuth App using OAuth 2.0.

Prerequisites

  • You are logged in to GitHub.

Procedure

  1. Go to https://github.com/settings/applications/new.

  2. Enter the following values:

    1. Application name: <application name>

    2. Homepage URL: https://<che_fqdn>/

    3. Authorization callback URL: https://<che_fqdn>/api/oauth/callback

  3. Click Register application.

  4. Click Generate new client secret.

  5. Copy and save the GitHub OAuth Client ID for use when applying the GitHub OAuth App Secret.

  6. Copy and save the GitHub OAuth Client Secret for use when applying the GitHub OAuth App Secret.

Additional resources

Applying the GitHub OAuth App Secret

Prepare and apply the GitHub OAuth App Secret.

Prerequisites

  • Setting up the GitHub OAuth App is completed.

  • The following values, which were generated when setting up the GitHub OAuth App, are prepared:

    • GitHub OAuth Client ID

    • GitHub OAuth Client Secret

  • An active kubectl session with administrative permissions to the destination Kubernetes cluster. See Overview of kubectl.

Procedure

  1. Prepare the Secret:

    kind: Secret
apiVersion: v1
metadata:
  name: github-oauth-config
  namespace: eclipse-che (1)
  labels:
    app.kubernetes.io/part-of: che.eclipse.org
    app.kubernetes.io/component: oauth-scm-configuration
  annotations:
    che.eclipse.org/oauth-scm-server: github
    che.eclipse.org/scm-server-endpoint: <github_server_url> (2)
    che.eclipse.org/scm-github-disable-subdomain-isolation: true (3)
type: Opaque
stringData:
  id: <GitHub_OAuth_Client_ID> (4)
  secret: <GitHub_OAuth_Client_Secret> (5)
    1 The Che namespace. The default is eclipse-che.
    2 This depends on the GitHub product your organization is using: When hosting repositories on GitHub.com or GitHub Enterprise Cloud, omit this line or enter the default https://github.com. When hosting repositories on GitHub Enterprise Server, enter the GitHub Enterprise Server URL.
    3 This line is only added for GitHub Enterprise Server with disabled subdomain isolation option. If the subdomain isolation option is enabled on GitHub Enterprise Server, you must either omit this annotation or set it to false.
    4 The GitHub OAuth Client ID.
    5 The GitHub OAuth Client Secret.

  2. Apply the Secret:

    $ kubectl apply -f - <<EOF
<Secret_prepared_in_the_previous_step>
EOF

  3. Verify in the output that the Secret is created.

To configure OAuth 2.0 for another GitHub provider, you have to repeat the steps above and create a second GitHub OAuth Secret with a different name.