Configuring OAuth 2.0 for GitHub

To enable users to work with a remote Git repository that is hosted on GitHub:

  1. Set up the GitHub OAuth App (OAuth 2.0).

  2. Apply the GitHub OAuth App Secret.

Setting up the GitHub OAuth App

Set up a GitHub OAuth App using OAuth 2.0.

Prerequisites
  • You are logged in to GitHub.

  • base64 is installed in the operating system you are using.

Procedure
  1. Go to https://github.com/settings/applications/new.

  2. Enter the following values:

    1. Application name: Che.

    2. Homepage URL: https://<che_fqdn>/

    3. Authorization callback URL: https://<che_fqdn>/api/oauth/callback

  3. Click Register application.

  4. Click Generate new client secret.

  5. Copy the GitHub OAuth Client ID and encode it to Base64 for use when applying the GitHub OAuth App Secret:

    $ echo -n '<github_oauth_client_id>' | base64
  6. Copy the GitHub OAuth Client Secret and encode it to Base64 for use when applying the GitHub OAuth App Secret:

    $ echo -n '<github_oauth_client_secret>' | base64
Additional resources

Applying the GitHub OAuth App Secret

Prepare and apply the GitHub OAuth App Secret.

Prerequisites
  • Setting up the GitHub OAuth App is completed.

  • The Base64-encoded values, which were generated when setting up the GitHub OAuth App, are prepared:

    • GitHub OAuth Client ID

    • GitHub OAuth Client Secret

  • An active kubectl session with administrative permissions to the destination Kubernetes cluster. See Overview of kubectl.

Procedure
  1. Prepare the Secret:

    kind: Secret
    apiVersion: v1
    metadata:
      name: github-oauth-config
      namespace: eclipse-che (1)
      labels:
        app.kubernetes.io/part-of: che.eclipse.org
        app.kubernetes.io/component: oauth-scm-configuration
      annotations:
        che.eclipse.org/oauth-scm-server: github
    type: Opaque
    data:
      id: <Base64_GitHub_OAuth_Client_ID> (2)
      secret: <Base64_GitHub_OAuth_Client_Secret> (3)
    1 The Che namespace. The default is eclipse-che.
    2 The Base64-encoded GitHub OAuth Client ID.
    3 The Base64-encoded GitHub OAuth Client Secret.
  2. Apply the Secret:

    $ kubectl apply -f - <<EOF
    <Secret_prepared_in_the_previous_step>
    EOF
  3. Verify in the output that the Secret is created.