Connect GitHub with OAuth

To enable users to work with a remote Git repository that is hosted on GitHub:

  1. Set up a GitHub App or a OAuth App.

  2. Apply the GitHub App or OAuth App Secret.

Create a GitHub OAuth application for Che

Create an OAuth 2.0 application on GitHub so that Che can authenticate your developers and provide credential-free access to GitHub repositories.

Prerequisites
  • You are logged in to GitHub.

Procedure
  1. Go to the GitHub OAuth application registration page.

  2. Enter the following values:

    1. Application name: <application name>

    2. Homepage URL: https://<che_fqdn>/

    3. Authorization callback URL: https://<che_fqdn>/api/oauth/callback

  3. Click Register application.

  4. Click Generate new client secret.

  5. Copy and save the GitHub OAuth Client ID for use when applying the GitHub OAuth App Secret.

  6. Copy and save the GitHub OAuth Client Secret for use when applying the GitHub OAuth App Secret.

Additional resources

Create a GitHub App for Che

Create a GitHub App to provide finer-grained permissions for repository access from Che workspaces.

Prerequisites
  • You are logged in to GitHub.

Procedure
  1. Register a GitHub app, see: Registering a GitHub App.

  2. Enter the following values:

    1. GitHub App name: <application name>

    2. Homepage URL: https://<che_fqdn>/

    3. Callback URL: https://<che_fqdn>/api/oauth/callback

    4. Deselect the Active check-box in the Webhook section.

    5. Under Permissions & events, set the Contents repository permission to Read and Write.

  3. Click Create GitHub App.

  4. Click Generate a new client secret.

  5. Copy and save the GitHub App Client Secret for use when applying the GitHub App Secret.

  6. Copy and save the GitHub App Client ID for use when applying the GitHub App Secret.

  7. Install the GitHub App, see: Installing your own GitHub App

Connect Che to your GitHub OAuth application

Connect Che to your GitHub OAuth application so that developers can access GitHub repositories from workspaces without re-entering credentials.

Prerequisites
  • You have configured the GitHub OAuth App.

  • You have the following values, which were generated when configuring the GitHub OAuth App:

    • GitHub OAuth Client ID

    • GitHub OAuth Client Secret

  • An active kubectl session with administrative permissions to the destination Kubernetes cluster. See Overview of kubectl.

Procedure
  1. Prepare the Secret:

    kind: Secret
    apiVersion: v1
    metadata:
      name: github-oauth-config
      namespace: eclipse-che (1)
      labels:
        app.kubernetes.io/part-of: che.eclipse.org
        app.kubernetes.io/component: oauth-scm-configuration
      annotations:
        che.eclipse.org/oauth-scm-server: github
        che.eclipse.org/scm-server-endpoint: <github_server_url> (2)
        che.eclipse.org/scm-github-disable-subdomain-isolation: 'false' (3)
    type: Opaque
    stringData:
      id: <GitHub_OAuth_Client_ID> (4)
      secret: <GitHub_OAuth_Client_Secret> (5)
    1 The Che namespace. The default is eclipse-che.
    2 This depends on the GitHub product your organization is using: When hosting repositories on GitHub.com or GitHub Enterprise Cloud, omit this line or enter the default https://github.com. When hosting repositories on GitHub Enterprise Server, enter the GitHub Enterprise Server URL.
    3 If you are using GitHub Enterprise Server with a disabled subdomain isolation option, you must set the annotation to true, otherwise you can either omit the annotation or set it to false.
    4 The GitHub OAuth Client ID.
    5 The GitHub OAuth Client Secret.
  2. Apply the Secret:

    $ kubectl apply -f - <<EOF
    <Secret_prepared_in_the_previous_step>
    EOF
  3. Optional: To configure OAuth 2.0 for another GitHub provider, repeat the previous steps and create a second GitHub OAuth Secret with a different name.

Verification
  • Verify that the output displays secret/github-oauth-config created.

To configure OAuth 2.0 for another GitHub provider, you have to repeat the steps above and create a second GitHub OAuth Secret with a different name.