From 816cce28baea30d2bcd3f34387c4d720a2f9518d Mon Sep 17 00:00:00 2001 From: Subhash Khileri Date: Tue, 19 Aug 2025 12:01:14 +0530 Subject: [PATCH 1/2] GitHub OAuth authentication for RHDH --- config/app-config-rhdh.yaml | 27 +++++++-------------------- config/dynamic-plugins.yaml | 4 ++-- config/rhdh-secrets.yaml | 8 ++------ deploy.sh | 2 +- 4 files changed, 12 insertions(+), 29 deletions(-) diff --git a/config/app-config-rhdh.yaml b/config/app-config-rhdh.yaml index 0705fc9..6512cfb 100644 --- a/config/app-config-rhdh.yaml +++ b/config/app-config-rhdh.yaml @@ -11,17 +11,16 @@ auth: session: secret: superSecretSecret providers: - oidc: + github: production: - metadataUrl: "${KEYCLOAK_METADATA_URL}" - clientId: "${KEYCLOAK_CLIENT_ID}" - clientSecret: "${KEYCLOAK_CLIENT_SECRET}" - prompt: auto - callbackUrl: "${RHDH_BASE_URL}/api/auth/oidc/handler/frame" + clientSecret: ${GITHUB_OAUTH_APP_SECRET} + clientId: ${GITHUB_OAUTH_APP_ID} + callbackUrl: ${RHDH_BASE_URL}/api/auth/github/handler/frame signIn: resolvers: - - resolver: emailLocalPartMatchingUserEntityName -signInPage: oidc + - resolver: usernameMatchingUserEntityName + dangerouslyAllowSignInWithoutUserInCatalog: true +signInPage: github catalog: import: entityFilename: catalog-info.yaml @@ -34,15 +33,3 @@ catalog: target: https://github.com/redhat-developer/rhdh/blob/main/catalog-entities/all.yaml - type: url target: https://github.com/redhat-developer/red-hat-developer-hub-software-templates/blob/main/templates.yaml - providers: - keycloakOrg: - default: - baseUrl: "${KEYCLOAK_BASE_URL}" - loginRealm: "${KEYCLOAK_LOGIN_REALM}" - realm: "${KEYCLOAK_REALM}" - clientId: "${KEYCLOAK_CLIENT_ID}" - clientSecret: "${KEYCLOAK_CLIENT_SECRET}" - schedule: - frequency: { minutes: 3 } - initialDelay: { seconds: 15 } - timeout: { minutes: 5 } \ No newline at end of file diff --git a/config/dynamic-plugins.yaml b/config/dynamic-plugins.yaml index 1707b52..1d937a6 100644 --- a/config/dynamic-plugins.yaml +++ b/config/dynamic-plugins.yaml @@ -1,6 +1,6 @@ includes: - dynamic-plugins.default.yaml plugins: - - package: ./dynamic-plugins/dist/backstage-community-plugin-catalog-backend-module-keycloak-dynamic - disabled: false + # - package: ./dynamic-plugins/dist/backstage-community-plugin-catalog-backend-module-keycloak-dynamic + # disabled: false \ No newline at end of file diff --git a/config/rhdh-secrets.yaml b/config/rhdh-secrets.yaml index 26085c3..8498f15 100644 --- a/config/rhdh-secrets.yaml +++ b/config/rhdh-secrets.yaml @@ -5,9 +5,5 @@ metadata: type: Opaque stringData: RHDH_BASE_URL: $RHDH_BASE_URL - KEYCLOAK_BASE_URL: $KEYCLOAK_BASE_URL - KEYCLOAK_METADATA_URL: $KEYCLOAK_METADATA_URL - KEYCLOAK_LOGIN_REALM: $KEYCLOAK_LOGIN_REALM - KEYCLOAK_REALM: $KEYCLOAK_REALM - KEYCLOAK_CLIENT_ID: $KEYCLOAK_CLIENT_ID - KEYCLOAK_CLIENT_SECRET: $KEYCLOAK_CLIENT_SECRET \ No newline at end of file + GITHUB_OAUTH_APP_SECRET: $GITHUB_OAUTH_APP_SECRET + GITHUB_OAUTH_APP_ID: $GITHUB_OAUTH_APP_ID diff --git a/deploy.sh b/deploy.sh index 50fda27..c9bfb57 100755 --- a/deploy.sh +++ b/deploy.sh @@ -31,7 +31,7 @@ fi # Deploy Keycloak with users and roles. # comment this out if you don't want to deploy Keycloak or use your own Keycloak instance. -source utils/keycloak/keycloak-deploy.sh $namespace +# source utils/keycloak/keycloak-deploy.sh $namespace [[ "${OPENSHIFT_CI}" != "true" ]] && source .env # source utils/utils.sh From 311c11117555906bd6fe5ca7442025283b3e8586 Mon Sep 17 00:00:00 2001 From: Subhash Khileri Date: Tue, 19 Aug 2025 15:20:53 +0530 Subject: [PATCH 2/2] GitHub OAuth authentication for RHDH --- config/dynamic-plugins.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/dynamic-plugins.yaml b/config/dynamic-plugins.yaml index 1d937a6..acfbc4f 100644 --- a/config/dynamic-plugins.yaml +++ b/config/dynamic-plugins.yaml @@ -1,6 +1,6 @@ includes: - dynamic-plugins.default.yaml -plugins: +plugins: [] # - package: ./dynamic-plugins/dist/backstage-community-plugin-catalog-backend-module-keycloak-dynamic # disabled: false \ No newline at end of file