GitHub OAuth authentication for RHDH

Author: subhashkhileri

config/app-config-rhdh.yaml

@@ -11,17 +11,16 @@ auth:
   session:
     secret: superSecretSecret 
   providers:
-    oidc:
+    github:
       production:
-        metadataUrl: "${KEYCLOAK_METADATA_URL}"
-        clientId: "${KEYCLOAK_CLIENT_ID}"
-        clientSecret: "${KEYCLOAK_CLIENT_SECRET}"
-        prompt: auto
-        callbackUrl: "${RHDH_BASE_URL}/api/auth/oidc/handler/frame"
+        clientSecret: ${GITHUB_OAUTH_APP_SECRET}
+        clientId: ${GITHUB_OAUTH_APP_ID}
+        callbackUrl: ${RHDH_BASE_URL}/api/auth/github/handler/frame
         signIn:
           resolvers:
-            - resolver: emailLocalPartMatchingUserEntityName
-signInPage: oidc
+            - resolver: usernameMatchingUserEntityName
+              dangerouslyAllowSignInWithoutUserInCatalog: true
+signInPage: github
 catalog:
   import:
     entityFilename: catalog-info.yaml
@@ -34,15 +33,3 @@ catalog:
       target: https://github.com/redhat-developer/rhdh/blob/main/catalog-entities/all.yaml
     - type: url
       target: https://github.com/redhat-developer/red-hat-developer-hub-software-templates/blob/main/templates.yaml
-  providers:
-    keycloakOrg:
-      default:
-        baseUrl: "${KEYCLOAK_BASE_URL}"
-        loginRealm: "${KEYCLOAK_LOGIN_REALM}"
-        realm: "${KEYCLOAK_REALM}"
-        clientId: "${KEYCLOAK_CLIENT_ID}"
-        clientSecret: "${KEYCLOAK_CLIENT_SECRET}"
-        schedule:
-          frequency: { minutes: 3 }
-          initialDelay: { seconds: 15 }
-          timeout: { minutes: 5 }

config/dynamic-plugins.yaml

@@ -1,6 +1,6 @@
 includes:
   - dynamic-plugins.default.yaml
 plugins:
-  - package: ./dynamic-plugins/dist/backstage-community-plugin-catalog-backend-module-keycloak-dynamic
-    disabled: false
+  # - package: ./dynamic-plugins/dist/backstage-community-plugin-catalog-backend-module-keycloak-dynamic
+  #   disabled: false
 

config/rhdh-secrets.yaml

@@ -5,9 +5,5 @@ metadata:
 type: Opaque
 stringData:
   RHDH_BASE_URL: $RHDH_BASE_URL
-  KEYCLOAK_BASE_URL: $KEYCLOAK_BASE_URL
-  KEYCLOAK_METADATA_URL: $KEYCLOAK_METADATA_URL
-  KEYCLOAK_LOGIN_REALM: $KEYCLOAK_LOGIN_REALM
-  KEYCLOAK_REALM: $KEYCLOAK_REALM
-  KEYCLOAK_CLIENT_ID: $KEYCLOAK_CLIENT_ID
-  KEYCLOAK_CLIENT_SECRET: $KEYCLOAK_CLIENT_SECRET
+  GITHUB_OAUTH_APP_SECRET: $GITHUB_OAUTH_APP_SECRET
+  GITHUB_OAUTH_APP_ID: $GITHUB_OAUTH_APP_ID

deploy.sh

@@ -31,7 +31,7 @@ fi
 
 # Deploy Keycloak with users and roles.
 # comment this out if you don't want to deploy Keycloak or use your own Keycloak instance.
-source utils/keycloak/keycloak-deploy.sh $namespace
+# source utils/keycloak/keycloak-deploy.sh $namespace
 
 [[ "${OPENSHIFT_CI}" != "true" ]] && source .env
 # source utils/utils.sh