Overview
Tanzu Application Platform GUI extends the current Backstage’s authentication plug-in so that you can see a login page based on the authentication providers configured at installation. The Backstage core-plugin-api package comes with a GitHub authentication provider that can authenticate users using GitHub or GitHub Enterprise OAuth.
To add GitHub authentication, you must create either a GitHub App, or an OAuth App from the GitHub developer settings. The Homepage URL should point to Backstage’s frontend, while the Authorization callback URL will point to the auth backend.
Steps to generate Client ID and Client Secret:
- Login to GitHub with your credentials by accessing below url: https://github.com/settings/apps
- Click on New GitHub App
- Provide GitHub App name, for ex: capv-tapgui-auth
- Homepage URL: https://github.com/login/oauth/authorize
- Call back URL: http://tap-gui.<ingress domain>/api/auth/github
- Uncheck the Expire user authorization tokens under Callback URL
- Uncheck the Active box under Webhook
- Create GitHub App
- Scroll down to bottom of the page and Click on Create GitHubApp
- Once registration is successful, create a new client secret using below steps:
- Click on newly created GitHub App
- Generate a new client secret
- Copy the client ID and client secret into a notepad for later use:
Create an OAuth App on GitHub
The provider configuration has to be added to your tap-values file under the root auth configuration as shown below:
Note: For multi cluster deployment, just update the packages of view cluster.
- Update the tap packages using updated values for changes to take affect
- Access TAP GUI using private window or a different browser to check the authentication providers
- Click on SIGN IN to provide GitHub credentials
- Authorize the credentials to access the TAP GUI
- Once logged into TAP GUI successfully, navigate to settings > Authentication Providers to verify the available providers.
