Configure GitHub OAuth for your team

Configure a GitHub OAuth application so that developers can clone repositories and push code from Che workspaces without manually entering credentials. This procedure covers GitHub.com and GitHub Enterprise Cloud. For other providers, see the Additional resources.

Prerequisites
  • An active kubectl session with administrative permissions to the destination Kubernetes cluster. See Overview of kubectl.

  • You are logged in to GitHub with an account that has permission to create OAuth applications for your organization.

Procedure
  1. Go to the GitHub OAuth application registration page.

  2. Enter the following values:

    1. Application name: Che

    2. Homepage URL: https://<che_fqdn>/

    3. Authorization callback URL: https://<che_fqdn>/api/oauth/callback

  3. Click Register application.

  4. Click Generate new client secret.

  5. Copy the Client ID and the Client Secret. You need both values in the next step.

  6. Prepare and apply the Kubernetes Secret:

    kind: Secret
    apiVersion: v1
    metadata:
      name: github-oauth-config
      namespace: eclipse-che
      labels:
        app.kubernetes.io/part-of: che.eclipse.org
        app.kubernetes.io/component: oauth-scm-configuration
      annotations:
        che.eclipse.org/oauth-scm-server: github
    type: Opaque
    stringData:
      id: <GitHub_OAuth_Client_ID>
      secret: <GitHub_OAuth_Client_Secret>
  7. Apply the Secret:

    $ kubectl apply -f - <<EOF
    <Secret_prepared_in_the_previous_step>
    EOF
Verification
  • The output displays secret/github-oauth-config created.

  • A developer creates a new workspace from a private GitHub repository and is not prompted for credentials.