In order to allow GUI authentication to Tanzu Application Platform via GitHub, we will implement GitHub Authentication Provider for Backstage.
To add GitHub authentication, you must create either a GitHub App, or an OAuth App from the GitHub developer settings.
The Homepage URL should point to Backstage's frontend, while the Authorization callback URL will point to the auth backend.
Settings for local development:
- Application name: TAP-Backstage (or your custom app name)
- Homepage URL: http://DOMAIN-NAME
- Authorization callback URL: http://DOMAIN-NAME/api/auth/github/handler/frame
for example:
tap-gui:
app_config:
auth:
# (optional) custom login page
loginPage:
github:
title: Github Login
message: Enter with your GitHub account
environment: development
providers:
github:
development:
clientId: ${AUTH_GITHUB_CLIENT_ID}
clientSecret: ${AUTH_GITHUB_CLIENT_SECRET}
callbackUrl: http://${DOMAIN_NAME}/api/auth/github/handler/frameWhere:
clientId: The client ID that you generated on GitHub, e.g. b59241722e3c3b4816e2clientSecret: The client secret tied to the generated client ID.enterpriseInstanceUrl(optional): The base URL for a GitHub Enterprise instance, e.g. https://ghe..com. Only needed for GitHub Enterprise.callbackUrl(optional): The callback URL that GitHub will use when initiating an OAuth flow.
To add a GitHub provider integration, edit tap-values.yaml as in this example:
app_config:
app:
baseUrl: https://DOMAIN_NAME
# Existing tap-values.yaml above
integrations:
github: # Other integrations available see NOTE below
- host: github.com
token: GITHUB-TOKENConfiguration keys:
GITHUB-TOKEN- a valid token generated from yourGitinfrastructure of choice. EnsureGITHUB-TOKENhas the necessary read permissions for the catalog definition files you extracted from the blank software catalog introduced in the Tanzu Application Platform GUI prerequisites.