Latest release 1.24.0 breaks GitHub auth #23748
Comments
|
Hey is this the Authorization callback URL?
If so try this:
|
|
@ryan-WORK I take it that this is the GitHub App callback URL that needs changing? |
|
@pogo61 yup thats the one: 
|
|
@ryan-WORK sorry, that did nothing... same response |
|
What does tour config look like? If you happen to have something like this it might disable the provider now: |
|
Hi, I just tried this on latest master and cannot reproduce, at least so far. Indeed I also used the callback URL Since the error says that it cannot find the provider at all, I am wondering if instead of the auth changes, maybe it could be related to #23339 . Do you have anywhere in your config a naked When running locally, you can check the logs at startup to see what providers get loaded. Also you can use the EDIT: Heh, @Rugvip got in there before me as I typed this |
|
This IS NOT an OAuth App, it’s the normal GitHub App in conjunction with a PAT. |
|
I'm having the same issue using oAuth app - This is my config print and using local config file - Error - |
|
Still trying to reproduce.
That does work fine |
What is missing in my code? @freben |
|
@freben |
|
Hold on! |
|
@ryan-WORK that has always been optional and it doesn’t include this |
|
I'll keep reproducing and hopefully issue a fix tomorrow |
|
@freben Brilliant... thanks |
|
have you switched to the new backend system by changing your If yes, you might have missed adding // auth plugin
backend.add(import('@backstage/plugin-auth-backend'));
// See https://backstage.io/docs/backend-system/building-backends/migrating#the-auth-plugin
backend.add(import('@backstage/plugin-auth-backend-module-guest-provider'));
// See https://github.com/backstage/backstage/blob/master/docs/auth/guest/provider.md
+ backend.add(import('@backstage/plugin-auth-backend-module-github-provider'));
// catalog plugin
backend.add(import('@backstage/plugin-catalog-backend/alpha'));
backend.add(
import('@backstage/plugin-catalog-backend-module-scaffolder-entity-model'),
);More info in https://backstage.io/docs/backend-system/building-backends/migrating/#the-auth-plugin |
|
just to inform that same issue I verified using Microsoft auth provider. const app = createApp({
...
components: {
SignInPage: props => (
<SignInPage
{...props}
auto
provider={{
id: 'microsoft-auth-provider',
title: 'Microsoft',
message: 'Sign in using microsoft',
apiRef: microsoftAuthApiRef,
}}
/>
),
},This is my part in backend: // auth plugin
backend.add(import('@backstage/plugin-auth-backend'));
// backend.add(import('@backstage/plugin-auth-backend-module-guest-provider'));
backend.add(import('@backstage/plugin-auth-backend-module-microsoft-provider'));This is my app-config.yaml: auth:
environment: development
providers:
microsoft:
development:
clientId: ${AUTH_MICROSOFT_CLIENT_ID}
clientSecret: ${AUTH_MICROSOFT_CLIENT_SECRET}
tenantId: ${AUTH_MICROSOFT_TENANT_ID}and finally I tested request of refresh / access tokens by backend returns in browser's network tab correctly status code 200! |
|
@giocolas Thanks - just double checking, are you saying that you do NOT have the problem anymore? Is all good on your end? |
|
No, maybe I expressed myself badly: I detect the same problem with the Microsoft auth provider! |
|
It's weird, I cannot for the life of me reproduce this yet. If someone can upload a repo that exhibits the problem, that would be great |
|
Can you share startup logs from your backend? The auth backend will spit out some errors when it has a provider installed that isn't correctly set up. |
|
Same issue for me, I am new to this project. I followed the getting started guide https://backstage.io/docs/getting-started/ and then straight into adding authentication and got the same error. https://backstage.io/docs/getting-started/config/authentication |
|
Hey Peeps 👋 I've just upgraded my repo from Not sure if it helps at all but here is the PR I have to upgrade versions. I know @pogo61 has mentioned they are not using the oAuth App so sadly this won't help in that case, but others above have also mentioned they have issues with oAuth. Hopefully this helps! Thanks! |
|
@pogo61 Just to be sure even though I don't think it's related, I've installed a proper GitHub app now too (originally generated with |
|
@eilonash92 @SeanoNET what does your |
|
@giocolas Can you describe the steps you are taking and what you are seeing? Step by step and the expected vs actual outcome. Just to see exactly where in your process things fail. Also, do check the backend log output for anomalies. |
|
@freben - I have added EDIT after doing some research it appears i need to configure a github resolver in |
|
Yeah i think the docs need to be updated now that the default is the new backend system. See this section instead: https://backstage.io/docs/backend-system/building-backends/migrating#the-auth-plugin It shows how you add the |
|
I responded in there. You just hadn't added the github module for the scaffolder. |
And
was the answer for my problem 🙏 Thanks! The following pages need updating (and probably other providers too) |
|
I followed all the steps mentioned in this thread:
But, still getting "The GitHub provider is not configured to support sign-in" error. |
|
@sivaprasadreddy you probably forgot to add the |
|
After adding the resolvers, it worked. @freben Thanks. |
|
Having the same issue. Did all the steps as @sivaprasadreddy, now something different appeared:
UPD. Fixed by making my email visible in GitHub and selecting it in settings. |
|
Alright, I think we'll consider this a general "migration questions" thread at this point, rather than an actual underlying issue to be fixed. That's perfectly fine, but just noting that if I understand things correctly, there are no actionable outcomes besides docs improvements which we agree really are needed. I'll close for now, but of course it stays around and is searchable and hopefully helps others who encounter the same type of situations. |
|
I got this to work by adding the resolvers above and updating |
|
@bluu926 You are meant to add a catalog integration with some provider of actual user/group data, like ldap or whatnot. See the different "Org" sections under https://backstage.io/docs/integrations/ |
you probably need to use the appropriate resolved in your |
|
I followed every step, yet I'm still encountering an error when trying to log in with Microsoft.
|
Hi @Estehsan, auth:
environment: development
providers:
microsoft:
development:
clientId: ${AZURE_CLIENT_ID}
clientSecret: ${AZURE_CLIENT_SECRET}
tenantId: ${AZURE_TENANT_ID}
signIn:
resolvers:
# one of the following resolvers
- resolver: emailMatchingUserEntityAnnotation
- resolver: emailMatchingUserEntityProfileEmail
- resolver: emailLocalPartMatchingUserEntityNamethe error you are getting is due to the fact that either you don't have any resolver in place or none of your resolvers can match the provided user, meaning that the ingestion in the catalog isn't working as it should cc @Sarabadu 😅 |
@Estehsan - I got into the same issue too. It turns out I need to have the user ingested into the system (via Azure integrations) that should match the user trying to login. |
|
The patch I applied is below. Note that you'll need to import the entities as I mentioned on this message: #23748 (comment) diff --git a/app-config.yaml b/app-config.yaml
index 248cff1..416b120 100644
--- a/app-config.yaml
+++ b/app-config.yaml
@@ -66,6 +66,13 @@ auth:
# see https://backstage.io/docs/auth/ to learn about auth providers
providers:
# See https://backstage.io/docs/auth/guest/provider
+ github:
+ development:
+ clientId: XXX
+ clientSecret: YYY
+ signIn:
+ resolvers:
+ - resolver: usernameMatchingUserEntityName
guest: {}
scaffolder:
diff --git a/examples/org.yaml b/examples/org.yaml
index a10e81f..2dbbda9 100644
--- a/examples/org.yaml
+++ b/examples/org.yaml
@@ -15,3 +15,12 @@ metadata:
spec:
type: team
children: []
+---
+# https://backstage.io/docs/features/software-catalog/descriptor-format#kind-user
+apiVersion: backstage.io/v1alpha1
+kind: User
+metadata:
+ name: paco-sparta
+spec:
+ memberOf: [guests]
+---
diff --git a/packages/app/src/App.tsx b/packages/app/src/App.tsx
index f751cf6..51aa0e5 100644
--- a/packages/app/src/App.tsx
+++ b/packages/app/src/App.tsx
@@ -26,6 +26,8 @@ import { apis } from './apis';
import { entityPage } from './components/catalog/EntityPage';
import { searchPage } from './components/search/SearchPage';
import { Root } from './components/Root';
+import { githubAuthApiRef } from '@backstage/core-plugin-api';
+import { AutoLogout } from '@backstage/core-components';
import {
AlertDisplay,
@@ -58,7 +60,21 @@ const app = createApp({
});
},
components: {
- SignInPage: props => <SignInPage {...props} auto providers={['guest']} />,
+ SignInPage: props => (
+ <SignInPage
+ {...props}
+ auto
+ providers={[
+ 'guest',
+ {
+ id: 'github-auth-provider',
+ title: 'GitHub',
+ message: 'Sign in using GitHub',
+ apiRef: githubAuthApiRef,
+ },
+ ]}
+ />
+ ),
},
});
@@ -107,6 +123,7 @@ export default app.createRoot(
<>
<AlertDisplay />
<OAuthRequestDialog />
+ <AutoLogout />
<AppRouter>
<Root>{routes}</Root>
</AppRouter>
diff --git a/packages/backend/src/index.ts b/packages/backend/src/index.ts
index 44fde69..6fdd0a9 100644
--- a/packages/backend/src/index.ts
+++ b/packages/backend/src/index.ts
@@ -17,6 +17,7 @@ backend.add(import('@backstage/plugin-techdocs-backend/alpha'));
// auth plugin
backend.add(import('@backstage/plugin-auth-backend'));
+backend.add(import('@backstage/plugin-auth-backend-module-github-provider'));
// See https://backstage.io/docs/backend-system/building-backends/migrating#the-auth-plugin
backend.add(import('@backstage/plugin-auth-backend-module-guest-provider'));
// See https://github.com/backstage/backstage/blob/master/docs/auth/guest/provider.md |
Thanks a lot! However even after applying these exact patches on a new backstage installation i am still getting |
|
This is what my |
|
Turns out i missed this patch: |
|
Yeah, you need another plugin to import your User + Group + Repo entities from github. backend.add(import('@backstage/plugin-catalog-backend-module-github/alpha'));
backend.add(import('@backstage/plugin-catalog-backend-module-github-org'));integrations:
github:
- host: github.com
// Personal Access Token
token: ghp_XXXX
....
catalog:
import:
entityFilename: catalog-info.yaml
pullRequestBranchName: backstage-integration
providers:
github:
your-org-gh-provider:
organization: <yourOrg>
schedule:
frequency: PT30M
timeout: PT30S
githubOrg:
id: <your-org>
orgs: [<yourOrg>]
githubUrl: https://github.com/
schedule:
frequency: PT30M
timeout: PT30S |
I disagree.
|
|
Obviously hardcoding the users will also work. Pulling from the org keeps it up-to-date and doesn't require redeploying whenever a dev joins or leaves the company. |
There are many ways to do that, what I indicated was a way of boot strapping Backstage so that you could use it. It would totally depend on what authentication integration you have defined as to what you do after that. BYW, a change to the base configuration will result in a re-initiation of Backstage without the need to redeploy. |
|
I am going to try and summarize it all in one post for others. This is for enabling Github Auth: Create an OAuth app in Github account under Developer Settings
Add auth section to auth:
# see https://backstage.io/docs/auth/ to learn about auth providers
environment: development
providers:
github:
development:
clientId: 6cfd...9bd
clientSecret: 7695...546c
signIn:
resolvers:
# Only one of these
- resolver: emailMatchingUserEntityProfileEmail
- resolver: emailLocalPartMatchingUserEntityName
- resolver: usernameMatchingUserEntityNameNOTE: the resolvers used is dependent on the auth provider being used! Update the Frontend. Add the following to Update the Backend: add github provider import in Make sure your Github user is defined in # https://backstage.io/docs/features/software-catalog/descriptor-format#kind-user
apiVersion: backstage.io/v1alpha1
kind: User
metadata:
name: <github-username>
spec:
memberOf: [guests]Hope that helps the next person that comes along. This was a bit tricky to track down for this Backstage newbie that simply wanted to do a local run to explore. |
Hi @shadygrove, sorry you had issues with this, the docs for sure have not been helpful. I've been slowly working to fix this in many areas. If you are open to it would like to get some feedback: was the issue that there was no docs at all our that they were spread out in a way that made them hard to find? If you'd rather chat on the Backstage Discord that works too I'm |
|
@awanlin thanks for reaching out. I will follow up on Discord to prevent this issue from getting sidetracked in unrelated discussion. |
|
Got it working |
|
and others
📜 Description
I've been trying for the last day to get GitHub auth working, after upgrading to the latest release, assuming it was my fault, even though my config hasn't changed.
Then I noticed that the latest release introduced braking changes to the auth providers.
I downloaded release 1.23.4 and build it and it is working as before.
It would be nice if you had made sure the auth provider plugins worked before releasing these changes.
👍 Expected behavior
Return a HTTP 200
👎 Actual Behavior with Screenshots
This is the error response gotten when trying to auth against gitHub using a GitHub App and the PAT:
👟 Reproduction steps
settings->Authentication Providers -> choose GitHub->sign in
📃 Provide the context for the Bug.
No response
🖥️ Your Environment
local installation of backstage with env:development
👀 Have you spent some time to check if this bug has been raised before?
🏢 Have you read the Code of Conduct?
Are you willing to submit PR?
None
The text was updated successfully, but these errors were encountered: