Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🐛 Bug Report: Backstage Github auth is not working. #24685

Open
2 tasks done
sanathlokanath1991 opened this issue May 8, 2024 · 5 comments
Open
2 tasks done

🐛 Bug Report: Backstage Github auth is not working. #24685

sanathlokanath1991 opened this issue May 8, 2024 · 5 comments
Labels
bug Something isn't working

Comments

@sanathlokanath1991
Copy link

sanathlokanath1991 commented May 8, 2024
edited by vinzscam

📜 Description

We have installed backstage 1.24.0 with minimal plugin installation, We are trying to configure github authentication using githubapp as well github Oauth. But we are getting Login failed, user profile does not contain an email.

As part of troubleshooting we have followed this PR issue raised #23748 and updated the below files

Update app-config.yaml
Update packages/app/src/App.tsx
Update packages/backend/src/index.ts
Update examples/org.yaml to change "guest" to my GH username

App.tsx

const githubAuthCfg: SignInProviderConfig = {
  id: 'github-auth-provider',
  title: 'GitHub',
  message: 'Sign in using GitHub',
  apiRef: githubAuthApiRef,
  enableExperimentalRedirectFlow: true,
};


const app = createApp({
  apis,
  components: {
    SignInPage: props => <SignInPage {...props} auto providers={['guest', githubAuthCfg]}  />
  },

app-config.yml

auth:
  experimentalExtraAllowedOrigins: [ 'http://3.215.208.215:3000' ]
  environment: development
  providers:
    github:
      development:
        clientId: <My-Client-ID>
        clientSecret: <My-Client-Secret>
        signIn:
          resolvers:
            - resolver: emailMatchingUserEntityProfileEmail
            - resolver: emailLocalPartMatchingUserEntityName
            - resolver: usernameMatchingUserEntityName
  # Enable guest login (for development only)
  enableLegacyGuestToken: true

org.yml

---
# https://backstage.io/docs/features/software-catalog/descriptor-format#kind-user
apiVersion: backstage.io/v1alpha1
kind: User
metadata:
  name: selvan-ra 
spec:
  memberOf: [guests]
---
# https://backstage.io/docs/features/software-catalog/descriptor-format#kind-group
apiVersion: backstage.io/v1alpha1
kind: Group
metadata:
  name: guests
spec:
  type: team
  children: []

👍 Expected behavior

Login failed, user profile does not contain an email

👎 Actual Behavior with Screenshots

Github Error

👟 Reproduction steps

settings->Authentication Providers -> choose GitHub->sign in

📃 Provide the context for the Bug.

No response

🖥️ Your Environment

No response

👀 Have you spent some time to check if this bug has been raised before?

  • I checked and didn't find similar issue

🏢 Have you read the Code of Conduct?

Are you willing to submit PR?

None
@sanathlokanath1991 sanathlokanath1991 added the bug Something isn't working label May 8, 2024
@twanbeeren
Copy link

Do you need to set a profile.email?

Like so

apiVersion: backstage.io/v1alpha1
kind: User
metadata:
  name: tbeeren
spec:
  profile:
    displayName: TwanBeeren
    email: tbeeren@mail.com
  memberOf: [guests]

Maybe this helps

@sanathlokanath1991
Copy link
Author

Even after modifying this still the same issue. Can you helps me with further investigation. Due to this we are unable to proceed further implimentation

@vinzscam
Copy link
Member

please remove the first 2 resolvers and keep only usernameMatchingUserEntityName:

        signIn:
          resolvers:
            - resolver: usernameMatchingUserEntityName

you need to pick the resolver that makes sense for your use case as described in https://backstage.io/docs/auth/github/provider/#configuration. Since the resolvers are used in order, emailMatchingUserEntityProfileEmail was the first one used, which requires the email of your users to be ingested in the users entities.

I've opened #24726. I hope it clarifies things.

@joariasl
Copy link

joariasl commented May 10, 2024
edited

The problem appears when a GitHub don't have configured the public email in his profile and his emails are marked as "Keep my email addresses private".
I've seen that setting up a GitHub App.

To solve that the user need:

  1. Go to configure Public profile and select a "Public email". Save changes

  2. If the email is not selected and you se the alert "You have set your email address to private. To toggle email privacy, go to email settings and uncheck "Keep my email address private.""
    Go to email settings and uncheck option "Keep my email addresses private".

    image

Probably exists a different method con configure Backstage to match the private emails.

@joariasl
Copy link

This error also occurs when you don't have the User kind populated in the catalog. Don't forget add the githubOrg (Groups, Users) provider additional to the github provider (Repositories).

To avoid the undefined email problem with users with private addresses, invert the resolver evaluation to match the username first and the email after in the auth.providers.github.<env>

resolvers:
  - resolver: usernameMatchingUserEntityName
  - resolver: emailMatchingUserEntityProfileEmail
  - resolver: emailLocalPartMatchingUserEntityName

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@vinzscam @joariasl @twanbeeren @sanathlokanath1991