Add Github identity provider automatically into the Keycloak server in time of launching of Eclipse Che Multi User

[dmytro-ndp]

Description

It may be useful to add Github identity provider automatically into the Keycloak server in time of launching of Eclipse Che Multi User to compensate removal of support of CHE_OAUTH_GITHUB_CLIENTID and CHE_OAUTH_GITHUB_CLIENTSECRET variables as part of issue #5943.
Command to add github provider through the Keycloak's Admin CLI:

kcadm.sh create identity-provider/instances -r che -s alias=github -s providerId=github -s enabled=true -s storeToken=true -s addReadTokenRoleOnCreate=true -s 'config.useJwksUrl="true"' -s config.clientId=<GITHUB_CLIENTID> -s config.clientSecret=<GITHUB_CLIENTSECRET> -s 'config.defaultScope="repo,user,write:public_key"' --no-config --server http://localhost:8080/auth --user <admin's name> --password <admin's password> --realm master

Created provider can be observed in the Keycloak Administration Console:

Authorization callback URL

1. For multiuser Eclipse Che:

http://<CHE_SERVER_IP>:5050/auth/realms/che/broker/github/endpoint

2. For single user Eclipse Che:

http://<CHE_SERVER_IP>:8080/api/oauth/callback

OS and version:
Eclipse Che 6.x

[riuvshin]

added 4 types of client id/secret pairs for each qa-slave:

• che single user docker
• che multi user docker
• che single user ocp
• che multi user ocp

[riuvshin]

Done. after some discussion we come to conclusion that we should not put that

kcadm.sh create identity-provider/instances -r che -s alias=github -s providerId=github -s enabled=true -s storeToken=true -s addReadTokenRoleOnCreate=true -s 'config.useJwksUrl="true"' -s config.clientId=<GITHUB_CLIENTID> -s config.clientSecret=<GITHUB_CLIENTSECRET> -s 'config.defaultScope="repo,user,write:public_key"' --no-config --server http://localhost:8080/auth --user <admin's name> --password <admin's password> --realm master

to any deploy script but add this to CHE docs

[patlachance]

@riuvshin to any deploy script but add this to CHE docs
Was it included somewere? I didn't find it in https://www.eclipse.org/che/docs/6/che/docs/user-management.html#social-login-and-brokering

[riuvshin]

@patlachance in docs we describe how to configure it manually with KC Admin panel.
if you are looking for KC CLI docs Eclipse CHE docs site is the wrong place to look at you better check KC docs http://www.keycloak.org/docs/3.3/server_admin/topics/admin-cli.html

[patlachance]

@riuvshin I agree that KC CLI doc is should be in KC but I thought that this particular line of code with useful and Che specific parameters could be included in Che’s doc.

[riuvshin]

I think we can add this, @eivantsov WDYT?

[ghost]

@riuvshin but we need GitHub app with the right redirect URL. Yes, we can add a provider with dummy data but it is helpful at all?

Or do you mean adding such CLI instructions to docs? I think a UI is a better experience. But we can do that of course

[riuvshin]

I mean should we have just an example of how to do the same but using CLI ?
it is actually what @patlachance wanted, am I right?

[ghost]

Yeah, that makes sense. Will do

[patlachance]

@riuvshin yes, exactly!
@eivantsov thanks