Uploaded image for project: 'Red Hat 3scale API Management'
  1. Red Hat 3scale API Management
  2. THREESCALE-4144

Enabling authentication via GitHub with your own application in Dev portal doesn't work

    XMLWordPrintable

Details

    • Not Started
    • Not Started
    • Not Started
    • Not Started
    • Not Started
    • Not Started
    • Engineering
    • 3scale 2020-02-17, 3scale 2020-03-09, 3scale 2020-03-23

    Description

      This issue has been reproduced by rhn-support-dmayorov, who provided information below.

      Expected behaviour:
      When you put your Client ID and Client Secret of your own GitHub application, the authentication should be performed using this custom application. Also, I would expect in SaaS to see the "state" of the integration – whether it's "3scale branded" or "custom branded", as shown on this screenshot from the Developer Portal authentication section > 5.2 Enabling and disabling authentication via GitHub.

      Current behaviour:
      Even though the custom Client ID and Client Secret are configured, the authentication is still going through the default "3scale branded" GitHub application. You can see if if you examine the "Test authentication flow" URL – it includes the 3scale's Client ID for GitHub app.

      Further troubleshooting:

      • If you GET the Authentication Providers Developer Portal List with the 3scale API, you can see that its state is "3scale branded".
      • It is not possible to change the state with Authentication Provider Developer Portal Update because the state field is not exposed.
      • You can specify the desired state via Authentication Provider Developer Portal Create endpoint (branding_state_event=custom_brand). However we can't use Create because only one provider of the given type "GitHub" is allowed and it is not possible to delete the auth provider with the 3scale API or via UI.

      A potential workaround could be to change this field by API, but unfortunately this field is not accessible through the "Authentication Provider Developer Portal Update" endpoint.
      As mentioned above, you can actually specify the desired state via "Authentication Provider Developer Portal Create" endpoint (branding_state_event=custom_brand), but this is not exposed on "Update". And we can't use "Create" because only one provider of the given type "GitHub" is allowed. And there is also no way to delete and create the auth provider, AFAIK.

      Dev notes

      We decide to just allow workaround by allowing update for the custom_brand state in the API

      Attachments

        Issue Links

          is blocked by

          Epic - Created by Jira Software - do not edit or delete. Issue type for a big user story that needs to be broken down. THREESCALE-3064 Generic developer portal SSO integration with third party OIDC IdP

          • Critical - To be worked on immediately following BLOCKER issues.
          • To Develop

          Epic - Created by Jira Software - do not edit or delete. Issue type for a big user story that needs to be broken down. THREESCALE-10634 Generic developer portal SSO integration with third party OIDC IdP (3scale Operator)

          • Critical - To be worked on immediately following BLOCKER issues.
          • To Develop

          Activity

            People

              amasferr Andreu Masferrer
              rhn-support-avilatus Anna Vila Tusell
              Votes:
              1 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated: