Self-managed: Connect users via GitHub OAuth

Cortex attempts to map users to your GitHub organization, but you may need to use the GitHub OAuth flow to connect a GitHub user to a Cortex user.

Setup Instructions

Before getting started: Make sure you have already set up a form of GitHub authentication (either via GitHub App or personal access token).

First, you'll need to create a GitHub App in your GH organization.

Go to https://github.com/organizations/<org>/settings/apps
Click on “OAuth Apps” -> "New OAuth App"
Set the following settings:
1. Authorization callback URL: <FRONTEND HOST>/oauth/internal/github
2. Application name and Homepage URL can be set to whatever you'd like
Click "Register application"
Copy down the listed "Client ID"
Click "Generate a new client secret" and copy this down as well

You'll need to configure your on-prem deployment to be able to talk your GitHub OAuth App.

Create a k8s secret and add the secret in your values.yaml file for the Helm chart. You may already have a secret set up if you had configured a persistent store previously, so be sure to verify in your Helm chart.
Add the following keys to your secret (make sure they're base64 encoded with no extraneous at the end):
1. GITHUB_OAUTH_CLIENT_ID (from step 5)
2. GITHUB_OAUTH_CLIENT_SECRET (from step 6)
3. If using a self-hosted GitHub Enterprise instance
  1. If you didn't configure it during GitHub App setup, set GITHUB_URL to your GitHub enterprise API endpoint
  2. Set GITHUB_OAUTH_URL to <GITHUB_URL>/login/oauth/authorize
  3. Set GITHUB_OAUTH_ACCESS_TOKEN_URL to <GITHUB_URL>/login/oauth/access_token
Restart Cortex backend deployment in k8s

Once your backend has restarted, you're ready to start connecting users.

Navigate to <FRONTEND HOST>/admin/settings/github-connection with a Cortex account you'd like to connect to a GitHub account.

Follow the OAuth flow.

Your account should now be connected and all of our GitHub integration magic should work nicely with the connected Cortex account!

Last updated 2 months ago