github-oauth-plugin | Jenkins authentication plugin using GitHub OAuth | OAuth library
kandi X-RAY | github-oauth-plugin Summary
kandi X-RAY | github-oauth-plugin Summary
github-oauth-plugin is a Java library typically used in Security, OAuth, Jenkin applications. github-oauth-plugin has no bugs, it has no vulnerabilities, it has build file available, it has a Permissive License and it has low support. You can download it from GitHub.
The GitHub Authentication plugin provides a means of securing a Jenkins instance by offloading authentication and authorization to GitHub. The plugin authenticates by using a GitHub OAuth Application. It can use multiple authorization strategies for authorizing users. GitHub users are surfaced as Jenkins users for authorization. GitHub organizations and teams are surfaced as Jenkins groups for authorization. This plugin supports GitHub Enterprise.
The GitHub Authentication plugin provides a means of securing a Jenkins instance by offloading authentication and authorization to GitHub. The plugin authenticates by using a GitHub OAuth Application. It can use multiple authorization strategies for authorizing users. GitHub users are surfaced as Jenkins users for authorization. GitHub organizations and teams are surfaced as Jenkins groups for authorization. This plugin supports GitHub Enterprise.
Support
Quality
Security
License
Reuse
Support
github-oauth-plugin has a low active ecosystem.
It has 97 star(s) with 156 fork(s). There are 114 watchers for this library.
It had no major release in the last 12 months.
github-oauth-plugin has no issues reported. There are 11 open pull requests and 0 closed requests.
It has a neutral sentiment in the developer community.
The latest version of github-oauth-plugin is github-oauth-0.37
Quality
github-oauth-plugin has 0 bugs and 0 code smells.
Security
github-oauth-plugin has no vulnerabilities reported, and its dependent libraries have no vulnerabilities reported.
github-oauth-plugin code analysis shows 0 unresolved vulnerabilities.
There are 0 security hotspots that need review.
License
github-oauth-plugin is licensed under the MIT License. This license is Permissive.
Permissive licenses have the least restrictions, and you can use them in most projects.
Reuse
github-oauth-plugin releases are available to install and integrate.
Build file is available. You can build the component from source.
Installation instructions, examples and code snippets are available.
github-oauth-plugin saves you 1518 person hours of effort in developing the same functionality from scratch.
It has 3382 lines of code, 242 functions and 37 files.
It has high code complexity. Code complexity directly impacts maintainability of the code.
Top functions reviewed by kandi - BETA
kandi has reviewed github-oauth-plugin and discovered the below as its top functions. This is intended to give you an instant insight into github-oauth-plugin implemented functionality, and help decide if they suit your requirements.
- Handles the login login
- Gets access token
- Get the proxy for the given URI
- Create HttpClient with proxy
- Returns true if the user has permission to access the given user
- Gets the repository name
- Loads the repository with the given name
- Returns a cache of all repositories for the current user
- Lookup a group by name
- Load team with the given organization and team name
- Gets the authorities from the authentication token
- Gets the GitHub api
- Performs a commit login
- Generates a random URL safe string
- Load user by username
- Retrieves the access token associated with a user
- Authenticates the proxy
- Loads user by token
- Creates the security components that will be used for authentication
- Clears all cached caches
- Returns the text of the hub
- Returns the github web uri
- Authenticate user details
- Clear cache for user
Get all kandi verified functions for this library.
github-oauth-plugin Key Features
No Key Features are available at this moment for github-oauth-plugin.
github-oauth-plugin Examples and Code Snippets
No Code Snippets are available at this moment for github-oauth-plugin.
Community Discussions
Trending Discussions on github-oauth-plugin
QUESTION
Add jeninks local user readonly account when using Global GitHub OAuth Sec
Asked 2018-Mar-15 at 18:04
How can I add a limited access account for jenkins automation when I'm using Global GitHub OAuth Settings?
I'm using GitHub OAth for login to jenkins and I have python jenkinsapi scripts that I want to run as a user with read only access. At present, all my users are github users.
I can create a github account without access to my repositories and then limit that accounts access to jenkins but this seems cumbersome.
Is there a way to use multiple security realms or to create local users?
It seems that when jenkins contains a local user, that the plugin uses this first (plugin-source)
...ANSWER
Answered 2018-Mar-15 at 18:04If you look at Manage Jenkins->Configure Global Security, you can see that you can select only one security realm.
I would say, for Jenkins use create a github service account specifically that user can be restricted to just a few repositories. You can also look at matrix based security or project based matrix security if you want to restrict authorization further
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install github-oauth-plugin
Before configuring the plugin you must create a GitHub application registration. The Client ID and the Client Secret will be used to configure the Jenkins Security Realm. Keep the page open to the application registration so this information can be copied to your Jenkins configuration. The security realm in Jenkins controls authentication (i.e. you are who you say you are). The GitHub Authentication Plugin provides a security realm to authenticate Jenkins users via GitHub OAuth. In the plugin configuration pages each field has a little (❓) next to it. Click on it for help about the setting. The authorization configuration in Jenkins controls what your users can do (i.e. read jobs, execute builds, administer permissions, etc.). The GitHub OAuth Plugin supports multiple ways of configuring authorization. It is highly recommended that you configure the security realm and log in via GitHub OAuth before configuring authorization. This way Jenkins can look up and verify users and groups if configuring matrix-based authorization. Control user authorization using the Github Committer Authorization Strategy. This is the simplest authorization strategy to get up and running. It handles authorization based on the git URL of a job and the type of access a user has to that project (i.e. Admin, Read/Write, Read-Only). There is a way to authorize the use of the /github-webhook callback url to receive post commit hooks from GitHub. This authorization strategy has a checkbox that can allow GitHub POST data to be received. You will still need to run the GitHub Plugin to have the message trigger the build. There are a few ways to configure the plugin so that everyone on your team has Overall/Administer access. Control user authorization using Matrix-based security or Project-based Matrix Authorization Strategy. Project-based Matrix Authorization Strategy allows one to configure authorization globally per project and, when using Project-based Matrix Authorization Strategy with the CloudBees folder plugin, per folder. There are a few built-in authorizations to consider. You can configure authorization based on GitHub users, organizations, or teams.
Visit https://github.com/settings/applications/new to create a GitHub application registration.
The values for application name, homepage URL, or application description don't matter. They can be customized however desired.
However, the authorization callback URL takes a specific value. It must be https://jenkins.example.com/securityRealm/finishLogin where jenkins.example.com is the location of the Jenkins server. The important part of the callback URL is /securityRealm/finishLogin
Finish by clicking Register application.
In the Global Security configuration choose the Security Realm to be GitHub Authentication Plugin.
The settings to configure are: GitHub Web URI, GitHub API URI, Client ID, Client Secret, and OAuth Scope(s).
If you're using GitHub Enterprise then the API URI is https://ghe.example.com/api/v3. The GitHub Enterprise API URI ends with /api/v3.
The recommended minimum GitHub OAuth scopes are read:org,user:email. The recommended scopes are designed for using both authentication and authorization functions in the plugin. If only authentication is being used then the scope can be further limited to (no scope) or user:email.
Choose Logged-in users can do anything authorization strategy.
Choose one of the matrix-based authorization strategies. Set authenticated users to Overall/Administer permissions. Set anonymous users to have Overall/Read permissions and perhaps the ViewStatus permission.
anonymous - is anyone who has not logged in. Recommended permissions are just Job/Discover and Job/ViewStatus.
authenticated - is anyone who has logged in. You can configure permissions for anybody who has logged into Jenkins. Recommended permissions are Overall/Read and View/Read. anonymous and authenticated usernames are case sensitive and must be lower case. This is a consideration when configuring authorizations via Groovy. Keep in mind that anonymous shows up as Anonymous in the Jenkins UI.
username - give permissions to a specific GitHub username.
organization - give permissions to every user that belongs to a specific GitHub organization.
organization*team - give permissions to a specific GitHub team of a GitHub organization. Notice that organization and team are separated by an asterisk (*).
After installing, the <securityRealm> class should have been updated in your /var/lib/jenkins/config.xml file. The value of <clientID> should agree with what you pasted into the admin UI. If it doesn't or you still can't log in, reset to <securityRealm class="hudson.security.HudsonPrivateSecurityRealm"> and restart Jenkins from the command-line.
Visit https://github.com/settings/applications/new to create a GitHub application registration.
The values for application name, homepage URL, or application description don't matter. They can be customized however desired.
However, the authorization callback URL takes a specific value. It must be https://jenkins.example.com/securityRealm/finishLogin where jenkins.example.com is the location of the Jenkins server. The important part of the callback URL is /securityRealm/finishLogin
Finish by clicking Register application.
In the Global Security configuration choose the Security Realm to be GitHub Authentication Plugin.
The settings to configure are: GitHub Web URI, GitHub API URI, Client ID, Client Secret, and OAuth Scope(s).
If you're using GitHub Enterprise then the API URI is https://ghe.example.com/api/v3. The GitHub Enterprise API URI ends with /api/v3.
The recommended minimum GitHub OAuth scopes are read:org,user:email. The recommended scopes are designed for using both authentication and authorization functions in the plugin. If only authentication is being used then the scope can be further limited to (no scope) or user:email.
Choose Logged-in users can do anything authorization strategy.
Choose one of the matrix-based authorization strategies. Set authenticated users to Overall/Administer permissions. Set anonymous users to have Overall/Read permissions and perhaps the ViewStatus permission.
anonymous - is anyone who has not logged in. Recommended permissions are just Job/Discover and Job/ViewStatus.
authenticated - is anyone who has logged in. You can configure permissions for anybody who has logged into Jenkins. Recommended permissions are Overall/Read and View/Read. anonymous and authenticated usernames are case sensitive and must be lower case. This is a consideration when configuring authorizations via Groovy. Keep in mind that anonymous shows up as Anonymous in the Jenkins UI.
username - give permissions to a specific GitHub username.
organization - give permissions to every user that belongs to a specific GitHub organization.
organization*team - give permissions to a specific GitHub team of a GitHub organization. Notice that organization and team are separated by an asterisk (*).
After installing, the <securityRealm> class should have been updated in your /var/lib/jenkins/config.xml file. The value of <clientID> should agree with what you pasted into the admin UI. If it doesn't or you still can't log in, reset to <securityRealm class="hudson.security.HudsonPrivateSecurityRealm"> and restart Jenkins from the command-line.
Support
After installing, the <securityRealm> class should have been updated in your /var/lib/jenkins/config.xml file. The value of <clientID> should agree with what you pasted into the admin UI. If it doesn't or you still can't log in, reset to <securityRealm class="hudson.security.HudsonPrivateSecurityRealm"> and restart Jenkins from the command-line.
Find more information at:
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page
