Closed pogo61 closed 3 months ago
Having the same issue. Did all the steps as @sivaprasadreddy, now something different appeared:
Login failed, user profile does not contain an email
UPD. Fixed by making my email visible in GitHub and selecting it in settings.
Alright, I think we'll consider this a general "migration questions" thread at this point, rather than an actual underlying issue to be fixed. That's perfectly fine, but just noting that if I understand things correctly, there are no actionable outcomes besides docs improvements which we agree really are needed. I'll close for now, but of course it stays around and is searchable and hopefully helps others who encounter the same type of situations.
I got this to work by adding the resolvers above and updating examples/org.yaml
to my own user, but how do we add more users or can we use a github Team
instead?
@bluu926 You are meant to add a catalog integration with some provider of actual user/group data, like ldap or whatnot. See the different "Org" sections under https://backstage.io/docs/integrations/
I got this to work by adding the resolvers above and updating
examples/org.yaml
to my own user, but how do we add more users or can we use a githubTeam
instead?
you probably need to use the appropriate resolved in your app-config.yaml
. Depending on your use case you might want to choose between emailMatchingUserEntityProfileEmail
, emailLocalPartMatchingUserEntityName
or usernameMatchingUserEntityName
I followed every step, yet I'm still encountering an error when trying to log in with Microsoft.
Login failed; caused by Error: Failed to sign-in, unable to resolve user identity
I followed every step, yet I'm still encountering an error when trying to log in with Microsoft.
Login failed; caused by Error: Failed to sign-in, unable to resolve user identity
Hi @Estehsan,
does your app-config.yaml
contain the following?
auth:
environment: development
providers:
microsoft:
development:
clientId: ${AZURE_CLIENT_ID}
clientSecret: ${AZURE_CLIENT_SECRET}
tenantId: ${AZURE_TENANT_ID}
signIn:
resolvers:
# one of the following resolvers
- resolver: emailMatchingUserEntityAnnotation
- resolver: emailMatchingUserEntityProfileEmail
- resolver: emailLocalPartMatchingUserEntityName
the error you are getting is due to the fact that either you don't have any resolver in place or none of your resolvers can match the provided user, meaning that the ingestion in the catalog isn't working as it should
cc @Sarabadu 😅
I followed every step, yet I'm still encountering an error when trying to log in with Microsoft.
Login failed; caused by Error: Failed to sign-in, unable to resolve user identity
@Estehsan - I got into the same issue too. It turns out I need to have the user ingested into the system (via Azure integrations) that should match the user trying to login.
The patch I applied is below. Note that you'll need to import the entities as I mentioned on this message: https://github.com/backstage/backstage/issues/23748#issuecomment-2066290169
diff --git a/app-config.yaml b/app-config.yaml
index 248cff1..416b120 100644
--- a/app-config.yaml
+++ b/app-config.yaml
@@ -66,6 +66,13 @@ auth:
# see https://backstage.io/docs/auth/ to learn about auth providers
providers:
# See https://backstage.io/docs/auth/guest/provider
+ github:
+ development:
+ clientId: XXX
+ clientSecret: YYY
+ signIn:
+ resolvers:
+ - resolver: usernameMatchingUserEntityName
guest: {}
scaffolder:
diff --git a/examples/org.yaml b/examples/org.yaml
index a10e81f..2dbbda9 100644
--- a/examples/org.yaml
+++ b/examples/org.yaml
@@ -15,3 +15,12 @@ metadata:
spec:
type: team
children: []
+---
+# https://backstage.io/docs/features/software-catalog/descriptor-format#kind-user
+apiVersion: backstage.io/v1alpha1
+kind: User
+metadata:
+ name: paco-sparta
+spec:
+ memberOf: [guests]
+---
diff --git a/packages/app/src/App.tsx b/packages/app/src/App.tsx
index f751cf6..51aa0e5 100644
--- a/packages/app/src/App.tsx
+++ b/packages/app/src/App.tsx
@@ -26,6 +26,8 @@ import { apis } from './apis';
import { entityPage } from './components/catalog/EntityPage';
import { searchPage } from './components/search/SearchPage';
import { Root } from './components/Root';
+import { githubAuthApiRef } from '@backstage/core-plugin-api';
+import { AutoLogout } from '@backstage/core-components';
import {
AlertDisplay,
@@ -58,7 +60,21 @@ const app = createApp({
});
},
components: {
- SignInPage: props => <SignInPage {...props} auto providers={['guest']} />,
+ SignInPage: props => (
+ <SignInPage
+ {...props}
+ auto
+ providers={[
+ 'guest',
+ {
+ id: 'github-auth-provider',
+ title: 'GitHub',
+ message: 'Sign in using GitHub',
+ apiRef: githubAuthApiRef,
+ },
+ ]}
+ />
+ ),
},
});
@@ -107,6 +123,7 @@ export default app.createRoot(
<>
<AlertDisplay />
<OAuthRequestDialog />
+ <AutoLogout />
<AppRouter>
<Root>{routes}</Root>
</AppRouter>
diff --git a/packages/backend/src/index.ts b/packages/backend/src/index.ts
index 44fde69..6fdd0a9 100644
--- a/packages/backend/src/index.ts
+++ b/packages/backend/src/index.ts
@@ -17,6 +17,7 @@ backend.add(import('@backstage/plugin-techdocs-backend/alpha'));
// auth plugin
backend.add(import('@backstage/plugin-auth-backend'));
+backend.add(import('@backstage/plugin-auth-backend-module-github-provider'));
// See https://backstage.io/docs/backend-system/building-backends/migrating#the-auth-plugin
backend.add(import('@backstage/plugin-auth-backend-module-guest-provider'));
// See https://github.com/backstage/backstage/blob/master/docs/auth/guest/provider.md
The patch I applied:
diff --git a/app-config.yaml b/app-config.yaml index 248cff1..416b120 100644 --- a/app-config.yaml +++ b/app-config.yaml @@ -66,6 +66,13 @@ auth: # see https://backstage.io/docs/auth/ to learn about auth providers providers: # See https://backstage.io/docs/auth/guest/provider + github: + development: + clientId: XXX + clientSecret: YYY + signIn: + resolvers: + - resolver: usernameMatchingUserEntityName guest: {} scaffolder: diff --git a/examples/org.yaml b/examples/org.yaml index a10e81f..2dbbda9 100644 --- a/examples/org.yaml +++ b/examples/org.yaml @@ -15,3 +15,12 @@ metadata: spec: type: team children: [] +--- +# https://backstage.io/docs/features/software-catalog/descriptor-format#kind-user +apiVersion: backstage.io/v1alpha1 +kind: User +metadata: + name: paco-sparta +spec: + memberOf: [guests] +--- diff --git a/packages/app/src/App.tsx b/packages/app/src/App.tsx index f751cf6..51aa0e5 100644 --- a/packages/app/src/App.tsx +++ b/packages/app/src/App.tsx @@ -26,6 +26,8 @@ import { apis } from './apis'; import { entityPage } from './components/catalog/EntityPage'; import { searchPage } from './components/search/SearchPage'; import { Root } from './components/Root'; +import { githubAuthApiRef } from '@backstage/core-plugin-api'; +import { AutoLogout } from '@backstage/core-components'; import { AlertDisplay, @@ -58,7 +60,21 @@ const app = createApp({ }); }, components: { - SignInPage: props => <SignInPage {...props} auto providers={['guest']} />, + SignInPage: props => ( + <SignInPage + {...props} + auto + providers={[ + 'guest', + { + id: 'github-auth-provider', + title: 'GitHub', + message: 'Sign in using GitHub', + apiRef: githubAuthApiRef, + }, + ]} + /> + ), }, }); @@ -107,6 +123,7 @@ export default app.createRoot( <> <AlertDisplay /> <OAuthRequestDialog /> + <AutoLogout /> <AppRouter> <Root>{routes}</Root> </AppRouter> diff --git a/packages/backend/src/index.ts b/packages/backend/src/index.ts index 44fde69..6fdd0a9 100644 --- a/packages/backend/src/index.ts +++ b/packages/backend/src/index.ts @@ -17,6 +17,7 @@ backend.add(import('@backstage/plugin-techdocs-backend/alpha')); // auth plugin backend.add(import('@backstage/plugin-auth-backend')); +backend.add(import('@backstage/plugin-auth-backend-module-github-provider')); // See https://backstage.io/docs/backend-system/building-backends/migrating#the-auth-plugin backend.add(import('@backstage/plugin-auth-backend-module-guest-provider')); // See https://github.com/backstage/backstage/blob/master/docs/auth/guest/provider.md
Thanks a lot! However even after applying these exact patches on a new backstage installation i am still getting Login failed; caused by Error: Failed to sign-in, unable to resolve user identity
when trying to authenticate.
This is what my app-config.yml
looks like:
auth:
environment: development
# see https://backstage.io/docs/auth/ to learn about auth providers
providers:
# See https://backstage.io/docs/auth/guest/provider
guest: {}
github:
development:
clientId: 'xxx'
clientSecret: 'xxx'
signIn:
resolvers:
- resolver: usernameMatchingUserEntityName
Turns out i missed this patch:
diff --git a/examples/org.yaml b/examples/org.yaml
index a10e81f..2dbbda9 100644
--- a/examples/org.yaml
+++ b/examples/org.yaml
@@ -15,3 +15,12 @@ metadata:
spec:
type: team
children: []
+---
+# https://backstage.io/docs/features/software-catalog/descriptor-format#kind-user
+apiVersion: backstage.io/v1alpha1
+kind: User
+metadata:
+ name: chilinot
+spec:
+ memberOf: [guests]
+---
Yeah, you need another plugin to import your User + Group + Repo entities from github.
backend.add(import('@backstage/plugin-catalog-backend-module-github/alpha'));
backend.add(import('@backstage/plugin-catalog-backend-module-github-org'));
integrations:
github:
- host: github.com
// Personal Access Token
token: ghp_XXXX
....
catalog:
import:
entityFilename: catalog-info.yaml
pullRequestBranchName: backstage-integration
providers:
github:
your-org-gh-provider:
organization: <yourOrg>
schedule:
frequency: PT30M
timeout: PT30S
githubOrg:
id: <your-org>
orgs: [<yourOrg>]
githubUrl: https://github.com/
schedule:
frequency: PT30M
timeout: PT30S
Yeah, you need another plugin to import your User + Group + Repo entities from github.
backend.add(import('@backstage/plugin-catalog-backend-module-github/alpha')); backend.add(import('@backstage/plugin-catalog-backend-module-github-org'));
integrations: github: - host: github.com // Personal Access Token token: ghp_XXXX .... catalog: import: entityFilename: catalog-info.yaml pullRequestBranchName: backstage-integration providers: github: your-org-gh-provider: organization: <yourOrg> schedule: frequency: PT30M timeout: PT30S githubOrg: id: <your-org> orgs: [<yourOrg>] githubUrl: https://github.com/ schedule: frequency: PT30M timeout: PT30S
I disagree.
Obviously hardcoding the users will also work. Pulling from the org keeps it up-to-date and doesn't require redeploying whenever a dev joins or leaves the company.
Obviously hardcoding the users will also work. Pulling from the org keeps it up-to-date and doesn't require redeploying whenever a dev joins or leaves the company.
There are many ways to do that, what I indicated was a way of boot strapping Backstage so that you could use it. It would totally depend on what authentication integration you have defined as to what you do after that. BYW, a change to the base configuration will result in a re-initiation of Backstage without the need to redeploy.
I am going to try and summarize it all in one post for others. This is for enabling Github Auth:
Create an OAuth app in Github account under Developer Settings
Add auth section to app-config.yaml
:
auth:
# see https://backstage.io/docs/auth/ to learn about auth providers
environment: development
providers:
github:
development:
clientId: 6cfd...9bd
clientSecret: 7695...546c
signIn:
resolvers:
# Only one of these
- resolver: emailMatchingUserEntityProfileEmail
- resolver: emailLocalPartMatchingUserEntityName
- resolver: usernameMatchingUserEntityName
NOTE: the resolvers used is dependent on the auth provider being used!
Update the Frontend. Add the following to packages/app/src/App.tsx
import { githubAuthApiRef } from '@backstage/core-plugin-api';
const githubAuthCfg = {
id: 'github-auth-provider',
title: 'GitHub',
message: 'Sign in using GitHub',
apiRef: githubAuthApiRef,
}
...
components: {
SignInPage: props => <SignInPage {...props} auto providers={['guest', githubAuthCfg]} />,
},
Update the Backend: add github provider import in packages/backend/src/index.ts
:
backend.add(import('@backstage/plugin-auth-backend-module-github-provider'))
Make sure your Github user is defined in examples/org.yaml
# https://backstage.io/docs/features/software-catalog/descriptor-format#kind-user
apiVersion: backstage.io/v1alpha1
kind: User
metadata:
name: <github-username>
spec:
memberOf: [guests]
Hope that helps the next person that comes along. This was a bit tricky to track down for this Backstage newbie that simply wanted to do a local run to explore.
Hope that helps the next person that comes along. This was a bit tricky to track down for this Backstage newbie that simply wanted to do a local run to explore.
Hi @shadygrove, sorry you had issues with this, the docs for sure have not been helpful. I've been slowly working to fix this in many areas. If you are open to it would like to get some feedback: was the issue that there was no docs at all our that they were spread out in a way that made them hard to find? If you'd rather chat on the Backstage Discord that works too I'm Ahhhndre
there.
@awanlin thanks for reaching out. I will follow up on Discord to prevent this issue from getting sidetracked in unrelated discussion.
Got it working
- Update app-config.yaml
- Update packages/app/src/App.tsx
- Update packages/backend/src/index.ts
- Update examples/org.yaml to change "guest" to my GH username. got it working Thanks
@freben @paco-sparta wrote:
Yeah, you need another plugin to import your User + Group + Repo entities from github.
backend.add(import('@backstage/plugin-catalog-backend-module-github/alpha')); backend.add(import('@backstage/plugin-catalog-backend-module-github-org'));
catalog: providers: githubOrg: id: <your-org> orgs: [<yourOrg>] githubUrl: https://github.com/ schedule: frequency: PT30M timeout: PT30S
How were the users ingested in the old version?
Can someone explain the following error?
I'm seeing an unresolved user failure only when I run backstage locally, but it works in the cloud. I noticed that the githubOrg catalog provider is missing from app-config. That would explain the local failure. But how is it working in the cloud? Could it be running with stale user data left behind by the old version?
Update: After adding githubOrg catalog provider, sign-in now works locally.
However, I did overcome two additional obstacles in the process:
The catalog module for GitHub Org comes with events support enabled.
This was true in 1.26 but not 1.27? I was forced to install the events plugin until I bumped versions.If you were providing a schedule in code, this now needs to be set via configuration.
In reality, the schedule configuration is required, right?
By the way, why can't a reasonable default schedule be provided?Hello, I am new to backstage and able to solve sign in issue locally with https://github.com/backstage/backstage/issues/23748#issuecomment-2094010722, but still it is not working for docker image which is created as part of https://backstage.io/docs/deployment/k8s/. Error I am getting is " Login failed; caused by Error: Failed to sign-in, unable to resolve user identity" I am using github app for auth.
📜 Description
I've been trying for the last day to get GitHub auth working, after upgrading to the latest release, assuming it was my fault, even though my config hasn't changed. Then I noticed that the latest release introduced braking changes to the auth providers. I downloaded release 1.23.4 and build it and it is working as before. It would be nice if you had made sure the auth provider plugins worked before releasing these changes.
👍 Expected behavior
Return a HTTP 200
👎 Actual Behavior with Screenshots
This is the error response gotten when trying to auth against gitHub using a GitHub App and the PAT:
👟 Reproduction steps
settings->Authentication Providers -> choose GitHub->sign in
📃 Provide the context for the Bug.
No response
🖥️ Your Environment
local installation of backstage with env:development
👀 Have you spent some time to check if this bug has been raised before?
🏢 Have you read the Code of Conduct?
Are you willing to submit PR?
None