backstage: Latest release 1.24.0 breaks GitHub auth

have you switched to the new backend system by changing your packages/backend/src/index.ts according to https://backstage.github.io/upgrade-helper/?from=1.23.4&to=1.24.0 ?

If yes, you might have missed adding

  // auth plugin
  backend.add(import('@backstage/plugin-auth-backend'));
  // See https://backstage.io/docs/backend-system/building-backends/migrating#the-auth-plugin
  backend.add(import('@backstage/plugin-auth-backend-module-guest-provider'));
  // See https://github.com/backstage/backstage/blob/master/docs/auth/guest/provider.md

+ backend.add(import('@backstage/plugin-auth-backend-module-github-provider'));
  // catalog plugin
  backend.add(import('@backstage/plugin-catalog-backend/alpha'));
  backend.add(
    import('@backstage/plugin-catalog-backend-module-scaffolder-entity-model'),
  );

More info in https://backstage.io/docs/backend-system/building-backends/migrating/#the-auth-plugin

After adding the resolvers, it worked. @freben Thanks.

auth:
  environment: development
  providers:
    github:
      development:
        clientId: xxxxxx
        clientSecret: xxxxxxx
        signIn:
          resolvers:
            - resolver: emailMatchingUserEntityProfileEmail
            - resolver: emailLocalPartMatchingUserEntityName
            - resolver: usernameMatchingUserEntityName

have you switched to the new backend system by changing your packages/backend/src/index.ts according to https://backstage.github.io/upgrade-helper/?from=1.23.4&to=1.24.0 ?

If yes, you might have missed adding

  // auth plugin
  backend.add(import('@backstage/plugin-auth-backend'));
  // See https://backstage.io/docs/backend-system/building-backends/migrating#the-auth-plugin
  backend.add(import('@backstage/plugin-auth-backend-module-guest-provider'));
  // See https://github.com/backstage/backstage/blob/master/docs/auth/guest/provider.md

+ backend.add(import('@backstage/plugin-auth-backend-module-github-provider'));
  // catalog plugin
  backend.add(import('@backstage/plugin-catalog-backend/alpha'));
  backend.add(
    import('@backstage/plugin-catalog-backend-module-scaffolder-entity-model'),
  );

More info in https://backstage.io/docs/backend-system/building-backends/migrating/#the-auth-plugin

And

Thanks everyone! Confirming adding a user to examples\org.yaml fixed my problem also. I appreciated the patience as this is all new to me 😃

apiVersion: backstage.io/v1alpha1
kind: User
metadata:
  name: seanonet
spec:
  memberOf: [guests]

was the answer for my problem 🙏 Thanks!

The following pages need updating (and probably other providers too)

• https://backstage.io/docs/auth/github/provider https://backstage.spotify.com/learn/standing-up-backstage/configuring-backstage/7-authentication/

The patch I applied is below. Note that you’ll need to import the entities as I mentioned on this message: https://github.com/backstage/backstage/issues/23748#issuecomment-2066290169

diff --git a/app-config.yaml b/app-config.yaml
index 248cff1..416b120 100644
--- a/app-config.yaml
+++ b/app-config.yaml
@@ -66,6 +66,13 @@ auth:
   # see https://backstage.io/docs/auth/ to learn about auth providers
   providers:
     # See https://backstage.io/docs/auth/guest/provider
+    github:
+      development:
+        clientId: XXX
+        clientSecret: YYY
+        signIn:
+          resolvers:
+            - resolver: usernameMatchingUserEntityName
     guest: {}
 
 scaffolder:
diff --git a/examples/org.yaml b/examples/org.yaml
index a10e81f..2dbbda9 100644
--- a/examples/org.yaml
+++ b/examples/org.yaml
@@ -15,3 +15,12 @@ metadata:
 spec:
   type: team
   children: []
+---
+# https://backstage.io/docs/features/software-catalog/descriptor-format#kind-user
+apiVersion: backstage.io/v1alpha1
+kind: User
+metadata:
+  name: paco-sparta
+spec:
+  memberOf: [guests]
+---
diff --git a/packages/app/src/App.tsx b/packages/app/src/App.tsx
index f751cf6..51aa0e5 100644
--- a/packages/app/src/App.tsx
+++ b/packages/app/src/App.tsx
@@ -26,6 +26,8 @@ import { apis } from './apis';
 import { entityPage } from './components/catalog/EntityPage';
 import { searchPage } from './components/search/SearchPage';
 import { Root } from './components/Root';
+import { githubAuthApiRef } from '@backstage/core-plugin-api';
+import { AutoLogout } from '@backstage/core-components';
 
 import {
   AlertDisplay,
@@ -58,7 +60,21 @@ const app = createApp({
     });
   },
   components: {
-    SignInPage: props => <SignInPage {...props} auto providers={['guest']} />,
+    SignInPage: props => (
+      <SignInPage
+        {...props}
+        auto
+        providers={[
+          'guest',
+          {
+            id: 'github-auth-provider',
+            title: 'GitHub',
+            message: 'Sign in using GitHub',
+            apiRef: githubAuthApiRef,
+          },
+        ]}
+      />
+    ),
   },
 });
 
@@ -107,6 +123,7 @@ export default app.createRoot(
   <>
     <AlertDisplay />
     <OAuthRequestDialog />
+    <AutoLogout />
     <AppRouter>
       <Root>{routes}</Root>
     </AppRouter>
diff --git a/packages/backend/src/index.ts b/packages/backend/src/index.ts
index 44fde69..6fdd0a9 100644
--- a/packages/backend/src/index.ts
+++ b/packages/backend/src/index.ts
@@ -17,6 +17,7 @@ backend.add(import('@backstage/plugin-techdocs-backend/alpha'));
 
 // auth plugin
 backend.add(import('@backstage/plugin-auth-backend'));
+backend.add(import('@backstage/plugin-auth-backend-module-github-provider'));
 // See https://backstage.io/docs/backend-system/building-backends/migrating#the-auth-plugin
 backend.add(import('@backstage/plugin-auth-backend-module-guest-provider'));
 // See https://github.com/backstage/backstage/blob/master/docs/auth/guest/provider.md

Thanks everyone! Confirming adding a user to examples\org.yaml fixed my problem also. I appreciated the patience as this is all new to me 😃

apiVersion: backstage.io/v1alpha1
kind: User
metadata:
  name: seanonet
spec:
  memberOf: [guests]

Alright, I think we’ll consider this a general “migration questions” thread at this point, rather than an actual underlying issue to be fixed. That’s perfectly fine, but just noting that if I understand things correctly, there are no actionable outcomes besides docs improvements which we agree really are needed. I’ll close for now, but of course it stays around and is searchable and hopefully helps others who encounter the same type of situations.

Having the same issue. Did all the steps as @sivaprasadreddy, now something different appeared:

Login failed, user profile does not contain an email

UPD. Fixed by making my email visible in GitHub and selecting it in settings.

I followed all the steps mentioned in this thread:

1. Update app-config.yaml
2. Update packages/app/src/App.tsx
3. Update packages/backend/src/index.ts
4. Update examples/org.yaml to change “guest” to my GH username.

But, still getting “The GitHub provider is not configured to support sign-in” error.

Obviously hardcoding the users will also work. Pulling from the org keeps it up-to-date and doesn’t require redeploying whenever a dev joins or leaves the company.

Yeah, you need another plugin to import your User + Group + Repo entities from github.

backend.add(import('@backstage/plugin-catalog-backend-module-github/alpha'));
backend.add(import('@backstage/plugin-catalog-backend-module-github-org'));

integrations:
  github:
    - host: github.com
      // Personal Access Token
      token: ghp_XXXX

....

catalog:
  import:
    entityFilename: catalog-info.yaml
    pullRequestBranchName: backstage-integration
  providers:
    github:
      your-org-gh-provider:
        organization: <yourOrg>
        schedule:
          frequency: PT30M
          timeout: PT30S
    githubOrg:
      id: <your-org>
      orgs: [<yourOrg>]
      githubUrl: https://github.com/
      schedule:
        frequency: PT30M
        timeout: PT30S

@bluu926 You are meant to add a catalog integration with some provider of actual user/group data, like ldap or whatnot. See the different “Org” sections under https://backstage.io/docs/integrations/

@sivaprasadreddy you probably forgot to add the signIn key on your provider in app-config. https://backstage.io/docs/backend-system/building-backends/migrating#the-auth-plugin

Alright. The project is moving at breakneck speed and that’s over half a year of upgrades - it’s easy to miss some step. I hope we can get this sorted out for ya

@freben I verified same problem using ‘npx @backstage/create-app@latest’ and adding all necessary changes to enable Microsoft auth integration (about 10 lines of code and little else!).

Git repo is here: https://github.com/giocolas/backstage-microsoft-auth

Microsoft configuration is on my local file app-config.local.yaml (not included in repo)

This is backend log:

yarn run v1.22.19
$ concurrently "yarn start" "yarn start-backend"
$ yarn workspace backend start
$ yarn workspace app start
$ backstage-cli package start
$ backstage-cli package start
[0] Loaded config from app-config.yaml, app-config.local.yaml
[0] <i> [webpack-dev-server] Project is running at:
[0] <i> [webpack-dev-server] Loopback: http://localhost:3000/, http://[::1]:3000/
[0] <i> [webpack-dev-server] Content not from webpack is served from '/Users/g.colasurdo/Projects/GitHub/backstage-microsoft-auth/packages/app/public' directory
[0] <i> [webpack-dev-server] 404s will fallback to '/index.html'
[0] <i> [webpack-dev-middleware] wait until bundle finished: /
[1] Loading config from MergedConfigSource{FileConfigSource{path="/Users/g.colasurdo/Projects/GitHub/backstage-microsoft-auth/app-config.yaml"}, FileConfigSource{path="/Users/g.colasurdo/Projects/GitHub/backstage-microsoft-auth/app-config.local.yaml"}, EnvConfigSource{count=0}}
[1] 2024-03-22T14:59:57.326Z backstage info Found 2 new secrets in config that will be redacted 
[1] 2024-03-22T14:59:57.336Z rootHttpRouter info Listening on :7007 
[1] 2024-03-22T14:59:57.342Z backstage warn Generated a secret for service-to-service authentication: DEVELOPMENT USE ONLY. 
[1] 2024-03-22T14:59:57.470Z permission warn Permission backend started with permissions disabled. Enable permissions by setting permission.enabled=true. 
[1] 2024-03-22T14:59:57.488Z techdocs info Creating Local publisher for TechDocs 
[1] 2024-03-22T14:59:57.491Z auth info Configuring "database" as KeyStore provider 
[1] 2024-03-22T14:59:57.559Z scaffolder info Starting scaffolder with the following actions enabled fetch:plain, fetch:plain:file, fetch:template, debug:log, debug:wait, catalog:register, catalog:fetch, catalog:write, fs:delete, fs:rename 
[1] 2024-03-22T14:59:57.563Z search info Added DefaultCatalogCollatorFactory collator factory for type software-catalog 
[1] 2024-03-22T14:59:57.563Z search info Added DefaultTechDocsCollatorFactory collator factory for type techdocs 
[1] 2024-03-22T14:59:57.565Z search info Starting all scheduled search tasks. 
[1] 2024-03-22T14:59:57.579Z catalog info Performing database migration 
[1] 2024-03-22T14:59:57.754Z auth info Configuring auth provider: microsoft 
[1] 2024-03-22T14:59:57.776Z search info Task worker starting: search_index_software_catalog, {"version":2,"cadence":"PT10M","initialDelayDuration":"PT3S","timeoutAfterDuration":"PT15M"} task=search_index_software_catalog
[1] 2024-03-22T14:59:57.777Z search info Task worker starting: search_index_techdocs, {"version":2,"cadence":"PT10M","initialDelayDuration":"PT3S","timeoutAfterDuration":"PT15M"} task=search_index_techdocs
[1] 2024-03-22T15:00:00.781Z search info Collating documents for software-catalog via DefaultCatalogCollatorFactory documentType=software-catalog
[1] 2024-03-22T15:00:00.794Z search info Collating documents for techdocs via DefaultTechDocsCollatorFactory documentType=techdocs
[1] 2024-03-22T15:00:00.832Z rootHttpRouter info ::1 - - [22/Mar/2024:15:00:00 +0000] "GET /api/catalog/entities?limit=500&filter=metadata.annotations.backstage.io%2Ftechdocs-ref&offset=0 HTTP/1.1" 200 2 "-" "node-fetch/1.0 (+https://github.com/bitinn/node-fetch)" type=incomingRequest
[1] 2024-03-22T15:00:00.836Z search warn Index for techdocs was not created: indexer received 0 documents documentType=techdocs
[1] 2024-03-22T15:00:00.837Z search info Collating documents for techdocs succeeded documentType=techdocs
[1] 2024-03-22T15:00:00.840Z rootHttpRouter info ::1 - - [22/Mar/2024:15:00:00 +0000] "GET /api/catalog/entities?limit=500&offset=0 HTTP/1.1" 200 - "-" "node-fetch/1.0 (+https://github.com/bitinn/node-fetch)" type=incomingRequest
[1] 2024-03-22T15:00:00.850Z search info Collating documents for software-catalog succeeded documentType=software-catalog
[0] webpack compiled successfully
[1] 2024-03-22T15:00:13.429Z rootHttpRouter info ::1 - - [22/Mar/2024:15:00:13 +0000] "GET /api/auth/microsoft/refresh?optional&scope=openid%20offline_access%20profile%20email%20User.Read&env=development HTTP/1.1" 200 - "http://localhost:3000/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36" type=incomingRequest

this is how displayed in my screen:

Yeah i think the docs need to be updated now that the default is the new backend system. See this section instead:

https://backstage.io/docs/backend-system/building-backends/migrating#the-auth-plugin

It shows how you add the signIn key in config. There’s indeed no longer a plugins folder in there

Hey Peeps 👋

I’ve just upgraded my repo from 1.22.2 to 1.24.0 and I am using a GitHub oAuth App and it all seems fine to me … so far.

Not sure if it helps at all but here is the PR I have to upgrade versions.

I know @pogo61 has mentioned they are not using the oAuth App so sadly this won’t help in that case, but others above have also mentioned they have issues with oAuth.

Hopefully this helps!

Thanks!

@ryan-WORK sorry, that did nothing… same response Just to make sure we are on the same page… I’m not using OAuth, just the basic GitHub App with the PAT