I am using this project for doing Github Authentication through my own server. I have integrated the Netflify-CMS to my React-App. Once auser is logged into the React-App, he/she needs to do a separate login into Github Account again to access Netlify-CMS. I am looking for solution that moves the Github login process to backend API/ netlify-cms-github-oauth-provider code where we can store username/password of github account and there itself we perform the login and upon success, it redirects to Netlify-CMS UI directly.

This what happens currently

1. When user login in the react app and move to Netlify-CMS option, below screen appears that prompts the user to login with github again.
   

2. After clicking on "login with Github" , it redirects to github login page with the help of netlify-cms-github-oauth-provider project running on Ec2 server
   

3. After successful login , I can see the netflify-CMS UI
   

I am looking to move the 2nd step in background ,so that users of my app doesn't need to login into github separately. Is this possible with "netlify-cms-github-oauth-provider" project ??

Hi. I followed all the steps.

1. I set up the Oauth app
2. I created a heroku app and hosted the instance
3. I added the env variables to heroku
4. I added the callback URL to the Oauth app
5. I go back to my main website where the config.yml is
6. I added the backend stuff
7. I open the website and I see this

If netlify isn't going this route by default then it seems everything could all be packaged up with netlify, meaning a single repo gives you everything required, while side-stepping the default api.netlify.com lock-in.

Throwing everything into a directory then adding a route to look for it in this directory isn't too bad an approach. config.yml could be made to live outside this directory, while index.html too could live in the root as it requires customisation.

Then you can clone this repo, run a task, be up and running with your own front and backend.

I would just like to know whether there are any security risks involved, since my oauthprovider server can still be accessed with any browser and get a oath token? Wouldn't it be ideal to check from where the request is coming and then give it access or deny the request? In this case the only allowed it when I get a request from my domain and deny other domains?

Sorry I'm completely new to this.

If this is a concern, I wouldn't mind adding it to the project.

I would like to use the same instance of this auth provider to authenticate into netlify-cms for multiple websites. Can the Origin variable be a regex that allows multiple domains?

I'm trying to set a netlify oauth by running your server.
I've created the oauth in github, and set credential and secret on the server, with localhost:8080 as origin.
I then added the server as the backend of my cms configuration on the frontend app.
I can then login through github from the admin panel, but the callback just show an authentication error due to the following error: invalid state key.
I can't understand exactly what's the error and if i'm missing something

Hi all!
Could someone help me to set up this provider to work locally?

Here are my .env settings:

NODE_ENV=production
ORIGINS= // what can I specify here for localhost?
OAUTH_CLIENT_ID=GITHUB_CLIENT_ID
OAUTH_CLIENT_SECRET=GITHUB_SECRET
PORT=3001
AUTH_TARGET=_blank

Index.js callback: callbackMiddleWareInit(oauth2) missing second parameter oauthProvider
add oauthProvider works.
callback: callbackMiddleWareInit(oauth2, oauthProvider),

Can i deploy this script to firebase free plan?

Please this is the challenge i am having with netlify, Authentication Error
Authenticating failed due to the following error: Invalid state key.

Have you considered supporting other Oauth providers/backends like GitLab?

I am looking for something that will let me change the Login service in my Netlify-CMS admin panel.
For now, it is connected to self-hosted GitLab repo (no Netlify service integration, just Netlify CMS) and by default - it requires GitLab account to log in to admin.

Can I change it to Azure accounts (that would be given permissions to this gitlab repo, somehow?)

Hi 😄 I can confirm that this works well with github!

Unfortunately, I need to use it with Bitbucket Server (originally Stash)
I tried to rewrite this app, but without success...😞

I can do only Incoming link: https://confluence.atlassian.com/bitbucketserver0721/configure-an-incoming-link-1115666707.html?utm_campaign=in-app-help&utm_medium=in-app-help&utm_source=stash

Does anyone ever manage to connect it properly?
Or willing to assist me please?

I understand that this gives this app too much rights, with the scope "user,repo": write access on all the user information and all its repositories.

Is there a way to limit to write access on a specific repository?

I forked your app and replaced app.listen with module.exports = app and in my main app, I used app.use to mount it. that all works.

When I do app.use("/netlify",varReferingToNetlifyAuthProv)
(and set backend.base_url and oath Authorization callback URL acordingly)
it gets stuck at /netlify/callback?code=&state= but when I do app.use without a mount path (and set backend.base_url and oath Authorization callback URL acordingly) it goes to /callback?code=&state= and the window closes and netlify sucessfully loges in.

Github fork: https://github.com/tumblenet/netlify-cms-github-oauth-provider
API Server code: https://github.com/tumblenet/api.tumblenet.ga
static website with the cms: https://github.com/tumblenet/go.tumblenet.cu.cc

I am trying to use this code, I have successfully set up an app at Github and deployed this provider, I see login with GitHub, I have signed in using Github, but I could not log in to Netlify CMS, every time I click on login with Github it's just opening a blank page for me.

Hi there. I have managed to make everything works (window popups, you are able to authorise github, the OAuth app in github "gets" the new user) BUT eventually the popup window doesn't close and it's just blank...
Well, actually it contains just

<script>
(function() {
    function receiveMessage(e) {
    console.log("receiveMessage %o", e)
    // send message to main window with da app
    window.opener.postMessage(
        'authorization:github:success:{"token":"5b95156e2667db763606e3647d48968054716001","provider":"github"}',
        e.origin
    )
    }
    window.addEventListener("message", receiveMessage, false)
    // Start handshare with parent
console.log(window.opener)
    console.log("Sending message: %o", "github")
    window.opener.postMessage("authorizing:github", "*")
    })()
</script>

I believe that for a reason the popup cannot postmessage to the parent window (where netlifycms /admin/#/ is) and vice versa...

Any ideas will be more than welcome. Thanks in advance!

Hi vencax can you add a license when you get a chance?

My heroku logs show this:

Insecure ORIGIN pattern used. This can give unauthorized users access to your repository.
Will not run without a safe ORIGIN pattern in production.
Process exited with status 0
tate changed from starting to crashed

What's the fix?

Having the same problem. I still get the error, that the window.opener is null. It makes sense that it is null, after the redirect to github and back over the callback url. So how is that supposed to work?

Originally posted by @Tobilo in #14 (comment)

For this kind of secret I usually create a setup_env.sh and setup_env.example.sh then .gitignore the non-example version. This way secrets don't end up committed to repositories.

Does this support GitHub Enterprise using a SAML service provider such as Okta?

Hi!
I was inspired by js code, and I created my implementation on Go.

See netlify-cms-oauth-provider-go

Maybe it's interesting to someone.