🚀 github-actions: Use GitHub Application to generate user tokens

[brettcurtis]

Plugin Name

github-actions

🔖 Feature description

Support for authentication on behalf of a user or authentication as an application. I'm not sure I understand the requirements enough to choose one. Ultimately, I'm trying to avoid multiple authentication flows.

🎤 Context

This plugin requires an OAuth App in your GitHub organization to log in. This is awkward when using another authentication provider for Backstage, as you're required to log in twice. We already have a GitHub application configured for Backstage. The ideal setup would authenticate on behalf of a user using the app to create a user access token. I'm assuming something like this is possible in the plugin since other applications like Datadog are installed with only a GitHub App that does not require multiple logins.

✌️ Possible Implementation

No response

👀 Have you spent some time to check if this feature request has been raised before?

• I checked and didn't find similar issue

🏢 Have you read the Code of Conduct?

• I have read the Code of Conduct

Are you willing to submit PR?

None

[vinzscam]

I think the extra authorization step is due to the extra permissions (repo scope) that the plugin requires. When you login into Backstage, the repo scope isn't needed, therefore you need to authorize again.

[brettcurtis]

Howdy @vinzscam - thanks for the response. I'm using Google IAP for authentication, so setting up another authentication provider feels off. I suppose most folks are using GitHub for authentication so this doesn't apply. Anyway, I just thought it would be nice if the already configured GitHub App that I use for GitHub Org Data could authenticate on behalf of a user or authenticate as an application to get the required scopes.