Portainer OAuth Authentication
Login into Portainer using your Github account or even better.. your private Gitea account (with 2FA)
Github
Login into Github and go to https://github.com/settings/profile on the right side menu near the end enter Developer settings and select OAuth Apps
Create your app details
Application name: Whatever you wanna call it
Homepage URL: eg: http://IP:9000
Application description: can be empty
Authorization callback URL: eg: http://IP:9000
After Github creates the application click on Generate a new client secret and copy Client ID and the Secret it created.
This is it Github Part is finish!
Portainer
Open Portainer UI and go to Settings on the right side menu then click on Authentication under it.
Now choose this options, you can use other Session lifetime if you want
Automatic user provisioning: If set ON anyone with Github account will be able to login and Portainer will automaticily create the user without authorizations, better leave it off and handle the users creation/allowance to you.
OAuth Configuration
| Client ID | ClientID you copied from Github |
| Client secret | Secret you copied from Github |
| Authorization URL | https://github.com/login/oauth/authozize |
| Access token URL | https://github.com/login/oauth/access_token |
| Resource URL | https://api.github.com/user |
| Redirect URL | your Portainer URL eg: http://IP:9000 |
| Logout URL | leave empty |
| User identifier | login |
| Scopes | id,email,name |
Remember Gitea Username and Portainer Username need to math otherwise create a new username in Portainer with same name or enable Automatic user provisioning and then after login disable it again
Gitea
For Gitea instead of Github, enter your user Settings and go to Applications and create a new one.
Redirect URL= use your Portainer URL, eg: http://IP:9000
After that is created, Gitea will give you the ClientID and Secret you should save to use with Portainer.
Now for Gitea the configs are a little different, follow:
| Client ID | ClientID you copied from Gitea |
| Client secret | Secret you copied from Gitea |
| Authorization URL | http://GITEA_URL/login/oauth/authorize |
| Access token URL | http://GITEA_URL/login/oauth/access_token |
| Resource URL | http://GITEA_URL/login/oauth/userinfo |
| Redirect URL | your Portainer URL eg: http://IP:9000 |
| Logout URL | leave empty |
| User identifier | preferred_username |
| Scopes | leave empty |
Should now be configured and you should be able to login using your Gitea Account
Remember Gitea Username and Portainer Username need to math otherwise create a new username in Portainer with same name or enable Automatic user provisioning and then after login disable it again
Let me know what you think of this article on twitter @Sthope_dev or leave a comment below!