# Configure GitHub OAuth Configure GitHub and Spinnaker to use GitHub as an OAuth2 authenticator. ### **Prerequisites** * Ability to modify developer settings for your GitHub organization * Access to Halyard * A Spinnaker deployment with DNS and SSL configured ### **Configure GitHub OAuth in GitHub** 1. Login to GitHub and go to **Settings > Developer Settings > OAuth Apps > New OAuth App** 2. Make note of the **Client ID / Client Secret** 3. Homepage URL: This would be the URL of your Spinnaker service e.g. 4. Authorization callback URL: This is going to match your `--pre-established-redirect-uri` in halyard and the URL needs login appended to your gate endpoint. Example **or** ### **Configure GitHub OAuth in Spinnaker** {% tabs %} {% tab title="Operator" %} Add the following snippet to your `SpinnakerService` manifest under the `spec.spinnakerConfig.config.security.authn` level: ``` oauth2: enabled: true client: clientId: a08xxxxxxxxxxxxx93 clientSecret: 6xxxaxxxxxxxxxxxxxxxxxxx59 # Secret Enabled Field scope: read:org,user:email preEstablishedRedirectUri: https://gate.spinnaker.acme.com/login provider: GITHUB ``` {% endtab %} {% tab title="Halyard" %} Run the following commands in Halyard with your Client ID and Client Secret. ``` CLIENT_ID=a08xxxxxxxxxxxxx93 CLIENT_SECRET=6xxxaxxxxxxxxxxxxxxxxxxx59 PROVIDER=GITHUB hal config security authn oauth2 edit \ --client-id $CLIENT_ID \ --client-secret $CLIENT_SECRET \ --provider $PROVIDER \ --scope read:org,user:email \ --pre-established-redirect-uri "https://gate.spinnaker.acme.com/login" hal config security authn oauth2 enable ``` {% endtab %} {% endtabs %} ### Additional OAuth resources * Spinnaker: [OAuth](https://www.spinnaker.io/setup/security/authentication/oauth/) * Github: [OAuth ](https://help.github.com/en/articles/authorizing-oauth-apps)and * SSL Spinnaker: [SSL](https://www.spinnaker.io/setup/security/ssl/)