Create an OAuth Application

How to prepare an authentication provider for login to CI Fuzz Web Interface

To use SSO with GitHub, GitLab, or bitbucket, you need to create an OAuth app. We will use GitHub and bitbucket as examples. For GitLab , it works similarly.

GitHub

At GitHub, open the developer settings to register a new OAuth application. As Authorization callback URL use:

https://<my domain>/auth/github/callback

<my domain> is a placeholder for the server's domain that will run the CI Fuzz Server. GitHub will generate a Client ID and a Client Secret. We will need those later.

Create GitHub OAuth-App for CI Fuzz

Github OAauth App Secret for CI Fuzz

Bitbucket.org

In bitbucket cloud (bitbucket.org), go to any workspace, click settings, oauth consumers, add consumer. As the callback url, use:

https://<my domain>:<port>/auth/bitbucket/callback

Port is mandatory, even if it's the default port 443. Give it the email and read permissions in Account.

Bitbucket On-Premise

In bitbucket server on-premise the administrator need to go to settings and select option application links. Then a new application link to the ci-server need to be created. 

bitbucket_configure_application_links

In the first dialog window you can just continue. In the second dialog window an application name need to be typed in, a generic application need to be selected and the create incoming link checkbox need to be selected.

Connect CI Fuzz to Bitbucket Server

 

In the next dialog window, use the following values:

  • Consumer Key: "OAuthKey"
  • Consumer Name: "CI Fuzz"
  • Public Key: The public key from below

For the authentication of the ci-fuzz server a RSA key need to be generated. You can either first do steps 3 to 6 to generate it automatically by starting ci-fuzz server.  After start up of ci-fuzz server the files oauth1.pub and oauth1.pcks8 are created in /root/.local/share/code-intelligence. You can also create them manually. To create them manually you can use the following openssl commands:

openssl genrsa -out oauth1.pem 4096
openssl pkcs8 -topk8 -nocrypt -in oauth1.pem -out oauth1.pkcs8
openssl req -newkey rsa:4096 -x509 -key oauth1.pem -out oauth1.cer -days 365
openssl x509 -pubkey -noout -in oauth1.cer -out oauth1.pub

Afterwards they need to be and placed in /root/.local/share/code-intelligence on the ci-fuzz server. The pubic key then can be used in the third dialog window.

Setup OAuth for CI Fuzz in Bitbucket


GitLab

Go to Applications in your User Settings. Choose a name, set the Redirect URI and make sure to enable the read_user scope.

Connect CI Fuzz to GitLab