Unified Language User Guides
iCR User Guide 5.0
iCR User Guide 5.0
  • Table of contents
    • Introduction
    • Overview
    • Authorizing Access to Your Source Code
      • Authenticating GitHub Cloud Access Using OAuth
      • Authenticating GitHub Cloud Access Using PAT
      • Authenticating GitHub Enterprise Access Using OAuth
      • Authenticating GitHub Enterprise Access Using PAT
      • Authenticating GitLab Cloud Access Using OAuth
      • Authenticating GitLab Cloud Access Using PAT
      • Authenticating GitLab Enterprise Access Using OAuth
      • Authenticating GitLab Enterprise Access Using PAT
      • Authenticating Bitbucket Cloud Access using OAuth
    • Using the Navigator
      • Connecting to the Navigator
      • Setting your User Password
      • Updating your User Information
      • The Navigator top banner
      • The Analysis Engine status
      • Selecting Your Source Code
        • Using a cloud-based VCS
        • Selecting your branch
        • Using a private VCS
        • Using a local project
        • Limiting the files to be analyzed
      • Integrating with your bug tracking system
        • Integrating with Jira - Define Your Project
        • Integrating with Jira - Authorizing Access for iCR
        • Integrating with Jira - Connecting with iCR
    • Using the Analysis Engine
      • Initiating an analysis
      • Monitoring the analysis
      • Interrupting the analysis
    • Reviewing your results
      • Reviewer summary and filters
        • Filter by Severity
        • Filter by Category
        • Filter by CWE
        • Filter by OWASP
        • Filter by Directory
      • Reviewing a fix
      • Accepting a fix
        • Accepting a fix when integrated with your bug system
      • Rejecting a fix
        • Rejecting a fix when integrated with your bug system
      • Undoing a fix
        • Undoing a fix when integrated with your bug system
      • Rejected fix history
      • Providing feedback
      • Applying the fixes
      • Cases needing manual attention
      • Comparing Analyses
      • Capturing results for printing or sharing
      • Ending a reviewer session
    • When you are complete
    • Integrating iCR Into Your CI/CD Workflows
      • Jenkins Workflow
        • Installing the plugin
        • Configuring the plugin
          • Creating a Personal Access Token
          • Copying Your Repository's URL
        • Viewing the Results
      • GitHub Actions Workflow
        • GitHub Actions Overview
        • Preparing the GitHub Workflow
          • Environment Variables
          • User Supplied Secrets
          • Setting the User Defined Secrets Values
        • Executing the Workflow
      • GitLab CI/CD Workflow
        • GitLab CI/CD OverView
        • Configuring the GitLab Script variables
          • Environment Variables
          • User Supplied Variables
          • Creating a Personal Access Token
          • Setting the User Defined Variable Values
        • Executing the Workflow
      • Multiple Workflows
    • Appendix – Language Specific Fixer Lists
    • Appendix - Sample Bug Listing
    • Appendix - Getting a BitBucket App Password for JENKINS
Powered by GitBook
On this page
  1. Table of contents
  2. Authorizing Access to Your Source Code

Authenticating GitHub Cloud Access Using OAuth

PreviousAuthorizing Access to Your Source CodeNextAuthenticating GitHub Cloud Access Using PAT

Last updated 4 months ago

To gain access to your GitHub cloud-based projects, you need to authorize iCR to access them using OAuth. Here is how that is done.

This will open the page allowing you to add iCR to the set of approved third parties from which you will accept login redirect requests.

Clicking New OAuth App will open the window shown below.

You can enter a helpful string, such as “User Guide iCR” for the Application name. The Homepage URL will need to use the URL of your host system.

NOTE: If a URL has not been generated for your iCR server, you may substitute the IP address of the server.

For the purposes of this guide, we will use an example URL:

https://qa2.openrefactory.com

iCR uses a specific port communicate with the browser. The default port number is 3001 although that could be changed by your system administrator so check with them if something other than the default port is being used. For these examples, we will use the default value of 3001, so that needs to be added to the Homepage URL. Using our example URL, you would enter:

 https://qa2.openrefactory.com:3001

The application description is optional so you can leave it blank. Note that this information will not necessarily be seen by anyone logging into GitHub. Once the OAuth app is created, Users will log in to GitHub using their private credentials and will not see this information.

The Authorization callback URL needs to use iCR's callback URL. So enter:

 https://qa2.openrefactory.com:3001/api/login/github/return

Clicking on “Register Application” opens a window that asks you to create the secret keys that you will use on your server to authenticate it with GitHub.

You will need both the client ID Ov23liSqjObQGq00SedY and the client secret 4455b7a77f61cfa3a90a2503359ac41144e9d80d. Copy and paste these values in a convenient place as you will need to present them to the Navigator when you first select GitHub cloud as your preferred VCS, as described in .

Selecting Your Source Code