Skip to content
For Self-Managed AI Platform users running v11.1, see the on-premise platform documentation
Self-managed installation and maintenance > Installation and configuration guide > DataRobot advanced configuration section > OAuth providers

OAuth providers

The OAuth Providers system enables the OAuth 2.0 workflow, allowing DataRobot users to grant the system permissions to access their external resources directly within DataRobot.

DataRobot currently supports the following OAuth providers:

  • GitHub Cloud
  • GitLab Cloud
  • Bitbucket Cloud

Note

As of DataRobot 11.0, self-managed versions of GitHub, GitLab, and Bitbucket are not supported.

Note

The OAuth Providers system has been available since DataRobot 11.0. It was originally introduced to enhance the Notebooks session experience by utilizing the OAuth 2.0 flow for accessing private Git repositories, instead of relying on Personal Access Tokens for the same purpose.

Configure OAuth providers

To use OAuth providers, you must set up an OAuth application on the provider's site (e.g., GitHub) and then integrate that application with DataRobot.

GitHub

  1. Navigate to Settings > Developer Settings > GitHub Apps on the GitHub website.

    Note

    DataRobot integrates with GitHub Apps, not GitHub OAuth Apps.

  2. Fill out the Register new GitHub App form with the following settings. Replace placeholders like {YOUR_ORG_NAME} and {DATAROBOT_BASE_URL} with your specific values.

    • GitHub App name: DataRobot x {YOUR_ORG_NAME} (This can be anything, but should be unique).
    • Description: DataRobot GitHub App to authorize DataRobot to authenticate to user’s Git provider on their behalf. (This can be anything, but it is shown to end users, so make it clear what the app does).
    • Homepage URL: {DATAROBOT_BASE_URL}
    • Callback URL: {DATAROBOT_BASE_URL}/account/oauth-providers/ (include the trailing slash).
    • Expire user authorization tokens: Ensure this checkbox is selected.
    • Request user authorization (OAuth) during installation: Ensure this checkbox is selected.
    • Webhook > Active: Ensure this checkbox is un-checked.
    • Permissions:
      • Repository permissions:
        • Contents: Read & Write
        • Metadata: Read-only
        • Workflows: Read & Write
      • Organization permissions:
        • Members: Read-only
      • Account permissions:
        • Email addresses: Read-only
        • Profile: Read & Write
    • Where can this GitHub App be installed?: Select Any Account.

  3. Create the new GitHub App.

  4. Generate a new private key and save it securely. Then, go to the top of the form and generate a Client Secret. Save this secret securely as well.

  5. Copy the following information to configure your DataRobot installation:

    • The Client ID and Client Secret should be set as corresponding values of the oauth-providers-service-oauth-github Kubernetes secret: 
      data:
  OAUTH_PROVIDERS_GITHUB_CLIENT_ID: <base64 encoded Client ID>
  OAUTH_PROVIDERS_GITHUB_CLIENT_SECRET: <base64 encoded Client Secret>
    • Mount the secret in to the oauth-providers-service deployment: 
      secrets:
    - name: "OAUTH_PROVIDERS_GITHUB_CLIENT_ID"
      valueFrom:
        secretKeyRef:
          name: "oauth-providers-service-oauth-github"
          key: OAUTH_PROVIDERS_GITHUB_CLIENT_ID
    - name: "OAUTH_PROVIDERS_GITHUB_CLIENT_SECRET"
      valueFrom:
        secretKeyRef:
          name: "oauth-providers-service-oauth-github"
          key: OAUTH_PROVIDERS_GITHUB_CLIENT_SECRET
    • The Public Link for the app should be used as the OAUTH_PROVIDERS_GITHUB_APP_PUBLIC_URL configuration value in your values.yaml: 
      core:
  config_env_vars:
    OAUTH_PROVIDERS_GITHUB_APP_PUBLIC_URL: <Public Link>

GitLab

  1. Navigate to User Settings > Applications on the GitLab website.

  2. Fill out the Add new application form with the following settings:

    • Name: DataRobot x {YOUR_ORG_NAME} (This can be anything).
    • Redirect URI: {DATAROBOT_BASE_URL}/account/oauth-providers/ (include the trailing slash).
    • Confidential: Ensure this checkbox is selected.
    • Scopes: Select the following scopes:
      • api
      • read_user
      • read_repository
      • write_repository

  3. Save the configuration to create the new application.

  4. Copy the following information to configure your DataRobot installation:

    • The Application ID and Secret should be set as corresponding values of the oauth-providers-service-oauth-gitlab Kubernetes secret:

      data:
  OAUTH_PROVIDERS_GITLAB_CLIENT_ID: <base64 encoded Application ID>
  OAUTH_PROVIDERS_GITLAB_CLIENT_SECRET: <base64 encoded Secret>

    • Mount the secret in to the oauth-providers-service deployment:

      secrets:
    - name: "OAUTH_PROVIDERS_GITLAB_CLIENT_ID"
      valueFrom:
        secretKeyRef:
          name: "oauth-providers-service-oauth-gitlab"
          key: OAUTH_PROVIDERS_GITLAB_CLIENT_ID
    - name: "OAUTH_PROVIDERS_GITLAB_CLIENT_SECRET"
      valueFrom:
        secretKeyRef:
          name: "oauth-providers-service-oauth-gitlab"
          key: OAUTH_PROVIDERS_GITLAB_CLIENT_SECRET

Bitbucket

  1. Navigate to Workspace Settings → OAuth consumers.

    Note

    You must be a workspace administrator to access these settings.

  2. Fill out the Add OAuth consumer form with the following settings:

    • Name: DataRobot x {YOUR_ORG_NAME} (This can be anything).
    • Description: DataRobot OAuth App to authorize DataRobot to authenticate to user’s Git provider on their behalf. (This can be anything, but it is shown to end users).
    • Callback URL: {DATAROBOT_BASE_URL}/account/oauth-providers/ (include the trailing slash).
    • URL: https://www.datarobot.com/
    • Privacy policy URL: https://www.datarobot.com/privacy/ (optional).
    • End user license agreement URL: https://www.datarobot.com/legal/ (optional).
    • This is a private consumer: Ensure this checkbox is un-checked.
    • Permissions: Select the following permissions:
      • Account: Read, Email
      • Repositories: Read, Write, Admin, Delete

  3. Save the configuration to create the new Bitbucket OAuth app.

  4. Copy the following information to configure your DataRobot installation:

    • The Client ID and Client Secret should be set as corresponding values of the oauth-providers-service-oauth-bitbucket Kubernetes secret: 

      data:
  OAUTH_PROVIDERS_BITBUCKET_CLIENT_ID: <base64 encoded Client ID>
  OAUTH_PROVIDERS_BITBUCKET_CLIENT_SECRET: <base64 encoded Client Secret>

    • Mount the secret in to the oauth-providers-service deployment:

      secrets:
    - name: "OAUTH_PROVIDERS_BITBUCKET_CLIENT_ID"
      valueFrom:
        secretKeyRef:
          name: "oauth-providers-service-oauth-bitbucket"
          key: OAUTH_PROVIDERS_BITBUCKET_CLIENT_ID
    - name: "OAUTH_PROVIDERS_BITBUCKET_CLIENT_SECRET"
      valueFrom:
        secretKeyRef:
          name: "oauth-providers-service-oauth-bitbucket"
          key: OAUTH_PROVIDERS_BITBUCKET_CLIENT_SECRET