Sergey Nivens - Fotolia

Get started Bring yourself up to speed with our introductory content.

Use the Jenkins OAuth plug-in to securely pull from GitHub

The easiest way to securely push code to your remote GitHub repository from your continuous integration server is to use the Jenkins OAuth plug-in. This tutorial shows you how.

This tutorial is intended to show you just how easy it is to get started with the Jenkins OAuth plug-in. Starting from the very basics -- how to download the application WAR file and pull code from GitHub -- this Jenkins tutorial will demonstrate how to register a Jenkins OAuth application on GitHub, where to download the Jenkins OAuth plug-in and how to use Jenkins OAuth credentials to securely push and pull code to and from GitHub.

Step 1: Download the Jenkins WAR using wget

If you do not already have an instance of Jenkins running on your local machine, you will need to download and install the Jenkins product. There are several ways to do this. One way is to simply download the jenkins.war file and install it into an existing servlet engine, like WebSphere Liberty or WildFly. However, the jenkins.war file also comes with an embedded servlet runtime, so the WAR can be run independent of an existing servlet engine. Using the embedded runtime is how we will use Jenkins in this tutorial. The jenkins.war file can be downloaded either by going to the Jenkins website or issuing the following wget command from a shell screen or disk OS prompt.


Step 2: Start Jenkins

java -jar jenkins.war

After starting Jenkins, the standard output (stdout) console will display an admin password for logging into the tool. Take note of this password; you'll need it for the next step.

Jenkins initial setup is required. An admin user has been created and a password generated.
Please use the following password to proceed to installation:

(get your own)

Step 3: Log in to the Jenkins admin console

Open the Jenkins admin console at http:(your Jenkins server):8080, and log in with the admin user and your stdout password.

main screen

The screen above is the main screen. Each of these items are projects -- i.e., a set of instructions to do something. In this case, we will download Java code from Github and compile it.

Step 4: Install the Jenkins OAuth plug-in

GitHub is used by many organizations as a source code repository. The easiest way to securely authenticate with GitHub through Jenkins is to use the Jenkins OAuth plug-in for GitHub.

To install the plug-in, go to the Manage Plug-ins page of the Jenkins admin console. Click on Available, and filter for Git. Then, select GitHub Authentication Plug-in.

Click at the bottom of the screen to install the Jenkins OAuth plug-in. Restart Jenkins when the installation is complete.

The screen will look as follows as it downloads and installs the various components it needs:

installing plug-ins

Step 5: Register the Jenkins OAuth application on GitHub

Navigate to the following URL to register a new OAuth application on GitHub. If you are not already logged into GitHub with an active account, accessing this page will ask you to log in or register. After doing so, the option to register a new OAuth application becomes available.

This step does not create a new code repository. Instead, this exists for creating authentication credentials. These credentials will be used as a repository for CI tool communication and will help simplify security between your DevOps tools.

The screen is shown below. Note the callback URL and homepage items:

Application name

Put any name, like JenkinsIntegration.

Homepage URL

This does not really mean where to pull the code from. We will do that in a subsequent step. In the meantime, use this value:

Authorization callback URL

https://(your Jenkins server)/securityRealm/finishLogin

OAuth app

Once submitted, GitHub will provide an application number. Save this.

Jenkins app

These are the credentials to save:

Client ID
(get your own)
Client Secret
(get your own)

Step 6: Configure OAuth security in Jenkins

From the Jenkins admin console, navigate to the Configure Global Security page.

Fill out the screen as shown below, and put in your own credentials and Jenkins server IP. If you need some Java code, use this repository. For now, you can select the authorization anyone can do anything. For a production system, you would want to set that up to pull user IDs from Lightweight Directory Access Protocol, such as Active Directory or another source.

configure security

Step 7: Create a Jenkins job

Now, from the Jenkins main screen, select New Item, and create a Freestyle project:


Fill out the screen as shown above. This tells it to poll the github project every 15 minutes looking for changes. Then, we execute the simple shell command javac to compile the source code. In a more complex example, you would use Maven, Ant, sbt for Scala or another command, depending on which language you use and which DevOps tools you have at your disposal. You can also have multiple commands, such as building a JAR file and running unit test code.

Step 8: Run the Jenkins job

Save that, and then, click Build Now to pull down the source code and compile it. Then, click Status, and click the down arrow next to Last Successful Build. Select Console Output. It should look as follows and say Success at the end:

Started by user admin
Building in workspace /root/.jenkins/workspace/Pipeline Walker
Cloning the remote Git repository
Cloning repository
 > git init /root/.jenkins/workspace/Pipeline Walker # timeout=10
Fetching upstream changes from
 > git --version # timeout=10
 > git fetch --tags --progress +refs/heads/*:refs/remotes/origin/*
 > git config remote.origin.url # timeout=10
 > git config --add remote.origin.fetch +refs/heads/*:refs/remotes/origin/* # timeout=10
 > git config remote.origin.url # timeout=10
Fetching upstream changes from
 > git fetch --tags --progress +refs/heads/*:refs/remotes/origin/*
 > git rev-parse refs/remotes/origin/master^{commit} # timeout=10
 > git rev-parse refs/remotes/origin/origin/master^{commit} # timeout=10
Checking out Revision 419aeb5f194131ae6982ddd13061ac5d3a62530a (refs/remotes/origin/master)
 > git config core.sparsecheckout # timeout=10
 > git checkout -f 419aeb5f194131ae6982ddd13061ac5d3a62530a
Commit message: "Create subtitles.bat"
First time build. Skipping changelog.
[Pipeline Walker] $ /bin/sh -xe /tmp/
+ javac
Finished: SUCCESS

And that's it! That demonstrates how easy it is to secure communications between the local build tool and the remote source code repository by using the Jenkins OAuth plug-in for GitHub.

This was last published in April 2018

Dig Deeper on Java DevOps

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

What other tools do you use, other than the Jenkins OAuth plug-in, to securely communicate from your CI server to remote, cloud-based resources?