Support GitHub App authentication in Backend Proxies (not only GitHub token)
under review
I
Iced lavender Hare
Description:
Today Backend Proxies only support GitHub token (PAT) authentication. We’d like to use GitHub Apps instead (App ID / Installation ID / Private Key) since GitHub Apps are the more secure and recommended integration model.
Why this matters / impact:
• Many enterprises avoid PATs due to broad scopes and operational overhead (rotation/user-coupling).
• GitHub Apps provide least-privilege, auditable, installation-based access.
• Lack of GitHub App support blocks adoption of Backend Proxies for teams with strict security/governance requirements.
Requested enhancement:
Add a GitHub App authentication option to Backend Proxies, using the GitHub App installation token flow, including clear guidance on required permissions.
Log In
Rashmi Hegde
marked this post as
under review
We are currently evaluating this. As this plugin is part of backstage, enhancing this is not an easy solve and we are looking at options. As we evaluate this, couple of questions that will help us understand better:
1) In what use cases would the proxy be used?
2) Would it be on behalf of user or independently?