1. Red Hat Interactive Learning Portal
  2. Ansible Automation learning
  3. Integrate Red Hat Developer Hub with Red Hat Ansible Automation Platform
  4. Create an OAuth application in Red Hat Ansible Automation Platform for Red Hat Developer Hub

Integrate Red Hat Developer Hub with Red Hat Ansible Automation Platform

Learning path | 11 resources | 2 hrs and 28 mins | Published on June 2, 2026

Integrate Red Hat Developer Hub with Red Hat Ansible Automation Platform under a single sign-on system using the Red Hat build of Keycloak. We cover the setup process, from deploying the necessary components to configuring single sign-on.

  1. Overview: Integrate Red Hat Developer Hub with Red Hat Ansible Automation Platform
  2. Deploy Ansible Automation Platform, the Red Hat build of Keycloak, and Red Hat Developer Hub operators Page | 25 mins
  3. Configure single sign-on with the Red Hat build of Keycloak Page | 20 mins
  4. Configure SSO authentication in Ansible Automation Platform Page | 15 mins
  5. Create an OAuth application in Red Hat Ansible Automation Platform for Red Hat Developer Hub Page | 20 mins
  6. Generate personal access tokens Page | 15 mins
  7. Enable external authentication for Ansible Automation Platform Page | 10 mins
  8. Deploy and configure Red Hat Developer Hub with Ansible Automation Platform integration Page | 15 mins
  9. Configure the plugin registry for Ansibile Automation Platform and Red Hat Developer Hub integrations Page | 10 mins
  10. Deploy Red Hat Developer Hub with the Ansible Automation Platform integration Page | 10 mins
  11. Get started with Red Hat Developer Hub with Red Hat Ansible Automation Platform integrations Page | 8 mins

Page

Create an OAuth application in Red Hat Ansible Automation Platform for Red Hat Developer Hub

June 2, 2026
Mattia Mascia
Related topics:
Automation and managementIntegrationSecurity
Related products:
Red Hat Ansible Automation PlatformRed Hat Developer Hub
Red Hat Ansible Automation Platform feature and share image

Now that we have single sign-on (SSO) established, Red Hat Developer Hub (Developer Hub) still needs a secure way to "speak" to Ansible Automation Platform. Without OAuth, Developer Hub cannot trigger job templates or sync the catalog, effectively leaving your developer portal without its automation engine. This lesson solves This lesson solves the absence of an automation engine by creating an OAuth application within Ansible Automation Platform by creating an OAuth application within Ansible Automation Platform, so Developer Hub can exchange authorization codes for access tokens. By the end of this lesson, you will have the final set of credentials needed to bridge the gap between your developer's self-service requests and the actual execution of automation playbooks.

Prerequisites:

  • You must have administrative access to a Red Hat OpenShift Container Platform cluster.
  • Install the OpenShift command-line interface (CLI) and Kustomize locally.
  • A valid Red Hat subscription is required.
  • Install Ansible Automation Platform, Keycloak, and Developer Hub operators and run the base instances on your cluster (Lesson 1).
  • Create and configure the Red Hat build of Keycloak client for SSO (Lesson 2).
  • Integrate Ansible Automation Platform with the Red Hat build of Keycloak (Lesson 3).

In this lesson, you will:

  • Create a confidential OAuth application within Ansible Automation Platform.
  • Configure redirect uniform resource identifiers (URIs) to ensure token exchange with Developer Hub.
  • Enable the skip_authorization flag via the API.

Create an OAuth application in Ansible Automation Platform for Red Hat Developer Hub

Let’s create an OAuth application in Ansible Automation Platform that Developer Hub will use to make API calls on behalf of users.

Method 1: The Ansible Automation Platform UI

If you prefer to use UI: 

  1. Log into Ansible Automation Platform as an admin.
  2. Click OAuth Applications → Create OAuth Application.

  3. Configure the application by filling in these fields as shown in Figure 1:

    The "Create Application" screen shows a form filled with the name "Developer Hub Integration," "Confidential" client type, and "Authorization code" grant type. The Redirect URIs field contains the RHDH callback URL for the rhaap provider.
    Figure 1: Ansible Automation Platform OAuth application configuration for Developer Hub integration.

Field

Value

Name

RHDH Integration

Description

OAuth application for Red Hat RHDH integration

Organization

Default (or your organization)

Redirect URIs

https://backstage-developer-hub-rhdh.apps.YOUR-CLUSTER-DOMAIN.com

Authorization grant type

Authorization code

Client type

Confidential

Redirect URIs

https://backstage-developer-hub-rhdh.apps.YOUR-CLUSTER-DOMAIN.com/api/auth/rhaap/handler/frame

 

  1. Click Save to capture credentials. Copy the Client ID and Client Secret immediately–the Client Secret is only shown once!

  2. The Ansible Automation Platform UI does not expose the skip_authorization option, so you must enable it via the API. This setting bypasses the OAuth consent screen that would normally prompt users to approve the application’s access.

    APP_ID=$(curl -sk "${AAP_URL}/api/gateway/v1/applications/" \
     -u "admin:${AAP_PASSWORD}" \
     -H "Content-Type: application/json" | \
     jq -r '.results[] | select(.name=="RHDH Integration") | .id')

 curl -sk -X PATCH \
 "${AAP_URL}/api/gateway/v1/applications/${APP_ID}/" \
 -u "admin:${AAP_PASSWORD}" \
 -H "Content-Type: application/json" \
 -d '{"skip_authorization": true}'

Method 2: Direct API calls

​​For a faster, scriptable approach, use the following commands:

  1. Set variables:

    AAP_URL=$(oc get route aap -n aap -o jsonpath='https://{.spec.host}')

AAP_PASSWORD=$(oc get secret aap-admin-password -n aap \
  -o jsonpath='{.data.password}' | base64 -d)

CLUSTER_DOMAIN=$(oc get ingresses.config.openshift.io cluster -o jsonpath='{.spec.domain}')

BACKSTAGE_URL="https://backstage-developer-hub-rhdh.${CLUSTER_DOMAIN}"

REDIRECT_URI="${BACKSTAGE_URL}/api/auth/rhaap/handler/frame"

  2. Create the OAuth application:

    RESPONSE=$(curl -sk -X POST \
  "${AAP_URL}/api/gateway/v1/applications/" \
  -u "admin:${AAP_PASSWORD}" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "RHDH Integration",
    "description": "OAuth application for Red Hat RHDH integration",
    "client_type": "confidential",
    "authorization_grant_type": "authorization-code",
    "app_url": "'"${BACKSTAGE_URL}"'",
    "redirect_uris": "'"${REDIRECT_URI}"'",
    "skip_authorization": true,
    "organization": 1
  }')

  3. Extract credentials:

    AAP_OAUTH_CLIENT_ID=$(echo $RESPONSE | jq -r '.client_id')
APP_OAUTH_CLIENT_SECRET=$(echo $RESPONSE | jq -r '.client_secret')

echo "AAP_OAUTH_CLIENT_ID=$AAP_OAUTH_CLIENT_ID" >> .env
echo "APP_OAUTH_CLIENT_SECRET=$APP_OAUTH_CLIENT_SECRET" >> .env

Troubleshooting: OAuth redirect

If the OAuth redirect from Ansible Automation Platform back to Developer Hub fails or times out after successful authentication in Keycloak, and you are stuck on a blank page after logging in, manually navigate back to your Developer Hub URL. The session cookie will have been established, and you will be logged in.

Success! The OAuth application is created, and the skip_authorization flag is enabled. You are now ready to generate personal access tokens. 

Previous resource
Configure SSO authentication in Ansible Automation Platform
Next resource
Generate personal access tokens