"Connect your Github Account" fails to load Github repos, 403 Error in console, AFTER credentials are saved.

Describe the bug

[UPDATE] ( After successfully saving Github OAuth Credentials in the Github prompt) When clicking “Connect your Github account” in Add Projects to browse projects in Github. the pop-up flashes, the repositories fail to load, and che throws a 403 error in the console. ““Client [che-public] not authorized to retrieve tokens from identity provider [github].”},“status”:403,”

Keycloak log: (kubectl logs pod/keycloak-c5b98d95f-lk2bt -n che) (Same as Keycloak.log output below)

Keycloak Settings for Github Identity Provider Some of the configurations look a little different from the documentation because I’ve been looking at some old closed issues trying to fix this one. See: https://github.com/eclipse/che/issues/9399

Documentation on Github OAuth here… https://www.eclipse.org/che/docs/che-7/end-user-guide/configuring-github-oauth/ doesn’t match what my keycloak instance looks like as seen above. There is a “Mappers” tab. Is there missing configuration? I’ve tried some role mapping without success.

Che version

• latest
• nightly
• other: 7.17.0 (Multiuser)

Steps to reproduce

Expected behavior

Runtime

• [ x] kubernetes (microk8s) (include output of kubectl version) Client Version: version.Info{Major:“1”, Minor:“18”, GitVersion:“v1.18.8”, GitCommit:“9f2892aab98fe339f3bd70e3c470144299398ace”, GitTreeState:“clean”, BuildDate:“2020-08-26T20:32:49Z”, GoVersion:“go1.13.15”, Compiler:“gc”, Platform:“linux/amd64”} Server Version: version.Info{Major:“1”, Minor:“16”, GitVersion:“v1.16.15”, GitCommit:“2adc8d7091e89b6e3ca8d048140618ec89b39369”, GitTreeState:“clean”, BuildDate:“2020-09-02T11:31:21Z”, GoVersion:“go1.13.15”, Compiler:“gc”, Platform:“linux/amd64”}

Screenshots

Installation method

• chectl
  • provide a full command that was used to deploy Eclipse Che (including the output) (I don’t know exactly, but I did use microk8s context, multiuser, tls, and helm)
  • provide an output of chectl version command chectl/7.17.0 linux-x64 node-v10.22.0
• OperatorHub
• I don’t know

Environment

• my computer
  • Windows
  • [ x] Linux (Ubuntu 18 LTS)
  • macOS
• Cloud
  • Amazon
  • Azure
  • GCE
  • other (please specify)
• other: please specify

Eclipse Che Logs

logs from keycloak.log ^[[0m^[[33m03:47:19,928 WARN [org.keycloak.connections.httpclient.DefaultHttpClientFactory] (default task-2) Truststore is disabled ^[[0m^[[33m03:47:21,638 WARN [org.keycloak.events] (default task-2) type=IDENTITY_PROVIDER_RETRIEVE_TOKEN_ERROR, realmId=che, clientId=null, userId=null, ipAddress=127.0.0.1, error=Client [che-public] not authorized to retrieve tokens from identity provider [github]. ^[[0m^[[31m03:47:21,638 ERROR [org.keycloak.services.resources.IdentityBrokerService] (default task-2) Client [che-public] not authorized to retrieve tokens from identity provider [github]. ^[[0m^[[33m04:05:41,455 WARN [org.keycloak.events] (default task-2) type=REFRESH_TOKEN_ERROR, realmId=master, clientId=security-admin-console, userId=null, ipAddress=127.0.0.1, error=invalid_token, grant_type=refresh_token, client_auth_method=client-secret

Additional context

This is a multi-user installation. I also added my Github OAuth client id, and secret to the configmap (as described for a single-user install) in an unsuccessful attempt to get things working. The “Authorization Callback URL” in Github, is a copy/paste of the, Redirect URI in Keycloak as shown above…