@@ -25,16 +25,12 @@ application. The following providers are supported:
2525- [ Azure DevOps] ( https://learn.microsoft.com/en-us/azure/devops/integrate/get-started/authentication/oauth?view=azure-devops )
2626- [ Azure DevOps (via Entra ID)] ( https://learn.microsoft.com/en-us/entra/architecture/auth-oauth2 )
2727
28- Example callback URL:
29- ` https://coder.example.com/external-auth/primary-github/callback ` . Use an
30- arbitrary ID for your provider (e.g. ` primary-github ` ).
31-
32- Set the following environment variables to
33- [ configure the Coder server] ( ./configure.md ) :
28+ The next step is to [ configure the Coder server] ( ./configure.md ) to use the
29+ OAuth application by setting the following environment variables:
3430
3531``` env
36- CODER_EXTERNAL_AUTH_0_ID="primary-github "
37- CODER_EXTERNAL_AUTH_0_TYPE=github|gitlab|azure-devops|bitbucket-cloud|bitbucket-server|<name of service e.g. jfrog >
32+ CODER_EXTERNAL_AUTH_0_ID="<USER_DEFINED_ID> "
33+ CODER_EXTERNAL_AUTH_0_TYPE=< github|gitlab|azure-devops|bitbucket-cloud|bitbucket-server|etc >
3834CODER_EXTERNAL_AUTH_0_CLIENT_ID=xxxxxx
3935CODER_EXTERNAL_AUTH_0_CLIENT_SECRET=xxxxxxx
4036
@@ -43,11 +39,22 @@ CODER_EXTERNAL_AUTH_0_DISPLAY_NAME="Google Calendar"
4339CODER_EXTERNAL_AUTH_0_DISPLAY_ICON="https://mycustomicon.com/google.svg"
4440```
4541
42+ The ` CODER_EXTERNAL_AUTH_0_ID ` environment variable is used for internal
43+ reference. Therefore, it can be set arbitrarily (e.g., ` primary-github ` for your
44+ GitHub provider).
45+
4646### GitHub
4747
48+ > If you don't require fine-grained access control, it's easier to configure a
49+ > GitHub OAuth app!
50+
48511 . [ Create a GitHub App] ( https://docs.github.com/en/apps/creating-github-apps/registering-a-github-app/registering-a-github-app )
49- to enable fine-grained access to specific repositories, or a subset of
50- permissions for security.
52+
53+ - Set the callback URL to
54+ ` https://coder.example.com/external-auth/USER_DEFINED_ID/callback ` .
55+ - Deactivate Webhooks.
56+ - Enable fine-grained access to specific repositories or a subset of
57+ permissions for security.
5158
5259 ![ Register GitHub App] ( ../images/admin/github-app-register.png )
5360
@@ -69,6 +76,13 @@ CODER_EXTERNAL_AUTH_0_DISPLAY_ICON="https://mycustomicon.com/google.svg"
6976
7077 ![ Install GitHub App] ( ../images/admin/github-app-install.png )
7178
79+ ``` env
80+ CODER_EXTERNAL_AUTH_0_ID="USER_DEFINED_ID"
81+ CODER_EXTERNAL_AUTH_0_TYPE=github
82+ CODER_EXTERNAL_AUTH_0_CLIENT_ID=xxxxxx
83+ CODER_EXTERNAL_AUTH_0_CLIENT_SECRET=xxxxxxx
84+ ```
85+
7286### GitHub Enterprise
7387
7488GitHub Enterprise requires the following environment variables:
@@ -204,6 +218,50 @@ add this to the
204218git config --global credential.useHttpPath true
205219```
206220
221+ ### Kubernetes environment variables
222+
223+ If you deployed Coder with Kubernetes you can set the environment variables in
224+ your ` values.yaml ` file:
225+
226+ ``` yaml
227+ coder :
228+ env :
229+ # […]
230+ - name : CODER_EXTERNAL_AUTH_0_ID
231+ value : USER_DEFINED_ID
232+
233+ - name : CODER_EXTERNAL_AUTH_0_TYPE
234+ value : github
235+
236+ - name : CODER_EXTERNAL_AUTH_0_CLIENT_ID
237+ valueFrom :
238+ secretKeyRef :
239+ name : github-primary-basic-auth
240+ key : client-id
241+
242+ - name : CODER_EXTERNAL_AUTH_0_CLIENT_SECRET
243+ valueFrom :
244+ secretKeyRef :
245+ name : github-primary-basic-auth
246+ key : client-secret
247+ ` ` `
248+
249+ You can set the secrets by creating a ` github-primary-basic-auth.yaml` file and
250+ applying it.
251+
252+ ` ` ` yaml
253+ apiVersion: v1
254+ kind: Secret
255+ metadata:
256+ name: github-primary-basic-auth
257+ type: Opaque
258+ stringData:
259+ client-secret: xxxxxxxxx
260+ client-id: xxxxxxxxx
261+ ` ` `
262+
263+ Make sure to restart the affected pods for the change to take effect.
264+
207265# # Require git authentication in templates
208266
209267If your template requires git authentication (e.g. running `git clone` in the
0 commit comments