|
1 | 1 | # GitHub |
2 | 2 |
|
| 3 | +## Default Configuration |
| 4 | + |
| 5 | +By default, new Coder deployments use a Coder-managed GitHub app to authenticate |
| 6 | +users. We provide it for convenience, allowing you to experiment with Coder without |
| 7 | +setting up your own GitHub OAuth app. However, by using it, you allow the app's |
| 8 | +admin, Coder the company, to see: |
| 9 | + |
| 10 | +- your GitHub user email |
| 11 | +- your GitHub organization membership |
| 12 | + |
| 13 | +For production deployments, we recommend |
| 14 | +disabling the default and creating your own app. |
| 15 | + |
| 16 | +The default is automatically disabled if you configure your own app as outlined |
| 17 | +below or set: |
| 18 | + |
| 19 | +```env |
| 20 | +CODER_OAUTH2_GITHUB_DEFAULT_PROVIDER=false |
| 21 | +``` |
| 22 | + |
3 | 23 | ## Step 1: Configure the OAuth application in GitHub |
4 | 24 |
|
5 | 25 | First, |
@@ -82,3 +102,16 @@ helm upgrade <release-name> coder-v2/coder -n <namespace> -f values.yaml |
82 | 102 | > We recommend requiring and auditing MFA usage for all users in your GitHub |
83 | 103 | > organizations. This can be enforced from the organization settings page in the |
84 | 104 | > "Authentication security" sidebar tab. |
| 105 | +
|
| 106 | +## Device Flow |
| 107 | + |
| 108 | +Coder supports |
| 109 | +[device flow](https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps#device-flow) |
| 110 | +for GitHub OAuth. To enable it, set: |
| 111 | + |
| 112 | +```env |
| 113 | +CODER_OAUTH2_GITHUB_DEVICE_FLOW=true |
| 114 | +``` |
| 115 | + |
| 116 | +This is optional. We recommend using the standard OAuth flow instead, as it is |
| 117 | +more convenient for end users. |
0 commit comments