|
1 | 1 | # GitHub |
2 | 2 |
|
| 3 | +## Default Configuration |
| 4 | + |
| 5 | +By default, new Coder deployments use a Coder-managed GitHub app to authenticate |
| 6 | +users. We provide it for convenience, allowing you to experiment with Coder |
| 7 | +without setting up your own GitHub OAuth app. Once you authenticate with it, you |
| 8 | +grant Coder - both the self-hosted server and the company - read access to: |
| 9 | + |
| 10 | +- Your GitHub user email |
| 11 | +- Your GitHub organization membership |
| 12 | +- Other metadata listed during the authentication flow |
| 13 | + |
| 14 | +This access is necessary for the Coder server to complete the authentication |
| 15 | +process. Coder, the company, also receives access because it administers the |
| 16 | +app. |
| 17 | + |
| 18 | +The default is automatically disabled if you configure your own app as outlined |
| 19 | +below or set: |
| 20 | + |
| 21 | +```env |
| 22 | +CODER_OAUTH2_GITHUB_DEFAULT_PROVIDER=false |
| 23 | +``` |
| 24 | + |
3 | 25 | ## Step 1: Configure the OAuth application in GitHub |
4 | 26 |
|
5 | 27 | First, |
@@ -82,3 +104,16 @@ helm upgrade <release-name> coder-v2/coder -n <namespace> -f values.yaml |
82 | 104 | > We recommend requiring and auditing MFA usage for all users in your GitHub |
83 | 105 | > organizations. This can be enforced from the organization settings page in the |
84 | 106 | > "Authentication security" sidebar tab. |
| 107 | +
|
| 108 | +## Device Flow |
| 109 | + |
| 110 | +Coder supports |
| 111 | +[device flow](https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps#device-flow) |
| 112 | +for GitHub OAuth. To enable it, set: |
| 113 | + |
| 114 | +```env |
| 115 | +CODER_OAUTH2_GITHUB_DEVICE_FLOW=true |
| 116 | +``` |
| 117 | + |
| 118 | +This is optional. We recommend using the standard OAuth flow instead, as it is |
| 119 | +more convenient for end users. |
0 commit comments