@@ -15,11 +15,10 @@ application. The following providers are supported:
1515- [ Azure DevOps] ( https://learn.microsoft.com/en-us/azure/devops/integrate/get-started/authentication/oauth?view=azure-devops )
1616- [ Azure DevOps (via Entra ID)] ( https://learn.microsoft.com/en-us/entra/architecture/auth-oauth2 )
1717
18- The next step is to configure the Coder server to use the OAuth application by
19- setting the following environment variables:
20-
2118## Configuration
2219
20+ After you create an OAuth application, set environment variables to configure the Coder server to use it:
21+
2322``` env
2423CODER_EXTERNAL_AUTH_0_ID="<USER_DEFINED_ID>"
2524CODER_EXTERNAL_AUTH_0_TYPE=<github|gitlab|azure-devops|bitbucket-cloud|bitbucket-server|etc>
@@ -35,7 +34,7 @@ The `CODER_EXTERNAL_AUTH_0_ID` environment variable is used for internal
3534reference. Therefore, it can be set arbitrarily (e.g., ` primary-github ` for your
3635GitHub provider).
3736
38- You can now add the following code to any template. This will add a button to the workspace setup page which will allow you to authenticate with your provider.
37+ You can now add the following code to any template. This will add a button to the workspace setup page which will allow you to authenticate with your provider:
3938
4039``` tf
4140data "coder_external_auth" "<github|gitlab|azure-devops|bitbucket-cloud|bitbucket-server|etc>" {
@@ -50,7 +49,7 @@ data "coder_external_auth" "github" {
5049
5150```
5251
53- Inside your terraform code, you now have access to authentication variables. Reference the documentation for your chosen provider for more information on how to supply it with a token.
52+ Inside your Terraform code, you now have access to authentication variables. Reference the documentation for your chosen provider for more information on how to supply it with a token.
5453
5554### Workspace CLI
5655
@@ -60,6 +59,60 @@ An access token can be accessed within the workspace by using
6059coder external-auth < USER_DEFINED_ID> access-token
6160```
6261
62+ ## Azure DevOps
63+
64+ Azure DevOps requires the following environment variables:
65+
66+ ``` env
67+ CODER_EXTERNAL_AUTH_0_ID="primary-azure-devops"
68+ CODER_EXTERNAL_AUTH_0_TYPE=azure-devops
69+ CODER_EXTERNAL_AUTH_0_CLIENT_ID=xxxxxx
70+ # Ensure this value is your "Client Secret", not "App Secret"
71+ CODER_EXTERNAL_AUTH_0_CLIENT_SECRET=xxxxxxx
72+ CODER_EXTERNAL_AUTH_0_AUTH_URL="https://app.vssps.visualstudio.com/oauth2/authorize"
73+ CODER_EXTERNAL_AUTH_0_TOKEN_URL="https://app.vssps.visualstudio.com/oauth2/token"
74+ ```
75+
76+ ## Azure DevOps (via Entra ID)
77+
78+ Azure DevOps (via Entra ID) requires the following environment variables:
79+
80+ ``` env
81+ CODER_EXTERNAL_AUTH_0_ID="primary-azure-devops"
82+ CODER_EXTERNAL_AUTH_0_TYPE=azure-devops-entra
83+ CODER_EXTERNAL_AUTH_0_CLIENT_ID=xxxxxx
84+ CODER_EXTERNAL_AUTH_0_CLIENT_SECRET=xxxxxxx
85+ CODER_EXTERNAL_AUTH_0_AUTH_URL="https://login.microsoftonline.com/<TENANT ID>/oauth2/authorize"
86+ ```
87+
88+ > Note: Your app registration in Entra ID requires the ` vso.code_write ` scope
89+
90+ ## Bitbucket Server
91+
92+ Bitbucket Server requires the following environment variables:
93+
94+ ``` env
95+ CODER_EXTERNAL_AUTH_0_ID="primary-bitbucket-server"
96+ CODER_EXTERNAL_AUTH_0_TYPE=bitbucket-server
97+ CODER_EXTERNAL_AUTH_0_CLIENT_ID=xxx
98+ CODER_EXTERNAL_AUTH_0_CLIENT_SECRET=xxx
99+ CODER_EXTERNAL_AUTH_0_AUTH_URL=https://bitbucket.domain.com/rest/oauth2/latest/authorize
100+ ```
101+
102+ ## Gitea
103+
104+ ``` env
105+ CODER_EXTERNAL_AUTH_0_ID="gitea"
106+ CODER_EXTERNAL_AUTH_0_TYPE=gitea
107+ CODER_EXTERNAL_AUTH_0_CLIENT_ID=xxxxxxx
108+ CODER_EXTERNAL_AUTH_0_CLIENT_SECRET=xxxxxxx
109+ # If self managed, set the Auth URL to your Gitea instance
110+ CODER_EXTERNAL_AUTH_0_AUTH_URL="https://gitea.com/login/oauth/authorize"
111+ ```
112+
113+ The Redirect URI for Gitea should be
114+ ` https://coder.company.org/external-auth/gitea/callback ` .
115+
63116## GitHub
64117
65118> If you don't require fine-grained access control, it's easier to configure a
@@ -75,8 +128,8 @@ coder external-auth <USER_DEFINED_ID> access-token
75128
76129 ![ Register GitHub App] ( ../images/admin/github-app-register.png )
77130
78- 2 . Adjust the GitHub App permissions. You can use more or less permissions than
79- are listed here, this is merely a suggestion that allows users to clone
131+ 2 . Adjust the GitHub app permissions. You can use more or fewer permissions than
132+ are listed here, this example allows users to clone
80133 repositories:
81134
82135 ![ Adjust GitHub App Permissions] ( ../images/admin/github-app-permissions.png )
@@ -115,46 +168,6 @@ CODER_EXTERNAL_AUTH_0_AUTH_URL="https://github.example.com/login/oauth/authorize
115168CODER_EXTERNAL_AUTH_0_TOKEN_URL="https://github.example.com/login/oauth/access_token"
116169```
117170
118- ## Bitbucket Server
119-
120- Bitbucket Server requires the following environment variables:
121-
122- ``` env
123- CODER_EXTERNAL_AUTH_0_ID="primary-bitbucket-server"
124- CODER_EXTERNAL_AUTH_0_TYPE=bitbucket-server
125- CODER_EXTERNAL_AUTH_0_CLIENT_ID=xxx
126- CODER_EXTERNAL_AUTH_0_CLIENT_SECRET=xxx
127- CODER_EXTERNAL_AUTH_0_AUTH_URL=https://bitbucket.domain.com/rest/oauth2/latest/authorize
128- ```
129-
130- ## Azure DevOps
131-
132- Azure DevOps requires the following environment variables:
133-
134- ``` env
135- CODER_EXTERNAL_AUTH_0_ID="primary-azure-devops"
136- CODER_EXTERNAL_AUTH_0_TYPE=azure-devops
137- CODER_EXTERNAL_AUTH_0_CLIENT_ID=xxxxxx
138- # Ensure this value is your "Client Secret", not "App Secret"
139- CODER_EXTERNAL_AUTH_0_CLIENT_SECRET=xxxxxxx
140- CODER_EXTERNAL_AUTH_0_AUTH_URL="https://app.vssps.visualstudio.com/oauth2/authorize"
141- CODER_EXTERNAL_AUTH_0_TOKEN_URL="https://app.vssps.visualstudio.com/oauth2/token"
142- ```
143-
144- ## Azure DevOps (via Entra ID)
145-
146- Azure DevOps (via Entra ID) requires the following environment variables:
147-
148- ``` env
149- CODER_EXTERNAL_AUTH_0_ID="primary-azure-devops"
150- CODER_EXTERNAL_AUTH_0_TYPE=azure-devops-entra
151- CODER_EXTERNAL_AUTH_0_CLIENT_ID=xxxxxx
152- CODER_EXTERNAL_AUTH_0_CLIENT_SECRET=xxxxxxx
153- CODER_EXTERNAL_AUTH_0_AUTH_URL="https://login.microsoftonline.com/<TENANT ID>/oauth2/authorize"
154- ```
155-
156- > Note: Your app registration in Entra ID requires the ` vso.code_write ` scope
157-
158171## GitLab self-managed
159172
160173GitLab self-managed requires the following environment variables:
@@ -171,21 +184,11 @@ CODER_EXTERNAL_AUTH_0_TOKEN_URL="https://gitlab.company.org/oauth/token"
171184CODER_EXTERNAL_AUTH_0_REGEX=gitlab\.company\.org
172185```
173186
174- ## Gitea
175-
176- ``` env
177- CODER_EXTERNAL_AUTH_0_ID="gitea"
178- CODER_EXTERNAL_AUTH_0_TYPE=gitea
179- CODER_EXTERNAL_AUTH_0_CLIENT_ID=xxxxxxx
180- CODER_EXTERNAL_AUTH_0_CLIENT_SECRET=xxxxxxx
181- # If self managed, set the Auth URL to your Gitea instance
182- CODER_EXTERNAL_AUTH_0_AUTH_URL="https://gitea.com/login/oauth/authorize"
183- ```
187+ ## JFrog Artifactory
184188
185- The Redirect URI for Gitea should be
186- ` https://coder.company.org/external-auth/gitea/callback ` .
189+ Visit the [ JFrog Artifactory] ( ../admin/integrations/jfrog-artifactory.md ) guide for instructions on how to set up for JFrog Artifactory.
187190
188- ## Self-managed git providers
191+ ## Self-managed Git providers
189192
190193Custom authentication and token URLs should be used for self-managed Git
191194provider deployments.
@@ -199,10 +202,6 @@ CODER_EXTERNAL_AUTH_0_REGEX=github\.company\.org
199202
200203> Note: The ` REGEX ` variable must be set if using a custom git domain.
201204
202- ## JFrog Artifactory
203-
204- Visit the [ JFrog Artifactory] ( ../admin/integrations/jfrog-artifactory.md ) guide for instructions on how to set up for JFrog Artifactory.
205-
206205## Custom scopes
207206
208207Optionally, you can request custom scopes:
0 commit comments