OIDC: API only login #13662

Majardom · 2024-06-25T13:46:52Z

Majardom
Jun 25, 2024

Hi,

I am planning to build my own API on top of this solution so I am interested in using only API calls without an UI. I configured OIDC and I am able to login using user interface.

Is it possible to authenticate via API calls?

I can see that to send authenticated request I need "Coder-Session-Token" as a header or query parameter but I not completely understand how to get that token via API using OICD authentication.

Emyrk · 2024-08-02T16:27:57Z

Emyrk
Aug 2, 2024
Collaborator

@Majardom the problem you will run into is the OIDC "allow" page.

The flow is:

Hit https://deployment.coder.com/api/v2/users/oauth2/github/callback. This returns a 307 redirect to the OIDC/oauth provider
Follow redirect to https://github.com/login/oauth/authorize?...
This is where you hit the "allow" page

After allow, you get a 302 redirect back to https://deployment.coder.com/api/v2/users/oauth2/github/callback?coder=..... The code works, and you get a 307 to /workspaces with a cookie that contains the session token.

So a headless auth flow for OIDC can only work if the IDP can do so headless. Which probably will not work for initial auth flows, but you can sometimes do it with subsequent auth flows if everything has been approved before.

I think what would work best for you is not implemented yet, but described in this issue: #11901

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

OIDC: API only login #13662

{{title}}

Replies: 1 comment

{{title}}

Select a reply

OIDC: API only login #13662

Majardom Jun 25, 2024

Replies: 1 comment

Emyrk Aug 2, 2024 Collaborator

Majardom
Jun 25, 2024

Emyrk
Aug 2, 2024
Collaborator