Skip to content

Allow user account to have multiple Authentication methods #15014

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
francisco-mata opened this issue Oct 7, 2024 · 4 comments
Open

Allow user account to have multiple Authentication methods #15014

francisco-mata opened this issue Oct 7, 2024 · 4 comments
Labels
community Pull Requests and issues created by the community.

Comments

@francisco-mata
Copy link

Hello Coders,

I would like to have the possibility to have a secondary way yo auth to login with Coder. We provide the Github Oauth option to our users, so Coder creates my user=francisco-mata and all my workspaces will be align to the user ID. If I try to create a user with the same email, to add a password adittional of Github auth it will prompt me that this "user already exists".

Image

If you see Security Tab, on my Account, it clearly says I auth with Github, but I am not able to create a password to my Account.

All of these is beacuse we achieved to hit Issue 14982 on v2.10. So this issue block all our auths for users. And it created a real issue, because theres no secondary way that users can auth with the same user ID that link their accounts with their workspaces.

I would like to have the option that any Github authenticated user, have the possibility to go to Security Tab, to add a password for their account, so if the Github Oauth fails for whatever reason, users can enter coder.
@coder-labeler coder-labeler bot added customer-requested Features requested by enterprise customers. Only humans may set this. feature labels Oct 7, 2024
@francisco-mata
Copy link
Author

What do you think about this issue @matifali ?

@matifali
Copy link
Member

matifali commented Oct 7, 2024

Hi @francisco-mata looks like a reasonable request to me also thanks for explaining the issue in detail. It's the first time we had this request from any user.

Let's see if other users are also interested in the feature and we can then prioritize this.

Another important thing is that some organizations that enforce SSO would not like this secondary login method for a user. Probably we should only enable this for GitHub OAuth then or allow admins to explicitly opt into this feature with a flag.

@matifali matifali added community Pull Requests and issues created by the community. and removed customer-requested Features requested by enterprise customers. Only humans may set this. labels Oct 7, 2024
@francisco-mata
Copy link
Author

Hi @matifali, I would consider this a corner-case scenario, but it block all our Coder so it was not fun.

We are currently monitoring closely #14982 with Prometheus metrics the behavior of Oauth Requests to see if we can detected another issue that trigger 40.000 calls/1h, that was our case. Github block us at 5000 calls/hr.

I agree with you. Maybe a ENV flag (ENABLE_USER_BACKUP_PASSWORD) on deployment to activate the feature, so users can set their backup access password in case like this one.

Thanks for the quick response

@ammario
Copy link
Member

ammario commented Oct 7, 2024

It's a reasonable request.

Let's try to avoid more server flags. We have too many already and they don't play well with scale. Eventually we're going to want to move some authentication concepts into the Organization at which point all of these server flags will hinder us.

@matifali matifali removed the feature label Oct 14, 2024
This was referenced Nov 8, 2024
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
community Pull Requests and issues created by the community.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ammario @matifali @francisco-mata