Problem Description

Coder currently supports only a single GitHub OAuth configuration, which limits flexibility for deployments involving multiple GitHub organizations, each needing distinct authentication settings. This limitation prevents different GitHub organizations from accessing the same Coder deployment while maintaining unique authentication policies.

For example, an organization might use GitHub.com for open-source work through a specific GitHub.com org, while internal developers working on proprietary tools authenticate through a separate GitHub Enterprise instance.

Desired Solution

Enable Coder to support multiple GitHub OAuth configurations, with each mapped to a different GitHub organization. This enhancement would allow users to authenticate through the appropriate provider based on their organization.

Implementation Requirements

• Configuration:

  • Support multiple GitHub OAuth configurations by appending unique suffixes to each set of GitHub OAuth environment variables, e.g.:

    CODER_OAUTH2_GITHUB_CLIENT_ID_1="client-id-org1"
    CODER_OAUTH2_GITHUB_CLIENT_SECRET_1="secret-org1"
    CODER_OAUTH2_GITHUB_ALLOWED_ORGS_1="org1,org3"
    
    CODER_OAUTH2_GITHUB_CLIENT_ID_2="client-id-org2"
    CODER_OAUTH2_GITHUB_CLIENT_SECRET_2="secret-org2"
    CODER_OAUTH2_GITHUB_ALLOWED_ORGS_2="org2"

• Login UI Update:

  • Update the login page to display each configured GitHub OAuth provider as a distinct option, allowing users to select the provider that corresponds to their organization.

• Documentation:

  • Update setup documentation to include examples and instructions for configuring multiple GitHub OAuth providers and mapping each to a specific organization.

Related Issues:

• Compliments Support Multiple OIDC/OAuth Providers for User Login #15455
• Allow user account to have multiple Authentication methods #15014