Skip to content

Restrict GitHub OAuth based on GitHub teams? #2848

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
kconley-sq opened this issue Jul 7, 2022 · 2 comments · Fixed by #2849
Closed

Restrict GitHub OAuth based on GitHub teams? #2848

kconley-sq opened this issue Jul 7, 2022 · 2 comments · Fixed by #2849
Assignees
@kylecarbs

Comments

@kconley-sq
Copy link
Contributor

Can Coder's GitHub OAuth user authentication be extended to not only check if the user is a member of particular GitHub organization(s) but also whether they are a member of particular GitHub team(s)?

This would provide us with more granular control over who can access/use Coder at our company to support a more gradual roll-out to our developers and thus enable us to provide better, more focused onboarding support.

We can easily create and manage new GitHub teams within our existing GitHub organization but are not allowed to create additional GitHub organizations.
@kylecarbs kylecarbs self-assigned this Jul 7, 2022
@kylecarbs
Copy link
Member

I'm envisioning an environment variable:

CODER_OAUTH2_GITHUB_ALLOWED_TEAMS

This would be set to a comma-separated list of organization and team slugs:

coder/frontend,coder/backend

In this example, it'd be assumed that the organization array was already permitting coder. Does this sound right?

@kconley-sq
Copy link
Contributor Author

Yes I think that would be perfect!

kylecarbs added a commit that referenced this issue Jul 8, 2022
@kylecarbs
feat: Add allowlist of GitHub teams for OAuth
be40fa8 
Fixes #2848.
@kylecarbs kylecarbs mentioned this issue Jul 8, 2022
Merged
kylecarbs added a commit that referenced this issue Jul 9, 2022
@kylecarbs
feat: Add allowlist of GitHub teams for OAuth (#2849)
dff6e97 
Fixes #2848.
kylecarbs added a commit that referenced this issue Jul 12, 2022
@kylecarbs
fix: Fetch all GitHub teams on login
f19472c 
This wasn't looping prior, so organizations with >100 teams
couldn't login. Contributes to #2848.
@kylecarbs kylecarbs mentioned this issue Jul 12, 2022
Merged
kylecarbs added a commit that referenced this issue Jul 12, 2022
@kylecarbs
fix: Fetch all GitHub teams on login (#2951)
5ee112b 
This wasn't looping prior, so organizations with >100 teams
couldn't login. Contributes to #2848.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kylecarbs kylecarbs

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: Add allowlist of GitHub teams for OAuth coder/coder
2 participants
@kylecarbs @kconley-sq