Skip to content

feat: add group allowlist for oidc #11070

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 12 commits into from
Dec 8, 2023
Merged

feat: add group allowlist for oidc #11070

merged 12 commits into from
Dec 8, 2023

Conversation

Emyrk
Copy link
Member

@Emyrk Emyrk commented Dec 6, 2023
edited
Loading

Users not in the group allowlist cannot authenticate with Coder.

The authorized groups are never returned to the user, but I will return what groups the user is in to aid in debugging.

Closes #10705

When you have 0 groups

Screenshot from 2023-12-06 15-59-43

When you are in groups that are not authorized

Screenshot from 2023-12-06 16-17-02

Emyrk added 2 commits December 6, 2023 10:15
@Emyrk
chore: use httpError to allow better error elevation
726e7b1
@Emyrk
feat: group allow list in OIDC settings
db5a8aa 
Users not in the group allowlist cannot authenticate with Coder.
@Emyrk Graphite App
Copy link
Member Author

Emyrk commented Dec 6, 2023

Current dependencies on/for this PR:

This stack of pull requests is managed by Graphite.

@Emyrk Emyrk force-pushed the stevenmasley/oidc_allowed_groups branch from e47e6c8 to 524aced Compare December 6, 2023 19:02
@Emyrk Emyrk requested a review from johnstcn December 6, 2023 22:22
johnstcn
johnstcn reviewed Dec 7, 2023
View reviewed changes
@Emyrk Emyrk marked this pull request as ready for review December 7, 2023 14:31
johnstcn
johnstcn approved these changes Dec 7, 2023
View reviewed changes
Copy link
Member

@johnstcn johnstcn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This'll be handy for folks doing OIDC on a gmail domain for sure

@Emyrk Emyrk merged commit 78517ca into main Dec 8, 2023
@Emyrk Emyrk deleted the stevenmasley/oidc_allowed_groups branch December 8, 2023 16:14
@github-actions github-actions bot locked and limited conversation to collaborators Dec 8, 2023
@matifali
Copy link
Member

matifali commented Dec 8, 2023
edited
Loading

@Emyrk It would be nice to add some basic docs here on how to configure it in a follow up PR.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@johnstcn johnstcn johnstcn approved these changes

Assignees

@Emyrk Emyrk

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add CODER_OIDC_ALLOWED_GROUPS to limit which groups can sign in to Coder
3 participants
@Emyrk @matifali @johnstcn