Skip to content

chore: explain GIT_ASKPASS behavior in docs #12784

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 7 commits into from
Mar 28, 2024
+51 −6
Merged

chore: explain GIT_ASKPASS behavior in docs #12784

Changes from 1 commit
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
f218dfb
chore: docs explaining GIT_ASKPASS behavior
Emyrk Mar 27, 2024
56048da
add warning if run from outside workspace
Emyrk Mar 27, 2024
838fb0f
Rephrase to focus on git not ASK_PASS
Emyrk Mar 27, 2024
d686bcf
make fmt
Emyrk Mar 27, 2024
8759807
fixup tests to insert an agent token
Emyrk Mar 27, 2024
836dc71
mention our extension
Emyrk Mar 27, 2024
cc351b8
Make fmt
Emyrk Mar 27, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Next Next commit
chore: docs explaining GIT_ASKPASS behavior 
- VSCode configuration requirements
  • Loading branch information
@Emyrk
Emyrk committed Mar 27, 2024
commit f218dfb8969c16f5a6bc44f45e90a39a26864907
28 changes: 26 additions & 2 deletions docs/admin/external-auth.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -212,8 +212,32 @@ you can require users authenticate via git prior to creating a workspace:

![Git authentication in template](../images/admin/git-auth-template.png)

The following example will require users authenticate via GitHub and auto-clone
a repo into the `~/coder` directory.
### `GIT_ASKPASS` will auto-refresh tokens
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think users will be unfamiliar with what GIT_ASKPASS is.

We should approach this from a git perspective... as the tool most users are familiar with, and explain that we use GIT_ASKPASS is a variable Git hooks into for authentication.

It's worth mentioning that coder external-auth token <id> will output the same token as the Git hook will.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will update.


<blockquote class="info">
<p>
This is the preferred authentication method.
</p>
</blockquote>

By default, the coder agent is configured to respond to `GIT_ASKPASS` prompts.
Meaning, with no additional configuration, external authentication will work
with native `git` commands.

Note: Some IDE's override the `GIT_ASKPASS` environment variable and need to be
configured.

**VSCode**
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should note that this is automatically done for you. No manual user configuration is actually needed.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is not automatically done though. The user must manually turn off the VSCode overrides.

Does our extension do this for you?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See this issue: #12291


- Set `git.terminalAuthentication` to `false`
- Set `git.useIntegratedAskPass` to `false`

### Hard coded tokens do not auto-refresh

If the token is required to be inserted into the workspace, for example
[GitHub cli](https://cli.github.com/), the auth token can be inserted from the
template. This token will not auto-refresh. The following example will
authenticate via GitHub and auto-clone a repo into the `~/coder` directory.

```hcl
data "coder_external_auth" "github" {
Expand Down