Skip to content

docs: update external auth to better explain process #16027

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 13 commits into from
Jan 7, 2025
Merged

docs: update external auth to better explain process #16027

Changes from 1 commit
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
2db695b
docs: update external auth to better explain process (#15970)
ChristopherJTrent Jan 3, 2025
625f3ba
Merge remote-tracking branch 'origin/main' into 15970-external-auth-u…
EdwardAngert Jan 3, 2025
096326d
make lint/fmt
EdwardAngert Jan 3, 2025
85b8e36
md alignment
EdwardAngert Jan 3, 2025
cc0939a
external-auth intro from setup/index
EdwardAngert Jan 3, 2025
1cba651
Merge remote-tracking branch 'origin/main' into 15970-external-auth-u…
EdwardAngert Jan 6, 2025
e84811c
abc git providers
EdwardAngert Jan 6, 2025
b1f32b5
git providers to tabs
EdwardAngert Jan 6, 2025
1af84ed
Revert "git providers to tabs"
EdwardAngert Jan 6, 2025
1782454
parent heading to git providers
EdwardAngert Jan 6, 2025
db03ea0
highlight oauth provider in intro
EdwardAngert Jan 6, 2025
30a4221
inc suggestions from review
EdwardAngert Jan 7, 2025
411fb43
add issue link and align example variables
EdwardAngert Jan 7, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
highlight oauth provider in intro
  • Loading branch information
@EdwardAngert
EdwardAngert committed Jan 6, 2025
commit db03ea0f903d01735ac93a99ea1a31e320f0151c
72 changes: 39 additions & 33 deletions docs/admin/external-auth.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
# External Authentication

Coder supports external authentication via OAuth2.0. This allows enabling
integrations with Git providers, such as GitHub, GitLab, and Bitbucket.
Coder supports external authentication via OAuth2.0. This allows enabling any OAuth provider as well as integrations with Git providers, such as GitHub, GitLab, and Bitbucket.

External authentication can also be used to integrate with external services
like JFrog Artifactory and others.
Expand Down Expand Up @@ -34,7 +33,7 @@ The `CODER_EXTERNAL_AUTH_0_ID` environment variable is used for internal
reference. Therefore, it can be set arbitrarily (e.g., `primary-github` for your
GitHub provider).

You can now add the following code to any template. This will add a button to the workspace setup page which will allow you to authenticate with your provider:
Add the following code to any template to add a button to the workspace setup page which will allow you to authenticate with your provider:

```tf
data "coder_external_auth" "<github|gitlab|azure-devops|bitbucket-cloud|bitbucket-server|etc>" {
Expand All @@ -53,7 +52,7 @@ Inside your Terraform code, you now have access to authentication variables. Ref

### Workspace CLI

An access token can be accessed within the workspace by using
Use `coder external-auth` to access a token within the workspace:

```shell
coder external-auth <USER_DEFINED_ID> access-token
Expand Down Expand Up @@ -117,37 +116,11 @@ The Redirect URI for Gitea should be

### GitHub

> If you don't require fine-grained access control, it's easier to configure a
> GitHub OAuth app!
<blockquote class="admonition tip">

1. [Create a GitHub App](https://docs.github.com/en/apps/creating-github-apps/registering-a-github-app/registering-a-github-app)

- Set the callback URL to
`https://coder.example.com/external-auth/USER_DEFINED_ID/callback`.
- Deactivate Webhooks.
- Enable fine-grained access to specific repositories or a subset of
permissions for security.

![Register GitHub App](../images/admin/github-app-register.png)

2. Adjust the GitHub app permissions. You can use more or fewer permissions than
are listed here, this example allows users to clone
repositories:

![Adjust GitHub App Permissions](../images/admin/github-app-permissions.png)
If you don't require fine-grained access control, it's easier to [configure a GitHub OAuth app](#configure-a-github-oauth-app).

| Name | Permission | Description |
|---------------|--------------|--------------------------------------------------------|
| Contents | Read & Write | Grants access to code and commit statuses. |
| Pull requests | Read & Write | Grants access to create and update pull requests. |
| Workflows | Read & Write | Grants access to update files in `.github/workflows/`. |
| Metadata | Read-only | Grants access to metadata written by GitHub Apps. |
| Members | Read-only | Grants access to organization members and teams. |

3. Install the App for your organization. You may select a subset of
repositories to grant access to.

![Install GitHub App](../images/admin/github-app-install.png)
</blockquote>

```env
CODER_EXTERNAL_AUTH_0_ID="USER_DEFINED_ID"
Expand Down Expand Up @@ -212,6 +185,39 @@ Optionally, you can request custom scopes:
CODER_EXTERNAL_AUTH_0_SCOPES="repo:read repo:write write:gpg_key"
```

## OAuth provider

### Configure a GitHub OAuth app

1. [Create a GitHub App](https://docs.github.com/en/apps/creating-github-apps/registering-a-github-app/registering-a-github-app)

- Set the callback URL to
`https://coder.example.com/external-auth/USER_DEFINED_ID/callback`.
- Deactivate Webhooks.
- Enable fine-grained access to specific repositories or a subset of
permissions for security.

![Register GitHub App](../images/admin/github-app-register.png)

1. Adjust the GitHub app permissions. You can use more or fewer permissions than
are listed here, this example allows users to clone
repositories:

![Adjust GitHub App Permissions](../images/admin/github-app-permissions.png)

| Name | Permission | Description |
|---------------|--------------|--------------------------------------------------------|
| Contents | Read & Write | Grants access to code and commit statuses. |
| Pull requests | Read & Write | Grants access to create and update pull requests. |
| Workflows | Read & Write | Grants access to update files in `.github/workflows/`. |
| Metadata | Read-only | Grants access to metadata written by GitHub Apps. |
| Members | Read-only | Grants access to organization members and teams. |

1. Install the App for your organization. You may select a subset of
repositories to grant access to.

![Install GitHub App](../images/admin/github-app-install.png)

## Multiple External Providers

<blockquote class="info">
Expand Down
Loading