From fd4f95033dcf7998e011fad4fa14ba68d2d400a9 Mon Sep 17 00:00:00 2001 From: EdwardAngert <17991901+EdwardAngert@users.noreply.github.com> Date: Fri, 28 Mar 2025 19:41:46 +0000 Subject: [PATCH 1/3] docs: document that default GitHub app requires device flow MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add clear documentation explaining that when using the default GitHub app: - Device flow is always enabled - Setting CODER_OAUTH2_GITHUB_DEVICE_FLOW=false will be ignored - This behavior only applies to the default GitHub app Fixes #16824 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude --- docs/admin/users/github-auth.md | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/docs/admin/users/github-auth.md b/docs/admin/users/github-auth.md index 1be6f7a11d9ef..fefc2f8ada376 100644 --- a/docs/admin/users/github-auth.md +++ b/docs/admin/users/github-auth.md @@ -15,6 +15,12 @@ This access is necessary for the Coder server to complete the authentication process. To the best of our knowledge, Coder, the company, does not gain access to this data by administering the GitHub app. +> [!IMPORTANT] +> The default GitHub app requires [device flow](#device-flow) to authenticate. +> This is enabled by default when using the default GitHub app. If you disable +> device flow using `CODER_OAUTH2_GITHUB_DEVICE_FLOW=false`, it will be ignored +> for the default GitHub app and device flow will still be used. + By default, only the admin user can sign up. To allow additional users to sign up with GitHub, add the following environment variable: @@ -124,11 +130,16 @@ organizations. This can be enforced from the organization settings page in the Coder supports [device flow](https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps#device-flow) -for GitHub OAuth. To enable it, set: +for GitHub OAuth. This is enabled by default for the default GitHub app and cannot be disabled +for that app. For your own custom GitHub OAuth app, you can enable device flow by setting: ```env CODER_OAUTH2_GITHUB_DEVICE_FLOW=true ``` -This is optional. We recommend using the standard OAuth flow instead, as it is -more convenient for end users. +Device flow is optional for custom GitHub OAuth apps. We generally recommend using +the standard OAuth flow instead, as it is more convenient for end users. + +> [!NOTE] +> If you're using the default GitHub app, device flow is always enabled regardless of +> the `CODER_OAUTH2_GITHUB_DEVICE_FLOW` setting. From f8bac19662e3f81c4566979a1ef15271b9f7f218 Mon Sep 17 00:00:00 2001 From: EdwardAngert <17991901+EdwardAngert@users.noreply.github.com> Date: Fri, 28 Mar 2025 20:59:24 +0000 Subject: [PATCH 2/3] make lint/fmt --- docs/admin/users/github-auth.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/admin/users/github-auth.md b/docs/admin/users/github-auth.md index fefc2f8ada376..61c9361d1e890 100644 --- a/docs/admin/users/github-auth.md +++ b/docs/admin/users/github-auth.md @@ -130,14 +130,14 @@ organizations. This can be enforced from the organization settings page in the Coder supports [device flow](https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps#device-flow) -for GitHub OAuth. This is enabled by default for the default GitHub app and cannot be disabled +for GitHub OAuth. This is enabled by default for the default GitHub app and cannot be disabled for that app. For your own custom GitHub OAuth app, you can enable device flow by setting: ```env CODER_OAUTH2_GITHUB_DEVICE_FLOW=true ``` -Device flow is optional for custom GitHub OAuth apps. We generally recommend using +Device flow is optional for custom GitHub OAuth apps. We generally recommend using the standard OAuth flow instead, as it is more convenient for end users. > [!NOTE] From 7ba4380a355b86889f336944c63e64579ef9759e Mon Sep 17 00:00:00 2001 From: Edward Angert Date: Tue, 1 Apr 2025 14:45:35 -0400 Subject: [PATCH 3/3] Update docs/admin/users/github-auth.md Co-authored-by: M Atif Ali --- docs/admin/users/github-auth.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/docs/admin/users/github-auth.md b/docs/admin/users/github-auth.md index 61c9361d1e890..d895764c44f29 100644 --- a/docs/admin/users/github-auth.md +++ b/docs/admin/users/github-auth.md @@ -18,8 +18,7 @@ to this data by administering the GitHub app. > [!IMPORTANT] > The default GitHub app requires [device flow](#device-flow) to authenticate. > This is enabled by default when using the default GitHub app. If you disable -> device flow using `CODER_OAUTH2_GITHUB_DEVICE_FLOW=false`, it will be ignored -> for the default GitHub app and device flow will still be used. +> device flow using `CODER_OAUTH2_GITHUB_DEVICE_FLOW=false`, it will be ignored. By default, only the admin user can sign up. To allow additional users to sign up with GitHub, add the following environment variable: