feat: Allow hiding password auth, changing OpenID Connect text and OpenID Connect icon #5101
Conversation
|
@kylecarbs and I just had a chat and decided we shouldn't completely disable the password login so the default However, we can put it behind a backdoor (e.g. |
|
Implemented With the following env vars set:
|
|
This Pull Request is becoming stale. In order to minimize WIP, prevent merge conflicts and keep the tracker readable, I'm going close to this PR in 3 days if there isn't more activity. |
# Conflicts: # cli/deployment/config.go # cli/server.go # cli/testdata/coder_server_--help.golden # coderd/userauth.go # codersdk/deploymentconfig.go # docs/admin/auth.md # site/src/api/typesGenerated.ts # site/src/components/SignInForm/SignInForm.tsx
|
This Pull Request is becoming stale. In order to minimize WIP, prevent merge conflicts and keep the tracker readable, I'm going close to this PR in 3 days if there isn't more activity. |
@kylecarbs how would an owner/admin sign in if we disable password auth? As @bpmct proposed, we could put it behind |
|
I think I'd prefer if we did a small "Login with Password" link at the bottom that would permit authenticating with a password. It's awkward to not allow it, since in emergency situations it would be required. An alternative is to take the stance that owners/admins should be able to modify the deployment, so they could always disable this feature. |
I can get behind a small link as long as it's clear that SSO is preferred. Many login forms tend to have both even if 99% of an organization's users use SSO |
| <div> | ||
| <LoadingButton | ||
| loading={isLoading} | ||
| {showPasswordAuth && ( |
There was a problem hiding this comment.
We have some new conditionals in this file introduced by the new booleans: nonPasswordAuthEnabled and showPasswordAuth. Considering the file is getting fairly large, it might be nice to break the JSX inside these conditionals into separate components in separate files. This will make everything a bit more readable. Not a blocker though!
There was a problem hiding this comment.
I agree
I took a hack at it (might have made a few stylistic choices, open to feedback)
Also turned these var && into <Maybes as I saw that used all over the codebase (and might have to steal that for myself)
There was a problem hiding this comment.
Looks beautiful! Thanks for leaving things better than you found them :)
|
CLA Assistant Lite bot All contributors have signed the CLA ✍️ ✅ |
6e20df2 to
1ed7911
Compare
|
Oops sorry pushed the golden files update from a different computer |
|
@normana10 seems like |
|
Feel free I keep trying to run Then I do a And I get a: (On my Mac) Which.... totally makes sense, I don't have Docker installed on my Mac Buuuut, when I try the same on my Fedora computer it ends up erroring out with a: But... |
|
@normana10 sorry the error is so unhelpful, you'll need to have |
🤷 |
|
Wait I just noticed that Just symlinked my install of Pushing up now |
|
That was a roller coaster but I think it's all good now? 👍 Thanks! |
|
Woot woot. Thanks for pushing through @normana10 🥳 |
|
@normana10 can you merge in |
|
Done Sorry if I caused any issues 😬 |
|
@normana10 we're now using this on https://dev.coder.com 😎
|
Just some ideas to help decrease friction in onboarding developers to my coder deployment
For context, my users will never use password auth, only Oauth
Examples:
I only reference Gitea because that's my OpenID Connect provider at home, feel free to replace that with anything you like 👍
I also acknowledge that I'm changing the shape of the return body of
api/v2/users/authmethods. Not sure if that's a deal breaker?Also let me know if Coder intentionally didn't want to do any of these. Don't want my random PRs to steamroll any actual conversations that have taken place