Skip to content

chore: document special case re: GitHub and callback/dev URLs #475

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Jul 12, 2021
Merged

chore: document special case re: GitHub and callback/dev URLs #475

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
9518004
chore: document special case re: GitHub and callback/dev URLs
Jul 9, 2021
da816d8
Update admin/devurls.md
Jul 12, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 14 additions & 0 deletions admin/devurls.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -94,3 +94,17 @@ deployment will be accessible to any authenticated Coder user.
The developer, however, can choose to set a stricter permission level (e.g.,
allowing only those in their organization to use the dev URL). Developers cannot
choose a more permissive option.

## Authentication with apps requiring a single callback URL

If you're using GitHub credentials to sign in to an application, and your GitHub
OAuth app has the authorization callback URL set to `localhost`, you will need
to work around the fact that GitHub enforces a single callback URL (since each
workspace gets a unique dev URL).

To do so, you can either:

- Use SSH tunneling to tunnel the web app to individual developers' `localhost`
instead of dev URLs (this is also an out-of-the-box feature included with VS
Code Remote)
- Use this workaround for [multiple callback sub-URLs](https://stackoverflow.com/questions/35942009/github-oauth-multiple-authorization-callback-url/38194107#38194107)