From 9518004106aa38d4b5e6712afba0063362b5c5d4 Mon Sep 17 00:00:00 2001 From: Katie Horne Date: Fri, 9 Jul 2021 14:10:50 -0500 Subject: [PATCH 1/2] chore: document special case re: GitHub and callback/dev URLs --- admin/devurls.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/admin/devurls.md b/admin/devurls.md index 73f8c602f..5bd8ff3cf 100644 --- a/admin/devurls.md +++ b/admin/devurls.md @@ -94,3 +94,17 @@ deployment will be accessible to any authenticated Coder user. The developer, however, can choose to set a stricter permission level (e.g., allowing only those in their organization to use the dev URL). Developers cannot choose a more permissive option. + +## Authentication with apps requiring a single callback URL + +If you're using GitHub credentials to sign in to an application, and your GitHub +OAuth app has the authorization callback URL set to `localhost`, you will need +to work around the fact that GitHub enforces a single callback URL (since each +workspace gets a unique dev URL). + +To do so, you can either: + +- Use SSH tunneling to tunnel the web app to individual developers' `localhost` + instead of dev URLs (this is also an out-of-the-box feature included with VS + Code Remote) +- Use [multiple callback sub-URLs](https://stackoverflow.com/questions/35942009/github-oauth-multiple-authorization-callback-url/38194107#38194107) From da816d812a84d94615ec9f286f5cd891b0a294f2 Mon Sep 17 00:00:00 2001 From: Katie Horne Date: Mon, 12 Jul 2021 08:52:59 -0500 Subject: [PATCH 2/2] Update admin/devurls.md Co-authored-by: Ben Potter --- admin/devurls.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/admin/devurls.md b/admin/devurls.md index 5bd8ff3cf..cd706800e 100644 --- a/admin/devurls.md +++ b/admin/devurls.md @@ -107,4 +107,4 @@ To do so, you can either: - Use SSH tunneling to tunnel the web app to individual developers' `localhost` instead of dev URLs (this is also an out-of-the-box feature included with VS Code Remote) -- Use [multiple callback sub-URLs](https://stackoverflow.com/questions/35942009/github-oauth-multiple-authorization-callback-url/38194107#38194107) +- Use this workaround for [multiple callback sub-URLs](https://stackoverflow.com/questions/35942009/github-oauth-multiple-authorization-callback-url/38194107#38194107)