Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit6a67e2e

Browse files
authored
feat(cli/server.go): allow the use of public OIDC clients (#16489)
Support public OIDC clients- Enables support for public OIDC clients by only checking for a clientID being set. This allows for confidential and public clients to be usedwith Coder's OIDC authentication.- Also adds a public client configuration to the development OIDC setupscript.Fixes#16135Change-Id: Iadd85d40c2faa595a0498e25d3407a1f94b5c8a8Signed-off-by: Thomas Kosiewski <tk@coder.com>Signed-off-by: Thomas Kosiewski <tk@coder.com>
1 parent5845031 commit6a67e2e

File tree

2 files changed

+20
-1
lines changed

2 files changed

+20
-1
lines changed

‎cli/server.go

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -694,7 +694,12 @@ func (r *RootCmd) Server(newAPI func(context.Context, *coderd.Options) (*coderd.
694694
}
695695
}
696696

697-
ifvals.OIDC.ClientKeyFile!=""||vals.OIDC.ClientSecret!="" {
697+
// As OIDC clients can be confidential or public,
698+
// we should only check for a client id being set.
699+
// The underlying library handles the case of no
700+
// client secrets correctly. For more details on
701+
// client types: https://oauth.net/2/client-types/
702+
ifvals.OIDC.ClientID!="" {
698703
ifvals.OIDC.IgnoreEmailVerified {
699704
logger.Warn(ctx,"coder will not check email_verified for OIDC logins")
700705
}

‎scripts/dev-oidc.sh

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -49,6 +49,17 @@ cat <<EOF >/tmp/example-realm.json
4949
"baseUrl": "/coder",
5050
"redirectUris": ["*"],
5151
"secret": "coder"
52+
},
53+
{
54+
"clientId": "coder-public",
55+
"publicClient": true,
56+
"directAccessGrantsEnabled": true,
57+
"enabled": true,
58+
"fullScopeAllowed": true,
59+
"baseUrl": "/coder",
60+
"redirectUris": [
61+
"*"
62+
]
5263
}
5364
]
5465
}
@@ -79,6 +90,9 @@ hostname=$(hostname -f)
7990
export CODER_OIDC_ISSUER_URL="http://${hostname}:9080/realms/coder"
8091
export CODER_OIDC_CLIENT_ID=coder
8192
export CODER_OIDC_CLIENT_SECRET=coder
93+
# Comment out the two lines above, and comment in the line below,
94+
# to configure OIDC auth using a public client.
95+
# export CODER_OIDC_CLIENT_ID=coder-public
8296
export CODER_DEV_ACCESS_URL="http://${hostname}:8080"
8397

8498
exec"${SCRIPT_DIR}/develop.sh""$@"

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp