Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit9844582

Browse files
committed
feat(cli/server.go): allow the use of public OIDC clients
Change-Id: Iadd85d40c2faa595a0498e25d3407a1f94b5c8a8Signed-off-by: Thomas Kosiewski <tk@coder.com>
1 parent5845031 commit9844582

File tree

2 files changed

+21
-2
lines changed

2 files changed

+21
-2
lines changed

‎cli/server.go

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -694,7 +694,12 @@ func (r *RootCmd) Server(newAPI func(context.Context, *coderd.Options) (*coderd.
694694
}
695695
}
696696

697-
ifvals.OIDC.ClientKeyFile!=""||vals.OIDC.ClientSecret!="" {
697+
// As OIDC clients can be confidential or public,
698+
// we should only check for a client id being set.
699+
// The underlying library handles the case of no
700+
// client secrets correctly. For more details on
701+
// client types: https://oauth.net/2/client-types/
702+
ifvals.OIDC.ClientID!="" {
698703
ifvals.OIDC.IgnoreEmailVerified {
699704
logger.Warn(ctx,"coder will not check email_verified for OIDC logins")
700705
}

‎scripts/dev-oidc.sh

Lines changed: 15 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -49,7 +49,18 @@ cat <<EOF >/tmp/example-realm.json
4949
"baseUrl": "/coder",
5050
"redirectUris": ["*"],
5151
"secret": "coder"
52-
}
52+
},
53+
{
54+
"clientId": "coder-public",
55+
"publicClient": true,
56+
"directAccessGrantsEnabled": true,
57+
"enabled": true,
58+
"fullScopeAllowed": true,
59+
"baseUrl": "/coder",
60+
"redirectUris": [
61+
"*"
62+
]
63+
}
5364
]
5465
}
5566
EOF
@@ -79,6 +90,9 @@ hostname=$(hostname -f)
7990
export CODER_OIDC_ISSUER_URL="http://${hostname}:9080/realms/coder"
8091
export CODER_OIDC_CLIENT_ID=coder
8192
export CODER_OIDC_CLIENT_SECRET=coder
93+
# Comment out the two lines above, and comment in the line below,
94+
# to configure OIDC auth using a public client.
95+
# export CODER_OIDC_CLIENT_ID=coder-public
8296
export CODER_DEV_ACCESS_URL="http://${hostname}:8080"
8397

8498
exec"${SCRIPT_DIR}/develop.sh""$@"

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp