|
1 | 1 | #GitHub |
2 | 2 |
|
| 3 | +##Default Configuration |
| 4 | + |
| 5 | +By default, new Coder deployments use a Coder-managed GitHub app to authenticate |
| 6 | +users. We provide it for convenience, allowing you to experiment with Coder |
| 7 | +without setting up your own GitHub OAuth app. Once you authenticate with it, you |
| 8 | +grant Coder server read access to: |
| 9 | + |
| 10 | +- Your GitHub user email |
| 11 | +- Your GitHub organization membership |
| 12 | +- Other metadata listed during the authentication flow |
| 13 | + |
| 14 | +This access is necessary for the Coder server to complete the authentication |
| 15 | +process. To the best of our knowledge, Coder, the company, does not gain access |
| 16 | +to this data by administering the GitHub app. |
| 17 | + |
| 18 | +For production deployments, we recommend configuring your own GitHub OAuth app |
| 19 | +as outlined below. The default is automatically disabled if you configure your |
| 20 | +own app or set: |
| 21 | + |
| 22 | +```env |
| 23 | +CODER_OAUTH2_GITHUB_DEFAULT_PROVIDER_ENABLE=false |
| 24 | +``` |
| 25 | + |
3 | 26 | ##Step 1: Configure the OAuth application in GitHub |
4 | 27 |
|
5 | 28 | First, |
@@ -82,3 +105,16 @@ helm upgrade <release-name> coder-v2/coder -n <namespace> -f values.yaml |
82 | 105 | >We recommend requiring and auditing MFA usage for all users in your GitHub |
83 | 106 | >organizations. This can be enforced from the organization settings page in the |
84 | 107 | >"Authentication security" sidebar tab. |
| 108 | +
|
| 109 | +##Device Flow |
| 110 | + |
| 111 | +Coder supports |
| 112 | +[device flow](https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps#device-flow) |
| 113 | +for GitHub OAuth. To enable it, set: |
| 114 | + |
| 115 | +```env |
| 116 | +CODER_OAUTH2_GITHUB_DEVICE_FLOW=true |
| 117 | +``` |
| 118 | + |
| 119 | +This is optional. We recommend using the standard OAuth flow instead, as it is |
| 120 | +more convenient for end users. |