- Notifications
You must be signed in to change notification settings - Fork1k
docs: add details on external authentication priority#17164
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Merged
Uh oh!
There was an error while loading.Please reload this page.
Merged
Changes fromall commits
Commits
Show all changes
31 commits Select commitHold shift + click to select a range
911c820 add git auth in workspaces section; explain external auth vs ssh auth…
EdwardAngert5166509 Update docs/admin/external-auth.md
EdwardAngert58bbd31 Merge branch 'main' into 16875-git-workspace-auth
EdwardAngert368b131 docs: clarify that CODER_EXTERNAL_AUTH_0_ID is used in callback URLs
bpmctaaec21d more consistent examples
EdwardAngert64dacc7 Update docs/admin/external-auth.md
EdwardAngertda3c83c Update docs/admin/external-auth.md
EdwardAngert6ba6b94 more consistent example urls
EdwardAngertd684ca2 better examples
EdwardAngert8d481de feat: set icons for each type of notification (#17115)
BrunoQuaresmafffa8c0 feat: add app status tracking to the backend (#17163)
kylecarbs435c6a1 feat(cli): add `coder exp mcp` command (#17066)
johnstcn83e4bc9 chore: bump vite from 5.4.15 to 5.4.16 in /site (#17176)
dependabot[bot]1c3e054 chore: update msw to 2.4.8 (#17167)
sreya41f6009 chore: pin goimports to 0.31.0 (#17177)
sreya35cfc21 chore: pin various dependencies in CI files (#17180)
sreyade29681 ci: check go versions are consistent (#17149)
johnstcnb8a8cd8 chore(mcp): fix test flakes (#17183)
johnstcn68c21bd chore: improve error logging in TestServer/EphemeralDeployment (#17184)
hugodutkac19be18 fix: remove shared mutable state between oidc tests (#17179)
ethanndickson556d972 fix(mcp): report task status correctly (#17187)
johnstcn8bcda22 fix(site): standardize headers for Admin Settings page (#16911)
Parkreiner0bfaae8 docs: add new cursor and windsurf docs (#17092)
EdwardAngert5508c56 fix(cli): exp mcp: remove unnecessary cli flag (#17190)
johnstcn4788ff0 feat: add frontend for app statuses (#17178)
kylecarbsbfc852e docs: update SMTP configuration in notifications docs (#17161)
EdwardAngertc58f378 fix: convert workspace id in db2sdk.WorkspaceAppStatus (#17201)
kylecarbs5f1d359 feat(cli): implement exp mcp configure claude-code command (#17195)
johnstcnf86b434 feat: add the ability to hide preset parameters (#17168)
SasSwart5b39e95 Merge branch 'main' into 16875-git-workspace-auth
EdwardAngerta039753 Merge branch 'main' into 16875-git-workspace-auth
EdwardAngertFile filter
Filter by extension
Conversations
Failed to load comments.
Loading
Uh oh!
There was an error while loading.Please reload this page.
Jump to
Jump to file
Failed to load files.
Loading
Uh oh!
There was an error while loading.Please reload this page.
Diff view
Diff view
There are no files selected for viewing
49 changes: 49 additions & 0 deletionsdocs/admin/external-auth.md
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -71,6 +71,55 @@ Use [`external-auth`](../reference/cli/external-auth.md) in the Coder CLI to acc | ||
| coder external-auth access-token <USER_DEFINED_ID> | ||
| ``` | ||
| ## Git Authentication in Workspaces | ||
| Coder provides automatic Git authentication for workspaces through SSH authentication and Git-provider specific env variables. | ||
| When performing Git operations, Coder first attempts to use external auth provider tokens if available. | ||
| If no tokens are available, it defaults to SSH authentication. | ||
| ### OAuth (external auth) | ||
| For Git providers configured with [external authentication](#configuration), Coder can use OAuth tokens for Git operations. | ||
| When Git operations require authentication, and no SSH key is configured, Coder will automatically use the appropriate external auth provider based on the repository URL. | ||
| For example, if you've configured a GitHub external auth provider and attempt to clone a GitHub repository, Coder will use the OAuth token from that provider for authentication. | ||
| To manually access these tokens within a workspace: | ||
| ```shell | ||
| coder external-auth access-token <USER_DEFINED_ID> | ||
| ``` | ||
| ### SSH Authentication | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others.Learn more. I feel like that this whole SSH authentication section should not be here. I don't have a strong opinion so will leave this to you. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others.Learn more. you might be right. I found anSSH Keys section in secrets.md that starts to explain this, but it doesn't quite fit there either I think this fits better as a user guide. I'll leave the section here for now as it is something that an admin can help their user with, and we should aim to include this in future user-facing docs | ||
| Coder automatically generates an SSH key pair for each user that can be used for Git operations. | ||
| When you use SSH URLs for Git repositories, for example, `git@github.com:organization/repo.git`, Coder checks for and uses an existing SSH key. | ||
| If one is not available, it uses the Coder-generated one. | ||
| The `coder gitssh` command wraps the standard `ssh` command and injects the SSH key during Git operations. | ||
| This works automatically when you: | ||
| 1. Clone a repository using SSH URLs | ||
| 1. Pull/push changes to remote repositories | ||
| 1. Use any Git command that requires SSH authentication | ||
| You must add the SSH key to your Git provider. | ||
| #### Add your Coder SSH key to your Git provider | ||
| 1. View your Coder Git SSH key: | ||
| ```shell | ||
| coder publickey | ||
| ``` | ||
| 1. Add the key to your Git provider accounts: | ||
| - [GitHub](https://docs.github.com/en/authentication/connecting-to-github-with-ssh/adding-a-new-ssh-key-to-your-github-account#adding-a-new-ssh-key-to-your-account) | ||
| - [GitLab](https://docs.gitlab.com/user/ssh/#add-an-ssh-key-to-your-gitlab-account) | ||
| ## Git-provider specific env variables | ||
| ### Azure DevOps | ||
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.