Comments (4)
cc @matifali
from modules.
Hi @kleberbaum as per Vault docs, this works with any valid GitHub access tokens.
see:
Any valid GitHub access token with the read:org scope for any user belonging to the Vault-configured organization can be used for authentication. If such a token is stolen from a third party service, and the attacker is able to make network calls to Vault, they will be able to log in as the user that generated the access token.
If the GitHub team is part of an organization with SSO enabled, the user will need to authorize the personal access token. Failing to do so for SSO users will result in the personal access token not providing identity information. The token issued by the auth method will only be assigned the default policy.
There is no special configuration needed at Vault or Coder's end. And you can create a GitHub app/OAuth app with scope read:org
and configure Coder to use this as external auth,
CODER_EXTERNAL_AUTH_0_ID=primary-github
CODER_EXTERNAL_AUTH_0_TYPE=github
CODER_EXTERNAL_AUTH_0_CLIENT_ID=xxxxxx
CODER_EXTERNAL_AUTH_0_CLIENT_SECRET=xxxxxxx
Then setup vault with GitHub auth using this guide.
I have verefied in my setop and I am able to to auth using the app token e.g ghu_XXXXXXX....
from modules.
@kleberbaum I think you are missing part 3 and 4 of this guide to map users to teams and assign an appropriate vault policy.
from modules.
Closing in favour of #175
from modules.
Related Issues (20)
- feat(git-clone): add support for tree git clone url
- feat(Jetbrains-Gateway): Specify IDE Version or Latest HOT 15
- feat(Dotfiles): Default Repo HOT 11
- feat(jetbrains-gateway): prepare for `2024.1` release
- registry.coder.com shows wrong version HOT 4
- Jetbrains-Gatway: Launcher Metadata
- Web RDP module with devolutions-gateway HOT 6
- Add password to coder_apps that support it
- JFrog xray scanning module to list workspace image vulnerabilities
- JetBrains Fleet: Add a 1-click button for launching Fleet HOT 10
- problems with validation for jetbrains gateway module folder HOT 2
- fix(code-server): add extensions to be auto-installed even when a cached copy of coder is found HOT 1
- Allow coder modules to automatically install devcontainer customizations
- update git-config module to use `coder_workspace_owner`
- coder-login module page is 404 HOT 3
- git clone module errors on empty repository
- Template terms of usage
- VSCode liveshare button HOT 4
- Cloning with SSH URLs fail for new workspaces using git_clone module.
- WebRDP module should support share level HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from modules.