Gitlab external auth
Hi folks, need some help with my setup. Here are the details.
- Running in GKE on GCP
- Running helm via TF (chart version 16.6.6, latest coder image)
- Gitlab.com as my external auth
- Disabling pwd and default github auth
- My domain is mydomain.com
Here is my gitlab secret setup
Group application: FP Coder
Application ID
6d190b9764a3dXXXXXXXXXXXXXXXXXXXXXXXXXcd3f587933fee1f5
Secret XXXXXXXXXXXXXXXXXXXXXXXXx
Callback URL
https://coder.mydomain.com/external-auth/gitlab-fp/callback
Confidential Yes
Scopes
read_user
openid
profile
email
And here is the env section of my values.yaml
# External auth configuration for GitLab
- name: CODER_OAUTH2_GITHUB_DEFAULT_PROVIDER_ENABLE
value: "false"
- name: CODER_EXTERNAL_AUTH_0_TYPE
value: "gitlab"
- name: CODER_EXTERNAL_AUTH_0_ID
value: "gitlab-fp"
- name: CODER_EXTERNAL_AUTH_0_CLIENT_ID
valueFrom:
secretKeyRef:
name: coder-secrets
key: gitlab-client-id
- name: CODER_EXTERNAL_AUTH_0_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: coder-secrets
key: gitlab-client-secret
- name: CODER_EXTERNAL_AUTH_0_AUTH_URL
value: "https://gitlab.com/oauth/authorize"
- name: CODER_EXTERNAL_AUTH_0_TOKEN_URL
value: "https://gitlab.com/oauth/token"
- name: CODER_EXTERNAL_AUTH_0_VALIDATE_URL
value: "https://gitlab.com/oauth/token/info"
- name: CODER_EXTERNAL_AUTH_0_REGEX
value: "" # Pretty sure I need to set this but can't quite get it right
# Access control settings
- name: CODER_DISABLE_PASSWORD_AUTH
value: "true" # Lock down to GitLab auth only
- name: CODER_OIDC_ALLOW_SIGNUPS
value: "${allow_signups}"
# Access configuration
- name: CODER_ACCESS_URL
value: "https://${hostname}"
Net result:
I can hit https://coder.mydomain.com/
But I only see email/pwd login, no gitlab
Tried with the default github auth and that worked for me
- Running in GKE on GCP
- Running helm via TF (chart version 16.6.6, latest coder image)
- Gitlab.com as my external auth
- Disabling pwd and default github auth
- My domain is mydomain.com
Here is my gitlab secret setup
Group application: FP Coder
Application ID
6d190b9764a3dXXXXXXXXXXXXXXXXXXXXXXXXXcd3f587933fee1f5
Secret XXXXXXXXXXXXXXXXXXXXXXXXx
Callback URL
https://coder.mydomain.com/external-auth/gitlab-fp/callback
Confidential Yes
Scopes
read_user
openid
profile
And here is the env section of my values.yaml
# External auth configuration for GitLab
- name: CODER_OAUTH2_GITHUB_DEFAULT_PROVIDER_ENABLE
value: "false"
- name: CODER_EXTERNAL_AUTH_0_TYPE
value: "gitlab"
- name: CODER_EXTERNAL_AUTH_0_ID
value: "gitlab-fp"
- name: CODER_EXTERNAL_AUTH_0_CLIENT_ID
valueFrom:
secretKeyRef:
name: coder-secrets
key: gitlab-client-id
- name: CODER_EXTERNAL_AUTH_0_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: coder-secrets
key: gitlab-client-secret
- name: CODER_EXTERNAL_AUTH_0_AUTH_URL
value: "https://gitlab.com/oauth/authorize"
- name: CODER_EXTERNAL_AUTH_0_TOKEN_URL
value: "https://gitlab.com/oauth/token"
- name: CODER_EXTERNAL_AUTH_0_VALIDATE_URL
value: "https://gitlab.com/oauth/token/info"
- name: CODER_EXTERNAL_AUTH_0_REGEX
value: "" # Pretty sure I need to set this but can't quite get it right
# Access control settings
- name: CODER_DISABLE_PASSWORD_AUTH
value: "true" # Lock down to GitLab auth only
- name: CODER_OIDC_ALLOW_SIGNUPS
value: "${allow_signups}"
# Access configuration
- name: CODER_ACCESS_URL
value: "https://${hostname}"
Net result:
I can hit https://coder.mydomain.com/
But I only see email/pwd login, no gitlab
Tried with the default github auth and that worked for me
