Gitlab external auth
Hi folks, need some help with my setup. Here are the details.
- Running in GKE on GCP
- Running helm via TF (chart version 16.6.6, latest coder image)
- Gitlab.com as my external auth
- Disabling pwd and default github auth
- My domain is mydomain.com
Here is my gitlab secret setup
Group application: FP Coder
Application ID
6d190b9764a3dXXXXXXXXXXXXXXXXXXXXXXXXXcd3f587933fee1f5
Secret XXXXXXXXXXXXXXXXXXXXXXXXx
Callback URL
https://coder.mydomain.com/external-auth/gitlab-fp/callback
Confidential Yes
Scopes
read_user
openid
profile
email
And here is the env section of my values.yaml
# External auth configuration for GitLab
- name: CODER_OAUTH2_GITHUB_DEFAULT_PROVIDER_ENABLE
value: "false"
- name: CODER_EXTERNAL_AUTH_0_TYPE
value: "gitlab"
- name: CODER_EXTERNAL_AUTH_0_ID
value: "gitlab-fp"
- name: CODER_EXTERNAL_AUTH_0_CLIENT_ID
valueFrom:
secretKeyRef:
name: coder-secrets
key: gitlab-client-id
- name: CODER_EXTERNAL_AUTH_0_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: coder-secrets
key: gitlab-client-secret
- name: CODER_EXTERNAL_AUTH_0_AUTH_URL
value: "https://gitlab.com/oauth/authorize"
- name: CODER_EXTERNAL_AUTH_0_TOKEN_URL
value: "https://gitlab.com/oauth/token"
- name: CODER_EXTERNAL_AUTH_0_VALIDATE_URL
value: "https://gitlab.com/oauth/token/info"
- name: CODER_EXTERNAL_AUTH_0_REGEX
value: "" # Pretty sure I need to set this but can't quite get it right
# Access control settings - name: CODER_DISABLE_PASSWORD_AUTH value: "true" # Lock down to GitLab auth only - name: CODER_OIDC_ALLOW_SIGNUPS value: "${allow_signups}"
# Access configuration - name: CODER_ACCESS_URL value: "https://${hostname}" Net result: I can hit https://coder.mydomain.com/ But I only see email/pwd login, no gitlab Tried with the default github auth and that worked for me
# Access control settings - name: CODER_DISABLE_PASSWORD_AUTH value: "true" # Lock down to GitLab auth only - name: CODER_OIDC_ALLOW_SIGNUPS value: "${allow_signups}"
# Access configuration - name: CODER_ACCESS_URL value: "https://${hostname}" Net result: I can hit https://coder.mydomain.com/ But I only see email/pwd login, no gitlab Tried with the default github auth and that worked for me
8 Replies
<#1365300214927327273>
Category
Help needed
Product
Coder (v2)
Platform
Linux
Logs
Please post any relevant logs/error messages.
debug logs and output of authmethods above
It's possible I changed the helm values so reposting
To login with GitLab, you need to set-up OIDC: https://coder.com/docs/admin/users/oidc-auth
https://docs.gitlab.com/integration/openid_connect_provider/
External auth is used to authenticate in a workspace.
OpenID Connect (OIDC) Setup Guide | Coder Docs
Set up OpenID Connect (OIDC) authentication in Coder for seamless SSO integration with providers like Okta or Azure AD. Customize login and user claims.
GitLab as OpenID Connect identity provider | GitLab Docs
GitLab product documentation.
(@Bob_YeahThatBob see the reply above)
Thanks. Will review. Tbh i thought I tried this but I tried many things. I'll give this another go
External auth is used to log in within the workspaces so that the CLI tools are logged in automatically
so yes, OIDC is what you want, we are trying to make the difference clearer but it's complicated to explain properly