GitLab Upload Public Key with external-auth
I'm trying to replicate a similar module to: https://github.com/coder/modules/tree/main/github-upload-public-key, but for GitLab.
In the documentation, the scope needed for GitHub is listed as:
CODER_EXTERNAL_AUTH_0_SCOPES="repo,workflow,admin:public_key"
In my Coder deployment, if I don't specify this scope as an environment variable, is there a default? Or does it follow the scope that is matched to the OAuth application set on GitLab?
16 Replies
What are you creating this issue for?
@joelynnnnn we guess what provider you're using and default to these scopes:
https://github.com/coder/coder/blob/0367dbac433595322aef5e013fbce2fd886af238/coderd/externalauth/externalauth.go#L872-L910
GitHub
coder/coderd/externalauth/externalauth.go at 0367dbac433595322aef5e...
Provision remote development environments via Terraform - coder/coder
and if we can't guess the scopes we just leave them empty
does leaving it empty affect anything? i’ve enabled “api” on oauth application, but it’s still returning 401
no it doesn't
there's just no scopes
so you have a small amount of permissions
or zero permissions maybe
oh looks like gitlab's one is here: https://github.com/coder/coder/blob/0367dbac433595322aef5e013fbce2fd886af238/coderd/externalauth/externalauth.go#L734
will try to add in the scope using CODER_EXTERNAL_AUTH_0_SCOPES and see if it works
GitHub
coder/coderd/externalauth/externalauth.go at 0367dbac433595322aef5e...
Provision remote development environments via Terraform - coder/coder
hey, updating you on this, the last weeks have been very busy for me, and this week will be too so there is a lot of backlog that has built up so I apologize for the delay!
If no one else from the team has had the time to figure this out I should be able to catch up
with all open issues by next week EOW, I will try to leave an answer, even if it is an "i don't know" just so you know we're looking at this!
thanks for your understanding :-)
hey, were you able to figure this out?
unfortunately i haven't had the time to test this out, will probably only be able to test 2-4 weeks later
sounds good!
Alright @Phorcys, in 4 weeks: …
I've tried adding
- name: CODER_EXTERNAL_AUTH_0_SCOPES
value: "write_repository api read_api"
but i'm still getting insufficient_scope
Solution
ok i had to re-authorise external authentication, and now it's working
@Phorcys closed the thread.
@Phorcys, <t:1753388527:R>: …
@Phorcys closed the thread.