OAuth2-based login

[boardfish]

I'd like to be able to put my server behind a single sign-on login provider. In my case, I'd like to use Keycloak, but I think support for OAuth2 providers should be generic and configurable. It's worth taking some inspiration from how CodiMD deals with it - a bunch of config items define the necessary URLs, and the app takes care of the rest.

[fbartels]

With code-server pretty much not having any understanding of users you could also deploy something like https://github.com/vouch/vouch-proxy in front of it.

For my own deployment I am using nginx & auth_request configured against a webdav source.

[boardfish]

I suppose that's the workaround for now. More of a question for the maintainers over there, but I'm using jwilder/nginx-proxy as it is, so hopefully it's compatible with that too.

Unfortunately, adding code-server to my VPS maxed it out and crashed all the other Docker containers, so I don't think I'll be able to test this anytime soon...

[nhooyr]

It's best to just use a proxy.

[schristm]

With code-server pretty much not having any understanding of users you could also deploy something like https://github.com/vouch/vouch-proxy in front of it.

For my own deployment I am using nginx & auth_request configured against a webdav source.

Hey @fbartels, does your current implementation work with Safari? I am using PAM for Basic Authentication, but Safari's WebSocket implementation doesn't pass the right headers for code-server to work. I'm assuming your DAV implementation is also using Basic Authentication, so I'm curious if you figured out a way around limited browser support. I came across vouch-proxy too, and thinking of giving that a shot, since it authenticates differently and uses cookies to track the session.

[fbartels]

@schristm sorry for the late reply. I must say that due to the new remote features of VS Code itself I am no longer using code-server. My "on the road" device is a Chromebook so I can just run VS Code in the Debian runtime of it.