Code-server: [v2] http://localhost:8080 redirects to a login page. Does it have to?

Created on 25 Oct 2019  路  7Comments  路  Source: cdr/code-server


Couldn't find similar issues.

  • code-server version:
info  2.1644-vsc1.39.2
info  d81d5f499f09bc887db2fb9bb35e0222bf48d80c
info  x64
  • OS Version: macOS Catalina 10.15, Docker Desktop: 2.1.0.4

Description

With the newest Docker container Authentication seems to be mandatory. This means that once one navigates to http://localhost:8080, she's redirected to a login page.

Documentation makes it clear that Authentication is now required. I would like to challenge this design decision:

  1. What if I need to use my own Authentication mechanism, such as:
  • Keycloak (Auth Server) with a directory behind
  • And/or SSO
  • And/or OAuth2 authentication flow with explicit concent?

  1. What if I just don't need authentication as part of my own scenarios?

  2. Should I modify code-server in order to support any/all of these scenario(s)? Wouldn't it be better if I just provide my own/IDM provider auth page in front of VS Code? Wouldn't an Authentication solution preceeding/intercepting requests to the code-server do better?

  3. If no authentication is needed, wouldn't that simplify the code-base of the code-server to certain extent?

Now, I understand that this Security change was made for a reason. If removing Authentication completely is not an option, why don't you make it optional? It could be enabled by default. Its value could be set through an environment variable.

What do you think? Would it be ok to go this way?

bug
Source
picture emil-simeonov-se

Most helpful comment

@emil-simeonov-se by default we have password authentication compared to previous builds. You'll have to set using --auth=none from then on if you don't like auth.

picture sr229 on 25 Oct 2019
👍3

All 7 comments

@emil-simeonov-se by default we have password authentication compared to previous builds. You'll have to set using --auth=none from then on if you don't like auth.

sr229 picture sr229 on 25 Oct 2019
👍3

You can just add the flag to the end of the Docker one-liner on the readme and it passes through fine, since you mentioned using Docker.

coadler picture coadler on 25 Oct 2019

@emil-simeonov-se by default we have password authentication compared to previous builds. You'll have to set using --auth=none from then on if you don't like auth.

Maybe it would be worthy to be documented? If it is, would you point me to the corresponding resource?

emil-simeonov-se picture emil-simeonov-se on 25 Oct 2019

It's documented on startup, but might be worth mentioning in the readme

image

coadler picture coadler on 25 Oct 2019

I think it would be better. I personally start most of my containers in
daemon mode, so chances are high that if the code-server container runs normally, I would
never see this message.

emil-simeonov-se picture emil-simeonov-se on 25 Oct 2019

There's an authentication section in the readme: https://github.com/cdr/code-server#authentication

Lemme know if that section needs to be reworked in some way.

code-asher picture code-asher on 25 Oct 2019

Oops I completely missed that section :smiley:

coadler picture coadler on 25 Oct 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

sa7mon picture sa7mon  路  3Comments
KSXGitHub picture KSXGitHub  路  3Comments
lshamis picture lshamis  路  3Comments
pchecinski picture pchecinski  路  3Comments
pchecinski picture pchecinski  路  3Comments