Adds a new subcommand to print the current session token for use in
scripts and automation, similar to `gh auth token`.
## Usage
```bash
CODER_SESSION_TOKEN=$(coder login token)
```
Fixes#21515
## Description
Adds a brief section to the API & Session Tokens documentation
explaining API key scopes.
## Changes
- Added "API Key Scopes" section to
`docs/admin/users/sessions-tokens.md`
- Includes overview of scope functionality and security benefits
- Documents scope format (`resource:action`) and wildcard usage
- Provides CLI examples for creating scoped tokens
- Lists common scope examples with descriptions
## Motivation
Users need documentation on how to create and use scoped API tokens for
improved security by limiting token permissions to only necessary
operations.
## Testing
- Reviewed documentation formatting
- Verified markdown structure
- Confirmed examples are accurate
Propose Microsoft Entra ID OIDC Directions for Admin Documentation based
on my personal experience / setup.
Propose information on changing access URL in Tutorials -> FAQs
---------
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: DevCats <chris@dualriver.com>
Co-authored-by: DevelopmentCats <christofer@coder.com>
## Summary
- Add a provider-specific guide for configuring Google as an OIDC
provider
- Document refresh token setup via CODER_OIDC_AUTH_URL_PARAMS
- Add page to docs navigation under Users → OIDC Authentication
## Test plan
- Docs site builds: `docs/admin/users/oidc-auth/google.md` renders
- Nav shows 'Google' under OIDC Authentication
- Links to OIDC overview and refresh tokens work
Fixes#13508
---------
Co-authored-by: Atif Ali <atif@coder.com>
Current example fails since kubectl version 1.31:
```sh
$ kubectl exec -it deployment/coder /bin/bash -n coder
error: exec [POD] [COMMAND] is not supported anymore. Use exec [POD] -- [COMMAND] instead
```
The legacy syntax was removed in:
https://github.com/kubernetes/kubernetes/pull/125437
closes#18833
replace suggestions to use the now-deprecated `CODER_VERBOSE` with more
specific `CODER_LOG_FILTER`
thanks @UnicornyRainbow!
---------
Co-authored-by: EdwardAngert <17991901+EdwardAngert@users.noreply.github.com>
Following some issues we discovered on dogfood after merging #17878, we
think `prompt=consent` is required for refresh tokens to be sent by
Google every time you sign in.
#15896 Mentions ability to add support for filtering by login type
The issue mentions that backend API support exists but the backend did
not seem to have the support for this filter. So I have added the
ability to filter it.
I also added a corresponding update to readme file to make sure the docs
will correctly showcase this feature
## Issue
Closes#16824
Document that the default GitHub authentication app provided by Coder
requires device flow, and that this behavior cannot be overridden.
## Changes Made
Claude updated the GitHub authentication documentation to:
1. Add a prominent warning in the Default Configuration section
explaining that the default GitHub app requires device flow and ignores
the `CODER_OAUTH2_GITHUB_DEVICE_FLOW` setting
2. Clarify the Device Flow section to indicate that:
- Device flow is always enabled for the default GitHub app
- Device flow is optional for custom GitHub OAuth apps
- The `CODER_OAUTH2_GITHUB_DEVICE_FLOW` setting is ignored when using
the default app
[preview](https://coder.com/docs/@16824-github-device-flow/admin/users/github-auth)
<sub>🤖 Generated with [Claude Code](https://claude.ai/code)</sub>
---------
Co-authored-by: EdwardAngert <17991901+EdwardAngert@users.noreply.github.com>
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: M Atif Ali <atif@coder.com>
Kacper Sawicki