Authorize coder workspace to access forwarded port urls
I'm working on OIDC between two applications and the user needs to be able to provide App A a url to App B that both App A and the user can use to access App B. The issue is my coder workspace is not authorized to access coder urls, so in order to do this I must make the App B url public.
Is there a way to authorize the coder workspace to access the url for App B without making the url public?
9 Replies
<#1278055706871861278>
Category
Help needed
Product
Coder OSS (v2)
Platform
Linux
Logs
Please post any relevant logs/error messages.
I could locate these two apps on the same workspace, but still I'd need to have some custom logic that translates coder URIs into local URIs and I wouldn't want that code to land in poduction
Hey, I think I'm following. Are users interacting with these apps via subdomain
coder_apps
?
I imagine if they are port forwarding using VS Code desktop and both were localhost, this wouldn't be a problem?We have some docs on our support for CORS here https://coder.com/docs/networking/port-forwarding#cross-origin-resource-sharing-cors. Does any of this help?
Port Forwarding - Coder Docs
Learn how to forward ports in Coder
I want workspace A to be able to request a coder share uri on workspace B without making the share uri public
What I ultimately did is colocate the apps on one workspace so that I could proxy the share uri through my local webserver and avoid authenticating with coder
Ah I see. yeah, we don't currently allow workspace->workspace connections unless you expose something on the infra layer and use internal networking
That makes sense. It'd be nice if there were a proxy you could point urls at that would manage SSL, but self signed along with configuring tools to trust the cert wasn't the hardest thing
@ShamesBond closing this one since you found a workaround -- though this seems like something that would be worth looking into!
in this case if you couldn't colocate on the same workspace i'd recommend linking up both workspaces with a virtual network
@Phorcys closed the thread.