impl: support for certificate based authentication

fioan89 · fioan89 · commit 0160e6f89838 · 2025-07-18T01:02:50.000+03:00
We now skip token input screen if the user provided a public and a private key
for mTLS authentication.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,6 +5,7 @@
 ### Added
 
 - support for matching workspace agent in the URI via the agent name
+- support for certificate based authentication
 
 ### Removed
 
diff --git a/src/main/kotlin/com/coder/toolbox/CoderRemoteProvider.kt b/src/main/kotlin/com/coder/toolbox/CoderRemoteProvider.kt
@@ -244,7 +244,7 @@ class CoderRemoteProvider(
         environments.value = LoadableState.Value(emptyList())
         isInitialized.update { false }
         client = null
-        CoderCliSetupWizardState.resetSteps()
+        CoderCliSetupWizardState.goToFirstStep()
     }
 
     override val svgIcon: SvgIcon =
diff --git a/src/main/kotlin/com/coder/toolbox/sdk/CoderRestClient.kt b/src/main/kotlin/com/coder/toolbox/sdk/CoderRestClient.kt
@@ -94,7 +94,10 @@ open class CoderRestClient(
                 .build()
         }
 
-        if (token != null) {
+        if (context.settingsStore.requireTokenAuth) {
+            if (token.isNullOrBlank()) {
+                throw IllegalStateException("Token is required for $url deployment")
+            }
             builder = builder.addInterceptor {
                 it.proceed(
                     it.request().newBuilder().addHeader("Coder-Session-Token", token).build()
diff --git a/src/main/kotlin/com/coder/toolbox/views/ConnectStep.kt b/src/main/kotlin/com/coder/toolbox/views/ConnectStep.kt
@@ -67,7 +67,7 @@ class ConnectStep(
             return
         }
 
-        if (!CoderCliSetupContext.hasToken()) {
+        if (context.settingsStore.requireTokenAuth && !CoderCliSetupContext.hasToken()) {
             errorField.textState.update { context.i18n.ptrl("Token is required") }
             return
         }
@@ -77,7 +77,7 @@ class ConnectStep(
                 val client = CoderRestClient(
                     context,
                     CoderCliSetupContext.url!!,
-                    CoderCliSetupContext.token!!,
+                    if (context.settingsStore.requireTokenAuth) CoderCliSetupContext.token else null,
                     PluginManager.pluginInfo.version,
                 )
                 // allows interleaving with the back/cancel action
@@ -91,17 +91,17 @@ class ConnectStep(
                     statusField.textState.update { (context.i18n.pnotr(progress)) }
                 }
                 // We only need to log in if we are using token-based auth.
-                if (client.token != null) {
+                if (context.settingsStore.requireTokenAuth) {
                     statusField.textState.update { (context.i18n.ptrl("Configuring Coder CLI...")) }
                     // allows interleaving with the back/cancel action
                     yield()
-                    cli.login(client.token)
+                    cli.login(client.token!!)
                 }
                 statusField.textState.update { (context.i18n.ptrl("Successfully configured ${CoderCliSetupContext.url!!.host}...")) }
                 // allows interleaving with the back/cancel action
                 yield()
                 CoderCliSetupContext.reset()
-                CoderCliSetupWizardState.resetSteps()
+                CoderCliSetupWizardState.goToFirstStep()
                 onConnect(client, cli)
             } catch (ex: CancellationException) {
                 if (ex.message != USER_HIT_THE_BACK_BUTTON) {
@@ -127,10 +127,14 @@ class ConnectStep(
         } finally {
             if (shouldAutoLogin.value) {
                 CoderCliSetupContext.reset()
-                CoderCliSetupWizardState.resetSteps()
+                CoderCliSetupWizardState.goToFirstStep()
                 context.secrets.rememberMe = false
             } else {
-                CoderCliSetupWizardState.goToPreviousStep()
+                if (context.settingsStore.requireTokenAuth) {
+                    CoderCliSetupWizardState.goToPreviousStep()
+                } else {
+                    CoderCliSetupWizardState.goToFirstStep()
+                }
             }
         }
     }
diff --git a/src/main/kotlin/com/coder/toolbox/views/DeploymentUrlStep.kt b/src/main/kotlin/com/coder/toolbox/views/DeploymentUrlStep.kt
@@ -57,7 +57,11 @@ class DeploymentUrlStep(
             notify("URL is invalid", e)
             return false
         }
-        CoderCliSetupWizardState.goToNextStep()
+        if (context.settingsStore.requireTokenAuth) {
+            CoderCliSetupWizardState.goToNextStep()
+        } else {
+            CoderCliSetupWizardState.goToLastStep()
+        }
         return true
     }
 
diff --git a/src/main/kotlin/com/coder/toolbox/views/state/CoderCliSetupWizardState.kt b/src/main/kotlin/com/coder/toolbox/views/state/CoderCliSetupWizardState.kt
@@ -25,7 +25,11 @@ object CoderCliSetupWizardState {
         currentStep = WizardStep.entries.toTypedArray()[(currentStep.ordinal - 1) % WizardStep.entries.size]
     }
 
-    fun resetSteps() {
+    fun goToLastStep() {
+        currentStep = WizardStep.CONNECT
+    }
+
+    fun goToFirstStep() {
         currentStep = WizardStep.URL_REQUEST
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -244,7 +244,7 @@ class CoderRemoteProvider(`
`244`	`244`	`environments.value = LoadableState.Value(emptyList())`
`245`	`245`	`isInitialized.update { false }`
`246`	`246`	`client = null`
`247`		`- CoderCliSetupWizardState.resetSteps()`
	`247`	`+ CoderCliSetupWizardState.goToFirstStep()`
`248`	`248`	`}`
`249`	`249`
`250`	`250`	`override val svgIcon: SvgIcon =`
Original file line number	Diff line number	Diff line change
`@@ -57,7 +57,11 @@ class DeploymentUrlStep(`
`57`	`57`	`notify("URL is invalid", e)`
`58`	`58`	`return false`
`59`	`59`	`}`
`60`		`- CoderCliSetupWizardState.goToNextStep()`
	`60`	`+ if (context.settingsStore.requireTokenAuth) {`
	`61`	`+ CoderCliSetupWizardState.goToNextStep()`
	`62`	`+ } else {`
	`63`	`+ CoderCliSetupWizardState.goToLastStep()`
	`64`	`+ }`
`61`	`65`	`return true`
`62`	`66`	`}`
`63`	`67`
Original file line number	Diff line number	Diff line change
`@@ -25,7 +25,11 @@ object CoderCliSetupWizardState {`
`25`	`25`	`currentStep = WizardStep.entries.toTypedArray()[(currentStep.ordinal - 1) % WizardStep.entries.size]`
`26`	`26`	`}`
`27`	`27`
`28`		`- fun resetSteps() {`
	`28`	`+ fun goToLastStep() {`
	`29`	`+ currentStep = WizardStep.CONNECT`
	`30`	`+ }`
	`31`	`+`
	`32`	`+ fun goToFirstStep() {`
`29`	`33`	`currentStep = WizardStep.URL_REQUEST`
`30`	`34`	`}`
`31`	`35`	`}`