IdentityProvider
An IdentityProvider configures an external identity source for user authentication to the Riptides UI and API. This is separate from daemon authentication — IdentityProviders handle human user login via OAuth2/OIDC flows, while Verifiers handle machine-to-control-plane authentication.
- API Group:
core.riptides.io - Version:
v1alpha1 - Kind:
IdentityProvider - Plural:
identityproviders
- Type:
string - Required: Yes
A human-readable display name for the identity provider (e.g., "GitHub", "Google"). Shown in the login UI.
The spec must include exactly one of the following provider configurations.
github
Section titled “github”- Type:
object
Authenticate users via GitHub OAuth.
| Field | Type | Required | Description |
|---|---|---|---|
clientID | string | Yes | GitHub OAuth app client ID |
clientSecret | string | Yes | GitHub OAuth app client secret |
requiredOrgs | array of objects | Yes | GitHub organizations the user must belong to |
Each entry in requiredOrgs:
| Field | Type | Required | Description |
|---|---|---|---|
name | string | Yes | GitHub organization name |
teams | array of string | No | Specific teams within the organization (if omitted, any org member is accepted) |
google
Section titled “google”- Type:
object
Authenticate users via Google OAuth.
| Field | Type | Required | Description |
|---|---|---|---|
clientID | string | Yes | Google OAuth client ID |
clientSecret | string | Yes | Google OAuth client secret |
requiredHostedDomains | array of string | Yes | Restrict login to users from these Google Workspace domains |
bitbucket
Section titled “bitbucket”- Type:
object
Authenticate users via Bitbucket OAuth.
| Field | Type | Required | Description |
|---|---|---|---|
clientID | string | Yes | Bitbucket OAuth consumer key |
clientSecret | string | Yes | Bitbucket OAuth consumer secret |
static
Section titled “static”- Type:
object
A static user identity for development and testing. Not intended for production use.
| Field | Type | Required | Description |
|---|---|---|---|
email | string | Yes | User’s email address |
name | string | Yes | User’s display name |
givenName | string | No | First name |
familyName | string | No | Last name |
nickname | string | No | Nickname |
preferredUsername | string | No | Preferred username |
groups | array of string | No | Group memberships |
Status
Section titled “Status”| Field | Type | Description |
|---|---|---|
state | string | One of Unspecified, Available, Failed |
message | string | Human-readable message (set on failure) |
Example
Section titled “Example”apiVersion: core.riptides.io/v1alpha1kind: IdentityProvidermetadata: name: github namespace: riptides-systemspec: name: GitHub github: clientID: <your-github-oauth-client-id> clientSecret: <your-github-oauth-client-secret> requiredOrgs: - name: your-organizationRelated Resources
Section titled “Related Resources”- OIDCClient — defines the OIDC client that works with identity providers for user login