How to use url or use requst header property to input the single password for auth

[WeBeautifulNow]

code-server use single password for auth.
that means user should input the password in UI.
jupyterlab also have single password.
and jupyterlan can use https://${endpoint}?token={password} to login and auto direct.
How to do same thing in code-server?

if can't in url directly, how about in a requst, for example, use some property in request header to input the password.
I want to build a service, and the service verify the user info. So I can't let user to input the password again.
But I can't use auth: none, because if somebody use ip to access directly, he can access others code-server workspace.

[WeBeautifulNow]

@code-asher Could you help on this? thanks a lot.

[code-asher]

This is not supported, but there is a ticket open about it. #5819

#3546 is related too, I think.

Right now the only way to authenticate without providing the password is to set the code-server-session cookie with the right value.

[WeBeautifulNow]

Hi, @code-asher thanks for your replay.
I'm not sure what do you mean about auth without providing the password.
Our scenario is, we have password, but we don't want to manually input it in UI.
We want to put the password in url like ?token=${password}, or in request header, like {AUTHORIZATION: ${password}}.

Can we input the password like I said above or using a samilar way?

[code-asher]

Sorry for being unclear, I meant to say you can authenticate individual requests by setting the cookie. But this does not let you do auto-login.

Thinking about it some more, maybe you could do it with a POST request from your application? For example:

<form action="https://<domain>/login" method="post">
  <!-- Change base if you have code-server on a sub-path.  For example if
  code-server is on <domain>/foo/bar/ then base would be ./../..-->
  <input id="base" type="hidden" name="base" value=".">
  <input id="href" type="hidden" name="href" value="https://<domain>/login">
  <input id="href" type="hidden" name="password" value="test">
  <input value="launch code-server" type="submit">
</form>

But it requires the user click a button in your application.

Another idea is to use --auth none and put everything behind something else that handles the authentication like oauth2-proxy.

[WeBeautifulNow]

Thank you so much for taking the time to help me out!