code-server: [Bug]: GitHub login status gets lost after restarting of code-server daemon

I created this to solve the problem. Since vscode expects keytar I just implemented it in NodeJS and had it write to a file. It does not perform the same keyring activity that the original does - it’s more or less a simple keystore.

https://github.com/stevenlafl/node-keytar/blob/master/lib/keytar.js

You can encrypt it with environment variable ENCRYPTION_KEY, though it’s visible to VSCode, so I am not sure how useful that feature is to anyone yet.

So, in a Dockerfile:

# Install Keytar replacement
# Places credentials in $HOME/.local/creds/keytar.json
USER root

RUN curl -L https://raw.githubusercontent.com/stevenlafl/node-keytar/master/lib/keytar.js -o /usr/lib/code-server/lib/vscode/node_modules/keytar/lib/keytar.js

USER coder

Then volume mount /home/coder/.local/creds to wherever you want. (of course, chown it from within the container so coder can access it)

I have the same issue. Previously (up to code-server v4.1.0) the credentials were stored in the browser storage (maybe indexed DB or local storage - haven’t checked it in detail).

Since code-server v4.2.0 the credentials are not stored in the browser anymore, but apparently they are stored in-memory on the server. Thus restarting the server causes it to forget them (as described above).

The following log might be related to this, since it mentions switching to an in-memory credential store because keytar failed to load. On the other hand, it looks like keytar is intentionally not installed: https://github.com/coder/code-server/issues/5018 and we wouldn’t want to use keytar, because then the credentials would be stored in the hosts local keyring / keychain.

[2022-04-27T18:24:48.025Z] info  code-server 4.3.0 09bc30027a7fbba170f907a527eaa9f7219fe739
[2022-04-27T18:24:48.027Z] info  Using user-data-dir ~/.local/share/code-server
[2022-04-27T18:24:48.051Z] info  Using config file ~/.config/code-server/config.yaml
[2022-04-27T18:24:48.051Z] info  HTTP server listening on http://127.0.0.1:9090/
[2022-04-27T18:24:48.051Z] info    - Authentication is disabled
[2022-04-27T18:24:48.052Z] info    - Not serving HTTPS
[18:24:54] Extension host agent started.
[18:24:56] [127.0.0.1][bf000a82][ManagementConnection] New connection established.
[18:24:57] [127.0.0.1][e21040ab][ExtensionHostConnection] New connection established.
[18:24:57] [127.0.0.1][e21040ab][ExtensionHostConnection] <2762> Launched Extension Host Process.
[18:25:01] Switching to using in-memory credential store instead because Keytar failed to load: Cannot find module '../build/Release/keytar.node'
Require stack:
- /usr/lib/code-server/lib/vscode/node_modules/keytar/lib/keytar.js
- /usr/lib/code-server/lib/vscode/out/bootstrap-amd.js
- /usr/lib/code-server/out/node/util.js
- /usr/lib/code-server/out/node/cli.js
- /usr/lib/code-server/out/node/entry.js

Yeah for a long time I didn’t have this problem, on the newer versions I do again (4.16.1)

In fact, its even worse in the sense that every time I reload I have to re-login

The same issue on v4.16.1.

I have this same isuue.

@rohit901 I never claimed that this method works with GitHub Copilot[^1].
ℹ️ This extension may only be used with VS Code from Microsoft.

[^1]: I do not know, if a personal access token with scopes repo and user is sufficient for GitHub Copilot – it is for GitHub Pull Requests and Issues, though.

My advice: Keep your hands off GitHub Copilot.
https://drewdevault.com/2022/06/23/Copilot-GPL-washing.html

GH login session will still expire if the code-server daemon is restarted on v4.13.0

I restart my server every morning to free the memory etc…So I have to log in to copilot and GH repo every day…I hope we can solve this issue and it would save much of time.

Appreciate it!

@benz0li copilot is still asking to sign in using github, each time i quit server and open again. I generated my personal access token with the repo and user scope as you said, putting it in GITHUB_TOKEN environment variable and starting code-server with: .local/bin/code-server --bind-addr 0.0.0.0:11000

P.S.: The same applies for the GitLab Workflow extensions, i.e. set environment variables GITLAB_WORKFLOW_INSTANCE_URL and GITLAB_WORKFLOW_TOKEN before starting code-server.

@Zai-Kun You can either set github-auth in the config file, set GITHUB_TOKEN=<Personal Access Token> before starting code-server or start code-server with --github-auth=<Personal Access Token> (Personal Access Token with scopes repo and user). 👉 The extension should then be authenticated.

Thanks, it seems to be working now.

I need to know when this problem is going to be fixed?

I think a proposal to change secret storage would make more sense upstream rather than a patch here in code-server but there might be an existing method that works better because Codespaces does not seem to spawn dbus yet presumably secrets work there. So if we can figure that out maybe we can leverage it in code-server.

Huh yeah my memory is also that it used to be in browser storage so if they moved it out that would explain the problem.

Our Linux builds were silently not including keytar (yarn failed to build but never errored) because we were missing the libsecret dependency which I think we added recently so hopefully that means it stops using the in-memory store (from 4.9.1 onward I think).