Skip to content

Commit d86efad

Browse files
EmyrkEmyrk
committed
More dynamic defaults for entra
1 parent e96c408 commit d86efad

File tree

1 file changed

+38
-5
lines changed

1 file changed

+38
-5
lines changed

coderd/externalauth/externalauth.go

Lines changed: 38 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -572,6 +572,9 @@ func applyDefaultsToConfig(config *codersdk.ExternalAuthConfig) {
572572
case codersdk.EnhancedExternalAuthProviderGitea:
573573
copyDefaultSettings(config, giteaDefaults(config))
574574
return
575+
case codersdk.EnhancedExternalAuthProviderAzureDevopsEntra:
576+
copyDefaultSettings(config, azureDevopsEntraDefaults(config))
577+
return
575578
default:
576579
// No defaults for this type. We still want to run this apply with
577580
// an empty set of defaults.
@@ -733,6 +736,41 @@ func giteaDefaults(config *codersdk.ExternalAuthConfig) codersdk.ExternalAuthCon
733736
return defaults
734737
}
735738

739+
func azureDevopsEntraDefaults(config *codersdk.ExternalAuthConfig) codersdk.ExternalAuthConfig {
740+
defaults := codersdk.ExternalAuthConfig{
741+
DisplayName: "Azure DevOps (Entra)",
742+
DisplayIcon: "/icon/azure-devops.svg",
743+
Regex: `^(https?://)?dev\.azure\.com(/.*)?$`,
744+
}
745+
// The tenant ID is required for urls and is in the auth url.
746+
if config.AuthURL == "" {
747+
// No auth url, means we cannot guess the urls.
748+
return defaults
749+
}
750+
751+
auth, err := url.Parse(config.AuthURL)
752+
if err != nil {
753+
// We need a valid URL to continue with.
754+
return defaults
755+
}
756+
757+
// Only extract the tenant ID if the path is what we expect.
758+
// The path should be /{tenantId}/oauth2/authorize.
759+
parts := strings.Split(auth.Path, "/")
760+
if len(parts) < 4 && parts[2] != "oauth2" || parts[3] != "authorize" {
761+
// Not sure what this path is, abort.
762+
return defaults
763+
}
764+
tenantID := parts[1]
765+
766+
tokenURL := auth.ResolveReference(&url.URL{Path: fmt.Sprintf("/%s/oauth2/token", tenantID)})
767+
defaults.TokenURL = tokenURL.String()
768+
769+
// TODO: Discover a validate url for Azure DevOps.
770+
771+
return defaults
772+
}
773+
736774
var staticDefaults = map[codersdk.EnhancedExternalAuthProvider]codersdk.ExternalAuthConfig{
737775
codersdk.EnhancedExternalAuthProviderAzureDevops: {
738776
AuthURL: "https://app.vssps.visualstudio.com/oauth2/authorize",
@@ -742,11 +780,6 @@ var staticDefaults = map[codersdk.EnhancedExternalAuthProvider]codersdk.External
742780
Regex: `^(https?://)?dev\.azure\.com(/.*)?$`,
743781
Scopes: []string{"vso.code_write"},
744782
},
745-
codersdk.EnhancedExternalAuthProviderAzureDevopsEntra: {
746-
DisplayName: "Azure DevOps (Entra)",
747-
DisplayIcon: "/icon/azure-devops.svg",
748-
Regex: `^(https?://)?dev\.azure\.com(/.*)?$`,
749-
},
750783
codersdk.EnhancedExternalAuthProviderBitBucketCloud: {
751784
AuthURL: "https://bitbucket.org/site/oauth2/authorize",
752785
TokenURL: "https://bitbucket.org/site/oauth2/access_token",

0 commit comments

Comments
 (0)