Skip to content

Commit 4a74886

Browse files
alexwilcox9alexwilcox9
committed
WIP Entra External Auth for ADO
1 parent 1cc51b0 commit 4a74886

File tree

1 file changed

+21
-16
lines changed

1 file changed

+21
-16
lines changed

coderd/externalauth/externalauth.go

Lines changed: 21 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -703,7 +703,7 @@ var staticDefaults = map[codersdk.EnhancedExternalAuthProvider]codersdk.External
703703
DisplayName: "Azure DevOps",
704704
DisplayIcon: "/icon/azure-devops.svg",
705705
Regex: `^(https?://)?dev\.azure\.com(/.*)?$`,
706-
Scopes: []string{"vso.code_write"},
706+
Scopes: []string{"https://app.vssps.visualstudio.com/vso.code_write"},
707707
},
708708
codersdk.EnhancedExternalAuthProviderBitBucketCloud: {
709709
AuthURL: "https://bitbucket.org/site/oauth2/authorize",
@@ -753,26 +753,31 @@ type jwtConfig struct {
753753
}
754754

755755
func (c *jwtConfig) AuthCodeURL(state string, opts ...oauth2.AuthCodeOption) string {
756-
return c.Config.AuthCodeURL(state, append(opts, oauth2.SetAuthURLParam("response_type", "Assertion"))...)
756+
// return c.Config.AuthCodeURL(state, append(opts, oauth2.SetAuthURLParam("response_type", "Assertion"))...)
757+
return c.Config.AuthCodeURL(state, opts...)
757758
}
758759

759760
func (c *jwtConfig) Exchange(ctx context.Context, code string, opts ...oauth2.AuthCodeOption) (*oauth2.Token, error) {
760-
v := url.Values{
761-
"client_assertion_type": {},
762-
"client_assertion": {c.ClientSecret},
763-
"assertion": {code},
764-
"grant_type": {},
765-
}
766-
if c.RedirectURL != "" {
767-
v.Set("redirect_uri", c.RedirectURL)
768-
}
761+
// v := url.Values{
762+
// "client_assertion_type": {},
763+
// "client_assertion": {c.ClientSecret},
764+
// "assertion": {code},
765+
// "grant_type": {},
766+
// }
767+
// if c.RedirectURL != "" {
768+
// v.Set("redirect_uri", c.RedirectURL)
769+
// }
770+
769771
return c.Config.Exchange(ctx, code,
770772
append(opts,
771-
oauth2.SetAuthURLParam("client_assertion_type", "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"),
772-
oauth2.SetAuthURLParam("client_assertion", c.ClientSecret),
773-
oauth2.SetAuthURLParam("assertion", code),
774-
oauth2.SetAuthURLParam("grant_type", "urn:ietf:params:oauth:grant-type:jwt-bearer"),
775-
oauth2.SetAuthURLParam("code", ""),
773+
// oauth2.SetAuthURLParam("client_assertion_type", "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"),
774+
// oauth2.SetAuthURLParam("client_assertion", c.ClientSecret),
775+
// oauth2.SetAuthURLParam("assertion", code),
776+
// oauth2.SetAuthURLParam("grant_type", "urn:ietf:params:oauth:grant-type:jwt-bearer"),
777+
// oauth2.SetAuthURLParam("code", ""),
778+
oauth2.SetAuthURLParam("client_id", c.ClientID),
779+
oauth2.SetAuthURLParam("scope", "https://app.vssps.visualstudio.com/vso.code_write"),
780+
oauth2.SetAuthURLParam("client_secret", c.ClientSecret),
776781
)...,
777782
)
778783
}

0 commit comments

Comments
 (0)