fix: allow orgs with default github provider (cherry-pick #16755) #16784
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This PR fixes 2 bugs: ## Problem 1 The server would fail to start when the default github provider was configured and the flag `--oauth2-github-allowed-orgs` was set. The error was ``` error: configure github oauth2: allow everyone and allowed orgs cannot be used together ``` This PR fixes it by enabling "allow everone" with the default provider only if "allowed orgs" isn't set. ## Problem 2 The default github provider uses the device flow to authorize users, and that's handled differently by our web UI than the standard oauth flow. In particular, the web UI only handles JSON responses rather than HTTP redirects. There were 2 code paths that returned redirects, and the PR changes them to return JSON messages instead if the device flow is configured.
stirby
approved these changes
Mar 3, 2025
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Cherry-picked fix: allow orgs with default github provider (#16755)
This PR fixes 2 bugs:
Problem 1
The server would fail to start when the default github provider was
configured and the flag
--oauth2-github-allowed-orgswas set. Theerror was
This PR fixes it by enabling "allow everone" with the default provider
only if "allowed orgs" isn't set.
Problem 2
The default github provider uses the device flow to authorize users, and
that's handled differently by our web UI than the standard oauth flow.
In particular, the web UI only handles JSON responses rather than HTTP
redirects. There were 2 code paths that returned redirects, and the PR
changes them to return JSON messages instead if the device flow is
configured.