From 152103bf788dc5a4c06586302a255a212e0fe77d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pawe=C5=82=20Banaszewski?= Date: Tue, 14 Oct 2025 09:28:10 +0200 Subject: [PATCH] fix: add default value for RevokeURL property in external auth config for GitHub (#20272) This PR adds setting default value of `RevokeURL` property of external auth config for GitHub. --- coderd/externalauth/externalauth.go | 38 ++++++++++++++++++++--------- 1 file changed, 26 insertions(+), 12 deletions(-) diff --git a/coderd/externalauth/externalauth.go b/coderd/externalauth/externalauth.go index f1ab1cd038..f33a9d3670 100644 --- a/coderd/externalauth/externalauth.go +++ b/coderd/externalauth/externalauth.go @@ -781,6 +781,9 @@ func applyDefaultsToConfig(config *codersdk.ExternalAuthConfig) { // Dynamic defaults switch codersdk.EnhancedExternalAuthProvider(config.Type) { + case codersdk.EnhancedExternalAuthProviderGitHub: + copyDefaultSettings(config, gitHubDefaults(config)) + return case codersdk.EnhancedExternalAuthProviderGitLab: copyDefaultSettings(config, gitlabDefaults(config)) return @@ -855,6 +858,29 @@ func copyDefaultSettings(config *codersdk.ExternalAuthConfig, defaults codersdk. } } +// gitHubDefaults returns default config values for GitHub. +// The only dynamic value is the revocation URL which depends on client ID. +func gitHubDefaults(config *codersdk.ExternalAuthConfig) codersdk.ExternalAuthConfig { + defaults := codersdk.ExternalAuthConfig{ + AuthURL: xgithub.Endpoint.AuthURL, + TokenURL: xgithub.Endpoint.TokenURL, + ValidateURL: "https://api.github.com/user", + DisplayName: "GitHub", + DisplayIcon: "/icon/github.svg", + Regex: `^(https?://)?github\.com(/.*)?$`, + // "workflow" is required for managing GitHub Actions in a repository. + Scopes: []string{"repo", "workflow"}, + DeviceCodeURL: "https://github.com/login/device/code", + AppInstallationsURL: "https://api.github.com/user/installations", + } + + if config.RevokeURL == "" && config.ClientID != "" { + defaults.RevokeURL = fmt.Sprintf("https://api.github.com/applications/%s/grant", config.ClientID) + } + + return defaults +} + func bitbucketServerDefaults(config *codersdk.ExternalAuthConfig) codersdk.ExternalAuthConfig { defaults := codersdk.ExternalAuthConfig{ DisplayName: "Bitbucket Server", @@ -1053,18 +1079,6 @@ var staticDefaults = map[codersdk.EnhancedExternalAuthProvider]codersdk.External Regex: `^(https?://)?bitbucket\.org(/.*)?$`, Scopes: []string{"account", "repository:write"}, }, - codersdk.EnhancedExternalAuthProviderGitHub: { - AuthURL: xgithub.Endpoint.AuthURL, - TokenURL: xgithub.Endpoint.TokenURL, - ValidateURL: "https://api.github.com/user", - DisplayName: "GitHub", - DisplayIcon: "/icon/github.svg", - Regex: `^(https?://)?github\.com(/.*)?$`, - // "workflow" is required for managing GitHub Actions in a repository. - Scopes: []string{"repo", "workflow"}, - DeviceCodeURL: "https://github.com/login/device/code", - AppInstallationsURL: "https://api.github.com/user/installations", - }, codersdk.EnhancedExternalAuthProviderSlack: { AuthURL: "https://slack.com/oauth/v2/authorize", TokenURL: "https://slack.com/api/oauth.v2.access",