- Notifications
You must be signed in to change notification settings - Fork909
fix: allow orgs with default github provider#16755
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Uh oh!
There was an error while loading.Please reload this page.
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
The change looks reasonable to me, but cc'ing@Emyrk for a second pair of eyes.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Before this change, if neitherallowEveryone orallowOrgs was set, did we implicitly allow anyone?
@Emyrk we set |
95347b2 intomainUh oh!
There was an error while loading.Please reload this page.
/cherry-pick release/2.20 |
This PR fixes 2 bugs:
Problem 1
The server would fail to start when the default github provider was configured and the flag
--oauth2-github-allowed-orgswas set. The error wasThis PR fixes it by enabling "allow everone" with the default provider only if "allowed orgs" isn't set.
Problem 2
The default github provider uses the device flow to authorize users, and that's handled differently by our web UI than the standard oauth flow. In particular, the web UI only handles JSON responses rather than HTTP redirects. There were 2 code paths that returned redirects, and the PR changes them to return JSON messages instead if the device flow is configured.