fix: support custom OAuth2 URLs for GitHub Enterprise and self-hosted providers (#3513)

- Use custom authURL/tokenURL from config instead of hardcoded github.com endpoints - Properly configure GitHub Enterprise API base URL from auth endpoints Fixes OAuth2 authentication with GitHub Enterprise Server and other self-hosted OAuth2 providers. Signed-off-by: Mathias Bogaert <mathias.bogaert@gmail.com>
2026-06-20 06:37:56 +08:00 · 2025-11-04 13:11:05 +01:00
parent fdba14b9a3
commit 3fd69faf5d
4 changed files with 56 additions and 2 deletions
@@ -167,6 +167,8 @@ type OpenIDProviderConfig struct {
 	ClientSecret    string
 	KeyPath         string
 	Issuer          string
+	AuthURL         string
+	TokenURL        string
 	Scopes          []string
 }

@@ -606,6 +608,8 @@ func (c *Config) Sanitize() *Config {
 					ClientSecret: "******",
 					KeyPath:      config.KeyPath,
 					Issuer:       config.Issuer,
+					AuthURL:      config.AuthURL,
+					TokenURL:     config.TokenURL,
 					Scopes:       config.Scopes,
 				}
 			}
@@ -119,6 +119,8 @@ func TestConfig(t *testing.T) {
 							Name:         "GitHub",
 							ClientID:     "github-client-id",
 							ClientSecret: "github-client-secret",
+							AuthURL:      "github-auth-url",
+							TokenURL:     "github-token-url",
 							Scopes:       []string{"user:email"},
 						},
 					},
@@ -143,6 +145,8 @@ func TestConfig(t *testing.T) {
 			// Verify original config is not modified
 			So(conf.HTTP.Auth.OpenID.Providers["google"].ClientSecret, ShouldEqual, "google-client-secret")
 			So(conf.HTTP.Auth.OpenID.Providers["github"].ClientSecret, ShouldEqual, "github-client-secret")
+			So(conf.HTTP.Auth.OpenID.Providers["github"].AuthURL, ShouldEqual, "github-auth-url")
+			So(conf.HTTP.Auth.OpenID.Providers["github"].TokenURL, ShouldEqual, "github-token-url")
 		})

 		Convey("Test Sanitize() with Event sink credentials", func() {