[feat] support custom GitHub OAuth2 auth and token URLs

analytically · analytically · commit fd87859fa259 · 2025-03-12T17:37:19.000Z
diff --git a/pkg/api/authn.go b/pkg/api/authn.go
@@ -587,12 +587,24 @@ func NewRelyingPartyGithub(config *config.Config, provider string, hashKey, encr
 	_, clientID, clientSecret, redirectURI, scopes,
 		options := getRelyingPartyArgs(config, provider, hashKey, encryptKey, log)
 
+	var endpoint oauth2.Endpoint
+
+	// Use custom endpoints if provided, otherwise fallback to GitHub's endpoints
+	if provider := config.HTTP.Auth.OpenID.Providers[provider]; provider.AuthUrl != "" && provider.TokenUrl != "" {
+		endpoint = oauth2.Endpoint{
+			AuthURL:  provider.AuthUrl,
+			TokenURL: provider.TokenUrl,
+		}
+	} else {
+		endpoint = githubOAuth.Endpoint
+	}
+
 	rpConfig := &oauth2.Config{
 		ClientID:     clientID,
 		ClientSecret: clientSecret,
 		RedirectURL:  redirectURI,
 		Scopes:       scopes,
-		Endpoint:     githubOAuth.Endpoint,
+		Endpoint:     endpoint,
 	}
 
 	relyingParty, err := rp.NewRelyingPartyOAuth(rpConfig, options...)
diff --git a/pkg/api/config/config.go b/pkg/api/config/config.go
@@ -100,6 +100,8 @@ type OpenIDProviderConfig struct {
 	ClientSecret string
 	KeyPath      string
 	Issuer       string
+	AuthUrl      string
+	TokenUrl     string
 	Scopes       []string
 }
 

Original file line number	Diff line number	Diff line change
`@@ -100,6 +100,8 @@ type OpenIDProviderConfig struct {`
`100`	`100`	`ClientSecret string`
`101`	`101`	`KeyPath string`
`102`	`102`	`Issuer string`
	`103`	`+ AuthUrl string`
	`104`	`+ TokenUrl string`
`103`	`105`	`Scopes []string`
`104`	`106`	`}`
`105`	`107`