Skip to content

Remove deprecated auth sources #35272

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 9 commits into
base: main
Choose a base branch
from
Open

Remove deprecated auth sources #35272

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
ebb8c93
Remove deprecated auth sources
techknowlogick Aug 13, 2025
f63f49c
Merge branch 'main' into deprecate-azure-ad-auth
techknowlogick Aug 13, 2025
57b24be
Merge branch 'main' into deprecate-azure-ad-auth
techknowlogick Aug 15, 2025
441b0ab
Merge remote-tracking branch 'upstream/main' into deprecate-azure-ad-…
techknowlogick Aug 15, 2025
931044c
reduce duplication
techknowlogick Aug 15, 2025
587bf92
Merge branch 'main' into deprecate-azure-ad-auth
techknowlogick Aug 17, 2025
6d34f62
dont use map per feedback
techknowlogick Aug 17, 2025
c9feca8
fix lint
techknowlogick Aug 18, 2025
7a8ac61
Merge branch 'main' into deprecate-azure-ad-auth
techknowlogick Aug 18, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 5 additions & 3 deletions routers/web/admin/auths.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -97,7 +97,7 @@ func NewAuthSource(ctx *context.Context) {
ctx.Data["AuthSources"] = authSources
ctx.Data["SecurityProtocols"] = securityProtocols
ctx.Data["SMTPAuths"] = smtp.Authenticators
oauth2providers := oauth2.GetSupportedOAuth2Providers()
oauth2providers := oauth2.GetSupportedOAuth2ProvidersWithContext(ctx)
ctx.Data["OAuth2Providers"] = oauth2providers

ctx.Data["SSPIAutoCreateUsers"] = true
Expand All @@ -107,7 +107,9 @@ func NewAuthSource(ctx *context.Context) {
ctx.Data["SSPIDefaultLanguage"] = ""

// only the first as default
ctx.Data["oauth2_provider"] = oauth2providers[0].Name()
if len(oauth2providers) > 0 {
ctx.Data["oauth2_provider"] = oauth2providers[0].Name()
}

ctx.HTML(http.StatusOK, tplAuthNew)
}
Expand Down Expand Up @@ -240,7 +242,7 @@ func NewAuthSourcePost(ctx *context.Context) {
ctx.Data["AuthSources"] = authSources
ctx.Data["SecurityProtocols"] = securityProtocols
ctx.Data["SMTPAuths"] = smtp.Authenticators
oauth2providers := oauth2.GetSupportedOAuth2Providers()
oauth2providers := oauth2.GetSupportedOAuth2ProvidersWithContext(ctx)
ctx.Data["OAuth2Providers"] = oauth2providers

ctx.Data["SSPIAutoCreateUsers"] = true
Expand Down
42 changes: 42 additions & 0 deletions services/auth/source/oauth2/providers.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -83,13 +83,55 @@ func RegisterGothProvider(provider GothProvider) {
gothProviders[provider.Name()] = provider
}

// hasExistingAzureADAuthSources checks if there are any existing Azure AD auth sources configured
func hasExistingAzureADAuthSources(ctx context.Context) bool {
azureProviders := map[string]bool{
"azuread": true,
"microsoftonline": true,
"azureadv2": true,
}

authSources, err := db.Find[auth.Source](ctx, auth.FindSourcesOptions{
LoginType: auth.OAuth2,
})
if err != nil {
return false
}

for _, source := range authSources {
if oauth2Cfg, ok := source.Cfg.(*Source); ok {
if azureProviders[oauth2Cfg.Provider] {
return true
}
}
}
return false
}

// GetSupportedOAuth2Providers returns the map of unconfigured OAuth2 providers
// key is used as technical name (like in the callbackURL)
// values to display
// Note: Azure AD providers (azuread, microsoftonline, azureadv2) are filtered out
// unless they already exist in the system to encourage use of OpenID Connect
func GetSupportedOAuth2Providers() []Provider {
return GetSupportedOAuth2ProvidersWithContext(context.Background())
}

// GetSupportedOAuth2ProvidersWithContext returns the list of supported OAuth2 providers with context for filtering
func GetSupportedOAuth2ProvidersWithContext(ctx context.Context) []Provider {
providers := make([]Provider, 0, len(gothProviders))
hasExistingAzure := hasExistingAzureADAuthSources(ctx)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I mean

existAuthSources := getExistingAzureADAuthSources(ctx)
for _, provider := range gothProviders {
		if isAzureProvider(provider.Name()) && !slices.Contains(existAuthSources, provider.Name()) {
			continue
		}


azureProviders := map[string]bool{
"azuread": true,
"microsoftonline": true,
"azureadv2": true,
}

for _, provider := range gothProviders {
if azureProviders[provider.Name()] && !hasExistingAzure {
continue
}
providers = append(providers, provider)
}
sort.Slice(providers, func(i, j int) bool {
Expand Down