Skip to content

GitHub organization membership is not enforced when configured multiple auth providers

Created by: unknwon

If the site admin configures multiple auth providers using GitHub OAuth, the "allowOrgs" is not taking effect.

Example config (they are different OAuth applications with different clientID and clientSecret):

{
  "auth.providers": [
    {
      "displayName": "GitHub.com",
      "type": "github",
      "clientID": "<REDACTED>",
      "clientSecret": "<REDACTED>"
    },
    {
      "type": "github",
      "url": "",
      "displayName": "GitHub Enterprise Cloud",
      "clientID": "<REDACTED>",
      "clientSecret": "<REDACTED>",
      "allowSignup": true,
      "allowOrgs": [
        "sourcegraph-enterprise-test"
      ]
    }
  ],
}

Remove the first one that has no "allowOrgs" then it works as expected.

If someone else is interested in taking this, here are my unverified thoughts:

  • The order of elements in "auth.providers" may matter.