Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add login hint support for GitHub browser-based OAuth authentication #1137

Merged
merged 4 commits into from
Mar 3, 2023
Merged

Add login hint support for GitHub browser-based OAuth authentication #1137

merged 4 commits into from
Mar 3, 2023

Conversation

mjcheetham
Copy link
Collaborator

@mjcheetham mjcheetham commented Mar 1, 2023
edited
Loading

If a username is specified in the remote URL then include this as a login hint when performing OAuth authentication for GitHub. This can help users of multiple accounts select the correct account before the OAuth flow completes and returns a token for the wrong account.

GitHub shows this nice prompt when a login hint is provided that does not match the currently logged-in user:

image

At the same time, if there is no logged-in user, then the login page's username box is already filled in:

image

The login hint is specified to GitHub via the extra login query parameter to the authorization endpoint.

@mjcheetham
oauth: drop unused protected properties from client
3bb4487
@mjcheetham
oauth: add ability to pass extra query params in authcode call
aee5b9e 
Add the ability to include extra query parameters in the authorization
code grant request. This allows consumers of the OAuth2Client to
customise the login experience that may include vendor specific args.
@mjcheetham
github: add login hint support for web browser login
663ae25 
If a username is specified in the remote URL then include this as a
login hint when performing OAuth authentication for GitHub.
@mjcheetham mjcheetham added enhancement New feature or request host:github Specific to the GitHub host provider auth:oauth Specific to OAuth2 authentication labels Mar 1, 2023
@mjcheetham
oauth: add test to validate extra params don't override std params
680aa6a 
Add a unit test to ensure that we do not allow overriding or replacing
standard OAuth2 query parameters.
ldennington
ldennington approved these changes Mar 2, 2023
View reviewed changes
Copy link
Contributor

@ldennington ldennington left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:shipit:

@mjcheetham mjcheetham merged commit 3979577 into git-ecosystem:main Mar 3, 2023
@mjcheetham mjcheetham deleted the login-hint branch March 3, 2023 01:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ldennington ldennington ldennington approved these changes

Assignees
No one assigned
Labels
auth:oauth Specific to OAuth2 authentication enhancement New feature or request host:github Specific to the GitHub host provider
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@mjcheetham @ldennington