From 9045b65950a14fb55953581ef24af4788dbb0f5d Mon Sep 17 00:00:00 2001 From: Thomas Kosiewski Date: Tue, 1 Jul 2025 15:10:47 +0200 Subject: [PATCH] feat(oauth2): replace dev flag with oauth2 experiment for controlled rollout - Add ExperimentOAuth2 constant to enable OAuth2 via experiment flag - Replace dev-only middleware with experiment-based gating - Maintain backward compatibility with dev mode - Allow OAuth2 enablement in production environments via --experimental=oauth2 Change-Id: I51e021a21ad385c133783d715e872fb4069f9e66 Signed-off-by: Thomas Kosiewski --- coderd/apidoc/docs.go | 7 +++++-- coderd/apidoc/swagger.json | 7 +++++-- coderd/oauth2.go | 6 +++--- codersdk/deployment.go | 2 ++ docs/reference/api/schemas.md | 1 + site/src/api/typesGenerated.ts | 2 ++ 6 files changed, 18 insertions(+), 7 deletions(-) diff --git a/coderd/apidoc/docs.go b/coderd/apidoc/docs.go index 8dcd7d36bdd30..ce420cbf1a6b4 100644 --- a/coderd/apidoc/docs.go +++ b/coderd/apidoc/docs.go @@ -12550,12 +12550,14 @@ const docTemplate = `{ "auto-fill-parameters", "notifications", "workspace-usage", - "web-push" + "web-push", + "oauth2" ], "x-enum-comments": { "ExperimentAutoFillParameters": "This should not be taken out of experiments until we have redesigned the feature.", "ExperimentExample": "This isn't used for anything.", "ExperimentNotifications": "Sends notifications via SMTP and webhooks following certain events.", + "ExperimentOAuth2": "Enables OAuth2 provider functionality.", "ExperimentWebPush": "Enables web push notifications through the browser.", "ExperimentWorkspaceUsage": "Enables the new workspace usage tracking." }, @@ -12564,7 +12566,8 @@ const docTemplate = `{ "ExperimentAutoFillParameters", "ExperimentNotifications", "ExperimentWorkspaceUsage", - "ExperimentWebPush" + "ExperimentWebPush", + "ExperimentOAuth2" ] }, "codersdk.ExternalAuth": { diff --git a/coderd/apidoc/swagger.json b/coderd/apidoc/swagger.json index 39c5b977f5b3b..0cfb7944c7c65 100644 --- a/coderd/apidoc/swagger.json +++ b/coderd/apidoc/swagger.json @@ -11231,12 +11231,14 @@ "auto-fill-parameters", "notifications", "workspace-usage", - "web-push" + "web-push", + "oauth2" ], "x-enum-comments": { "ExperimentAutoFillParameters": "This should not be taken out of experiments until we have redesigned the feature.", "ExperimentExample": "This isn't used for anything.", "ExperimentNotifications": "Sends notifications via SMTP and webhooks following certain events.", + "ExperimentOAuth2": "Enables OAuth2 provider functionality.", "ExperimentWebPush": "Enables web push notifications through the browser.", "ExperimentWorkspaceUsage": "Enables the new workspace usage tracking." }, @@ -11245,7 +11247,8 @@ "ExperimentAutoFillParameters", "ExperimentNotifications", "ExperimentWorkspaceUsage", - "ExperimentWebPush" + "ExperimentWebPush", + "ExperimentOAuth2" ] }, "codersdk.ExternalAuth": { diff --git a/coderd/oauth2.go b/coderd/oauth2.go index e566fc1342837..4f935e1f5b4fc 100644 --- a/coderd/oauth2.go +++ b/coderd/oauth2.go @@ -37,11 +37,11 @@ const ( displaySecretLength = 6 // Length of visible part in UI (last 6 characters) ) -func (*API) oAuth2ProviderMiddleware(next http.Handler) http.Handler { +func (api *API) oAuth2ProviderMiddleware(next http.Handler) http.Handler { return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) { - if !buildinfo.IsDev() { + if !api.Experiments.Enabled(codersdk.ExperimentOAuth2) && !buildinfo.IsDev() { httpapi.Write(r.Context(), rw, http.StatusForbidden, codersdk.Response{ - Message: "OAuth2 provider is under development.", + Message: "OAuth2 provider functionality requires enabling the 'oauth2' experiment.", }) return } diff --git a/codersdk/deployment.go b/codersdk/deployment.go index 229e62eac87b3..1421cd082e8ba 100644 --- a/codersdk/deployment.go +++ b/codersdk/deployment.go @@ -3341,6 +3341,7 @@ const ( ExperimentNotifications Experiment = "notifications" // Sends notifications via SMTP and webhooks following certain events. ExperimentWorkspaceUsage Experiment = "workspace-usage" // Enables the new workspace usage tracking. ExperimentWebPush Experiment = "web-push" // Enables web push notifications through the browser. + ExperimentOAuth2 Experiment = "oauth2" // Enables OAuth2 provider functionality. ) // ExperimentsKnown should include all experiments defined above. @@ -3350,6 +3351,7 @@ var ExperimentsKnown = Experiments{ ExperimentNotifications, ExperimentWorkspaceUsage, ExperimentWebPush, + ExperimentOAuth2, } // ExperimentsSafe should include all experiments that are safe for diff --git a/docs/reference/api/schemas.md b/docs/reference/api/schemas.md index 3611f391d99c1..618a462390166 100644 --- a/docs/reference/api/schemas.md +++ b/docs/reference/api/schemas.md @@ -3039,6 +3039,7 @@ CreateWorkspaceRequest provides options for creating a new workspace. Only one o | `notifications` | | `workspace-usage` | | `web-push` | +| `oauth2` | ## codersdk.ExternalAuth diff --git a/site/src/api/typesGenerated.ts b/site/src/api/typesGenerated.ts index bca8fe2a033d5..05adcd927be0f 100644 --- a/site/src/api/typesGenerated.ts +++ b/site/src/api/typesGenerated.ts @@ -795,6 +795,7 @@ export type Experiment = | "auto-fill-parameters" | "example" | "notifications" + | "oauth2" | "web-push" | "workspace-usage"; @@ -802,6 +803,7 @@ export const Experiments: Experiment[] = [ "auto-fill-parameters", "example", "notifications", + "oauth2", "web-push", "workspace-usage", ]; pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy