github: allow OAuth params to be overridden at runtime

Allow the OAuth client ID, secret, and redirect URI to be overridden at runtime using environment variables or config.
git-ecosystem · Apr 24, 2020 · a865730 · a865730
1 parent 7efe852
commit a865730
Show file tree

Hide file tree

Showing 3 changed files with 56 additions and 7 deletions.
diff --git a/src/shared/GitHub/GitHubAuthentication.cs b/src/shared/GitHub/GitHubAuthentication.cs
@@ -188,7 +188,7 @@ public async Task<OAuth2TokenResult> GetOAuthTokenAsync(Uri targetUri, IEnumerab
         {
             ThrowIfUserInteractionDisabled();
 
-            var oauthClient = new GitHubOAuth2Client(HttpClient, targetUri);
+            var oauthClient = new GitHubOAuth2Client(HttpClient, Context.Settings, targetUri);
 
             // If we have a desktop session try authentication using the user's default web browser
             if (Context.IsDesktopSession)

diff --git a/src/shared/GitHub/GitHubConstants.cs b/src/shared/GitHub/GitHubConstants.cs
@@ -11,6 +11,10 @@ public static class GitHubConstants
 
         public const string AuthHelperName = "GitHub.UI";
 
+        public const string OAuthClientId = "0120e057bd645470c1ed";
+        public const string OAuthClientSecret = "18867509d956965542b521a529a79bb883344c90";
+        public static readonly Uri OAuthRedirectUri = new Uri("http://localhost/");
+
         /// <summary>
         /// The GitHub required HTTP accepts header value
         /// </summary>
@@ -51,13 +55,19 @@ public static class OAuthScopes
         public static class EnvironmentVariables
         {
             public const string AuthenticationModes = "GCM_GITHUB_AUTHMODES";
+            public const string OAuthClientId = "GCM_GITHUB_CLIENTID";
+            public const string OAuthClientSecret = "GCM_GITHUB_CLIENTSECRET";
+            public const string OAuthRedirectUri = "GCM_GITHUB_REDIRECTURI";
         }
 
         public static class GitConfiguration
         {
             public static class Credential
             {
                 public const string AuthModes = "gitHubAuthModes";
+                public const string OAuthClientId = "gitHubClientId";
+                public const string OAuthClientSecret = "gitHubClientSecret";
+                public const string OAuthRedirectUri = "gitHubRedirectUri";
             }
         }
     }

diff --git a/src/shared/GitHub/GitHubOAuth2Client.cs b/src/shared/GitHub/GitHubOAuth2Client.cs
@@ -1,17 +1,17 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT license.
 using System;
 using System.Net.Http;
+using Microsoft.Git.CredentialManager;
 using Microsoft.Git.CredentialManager.Authentication.OAuth;
 
 namespace GitHub
 {
     public class GitHubOAuth2Client : OAuth2Client
     {
-        private static readonly string ClientId = "0120e057bd645470c1ed";
-        private static readonly string ClientSecret = "18867509d956965542b521a529a79bb883344c90";
-        private static readonly Uri RedirectUri = new Uri("http://localhost/");
-
-        public GitHubOAuth2Client(HttpClient httpClient, Uri baseUri)
-            : base(httpClient, CreateEndpoints(baseUri), ClientId, RedirectUri, ClientSecret) { }
+        public GitHubOAuth2Client(HttpClient httpClient, ISettings settings, Uri baseUri)
+            : base(httpClient, CreateEndpoints(baseUri),
+                GetClientId(settings), GetRedirectUri(settings), GetClientSecret(settings)) { }
 
         private static OAuth2ServerEndpoints CreateEndpoints(Uri baseUri)
         {
@@ -29,5 +29,44 @@ private static OAuth2ServerEndpoints CreateEndpoints(Uri baseUri)
                 DeviceAuthorizationEndpoint = deviceAuthEndpoint
             };
         }
+
+        private static string GetClientId(ISettings settings)
+        {
+            if (settings.TryGetSetting(
+                GitHubConstants.EnvironmentVariables.OAuthClientId,
+                Constants.GitConfiguration.Credential.SectionName, GitHubConstants.GitConfiguration.Credential.OAuthClientId,
+                out string clientId))
+            {
+                return clientId;
+            }
+
+            return GitHubConstants.OAuthClientId;
+        }
+
+        private static Uri GetRedirectUri(ISettings settings)
+        {
+            if (settings.TryGetSetting(
+                GitHubConstants.EnvironmentVariables.OAuthRedirectUri,
+                Constants.GitConfiguration.Credential.SectionName, GitHubConstants.GitConfiguration.Credential.OAuthRedirectUri,
+                out string redirectUriStr) && Uri.TryCreate(redirectUriStr, UriKind.Absolute, out Uri redirectUri))
+            {
+                return redirectUri;
+            }
+
+            return GitHubConstants.OAuthRedirectUri;
+        }
+
+        private static string GetClientSecret(ISettings settings)
+        {
+            if (settings.TryGetSetting(
+                GitHubConstants.EnvironmentVariables.OAuthClientSecret,
+                Constants.GitConfiguration.Credential.SectionName, GitHubConstants.GitConfiguration.Credential.OAuthClientSecret,
+                out string clientSecret))
+            {
+                return clientSecret;
+            }
+
+            return GitHubConstants.OAuthClientSecret;
+        }
     }
 }