Skip to content

Add GitHub and GitLab SSO support #73

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
initstring merged 2 commits into from
Jan 17, 2026
Merged

Add GitHub and GitLab SSO support #73

initstring merged 2 commits into from
Jan 17, 2026
+56 −6

Conversation

@initstring
Copy link
Owner

@initstring initstring commented Jan 17, 2026

Motivation

  • Expand available SSO options so deployments can use GitHub or GitLab in addition to the existing Google/Keycloak/Okta providers.
  • Ensure environment schema, runtime bindings, sign-in UI, and docs are consistent with existing Auth.js/NextAuth patterns in the codebase.
  • Provide clear, generic guidance in the installation docs about configuring provider callback/redirect settings.

Description

  • Register GitHub and GitLab providers with Auth.js and enable conditional provider registration when corresponding env vars are present in src/server/auth/config.ts.
  • Add GITHUB_* and GITLAB_* env entries to the validated server env schema and runtime bindings in src/env.ts.
  • Expose GitHub/GitLab toggles and buttons in the sign-in flow by updating src/app/(public-routes)/auth/signin/page.tsx and src/features/shared/auth/sign-in-page.tsx.
  • Update example env files (.env.example-dev and deploy/docker/.env.example-prod) with commented GitHub/GitLab variables and update docs/installation.md to list the new providers and provide generic SSO configuration guidance.

Testing

  • Ran npm run check (ESLint + tsc --project tsconfig.check.json) which completed successfully.
  • Ran npm run test (Vitest) which failed due to a PrismaClientInitializationError because the test runner could not reach a PostgreSQL instance at localhost:5432.

Codex Task

@initstring
Copy link
Owner Author

initstring commented Jan 17, 2026

@codex review

chatgpt-codex-connector[bot]
chatgpt-codex-connector bot reviewed Jan 17, 2026
View reviewed changes
Copy link

@chatgpt-codex-connector chatgpt-codex-connector bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 608dbdae70

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

src/server/auth/config.ts
Comment on lines 221 to 225
GitLabProvider({
clientId: process.env.GITLAB_CLIENT_ID,
clientSecret: process.env.GITLAB_CLIENT_SECRET,
issuer: process.env.GITLAB_ISSUER,
allowDangerousEmailAccountLinking: true,
Copy link

@chatgpt-codex-connector chatgpt-codex-connector bot Jan 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Use GitLab baseUrl instead of issuer

The GitLab provider does not read an issuer option; it expects baseUrl (see node_modules/@auth/core/providers/gitlab.js, where baseUrl defaults to https://gitlab.com and is used to build all OAuth URLs). Passing issuer here is ignored, so any self-managed GitLab deployment that sets GITLAB_ISSUER will still try to authenticate against gitlab.com and fail. This only shows up when someone uses GitLab self-managed, but it will block SSO entirely in that environment.

Useful? React with 👍 / 👎.

Copy link
Owner Author

@initstring initstring Jan 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@codex - review again. Remove unnecessary variable and will default to gitlab.com.

Copy link

@chatgpt-codex-connector chatgpt-codex-connector bot Jan 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Codex Review: Didn't find any major issues. Nice work!

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

@initstring initstring merged commit 0efb17f into main Jan 17, 2026
5 checks passed
@initstring initstring deleted the codex/add-github-and-gitlab-sso-providers branch January 17, 2026 09:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

Assignees

No one assigned

Labels

codex

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@initstring