Skip to content

[Oauth]Add PKCE option for github(GF_AUTH_GITHUB_USE_PKCE) #111436

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

[Oauth]Add PKCE option for github(GF_AUTH_GITHUB_USE_PKCE) #111436

wants to merge 2 commits into from
+2 −0

Conversation

@arukiidou
Copy link
Contributor

@arukiidou arukiidou commented Sep 21, 2025
edited
Loading

What is this feature?

GitHub OAuth environment option for GitHub OAuth can override defaults using GF_AUTH_GITHUB_USE_PKCE.

Why do we need this feature?

https://github.blog/changelog/2025-07-14-pkce-support-for-oauth-and-github-app-authentication/

Who is this feature for?

Users for using Github Oauth

Which issue(s) does this PR fix?:

Special notes for your reviewer:

To prevent something from breaking for users, we will still keep the default as false.
However, in v13, we should use PKCE by default.

Please check that:

  • It works as expected from a user's perspective.
  • If this is a pre-GA feature, it is behind a feature toggle.
  • The docs are updated, and if this is a notable improvement, it's added to our What's New doc.

@arukiidou
Add PKCE option for github
42e9400 
Signed-off-by: junya koyama <arukiidou@yahoo.co.jp>
@arukiidou
Fix EOF
4e06804 
Signed-off-by: junya koyama <arukiidou@yahoo.co.jp>
@arukiidou arukiidou requested a review from torkelo as a code owner September 21, 2025 16:07
@github-actions github-actions bot added this to the 12.3.x milestone Sep 21, 2025
@arukiidou arukiidou changed the title Chore/add GitHub pkce [Oauth]Add PKCE option for github(GF_AUTH_GITHUB_USE_PKCE) Sep 21, 2025
anglerfishlyy
anglerfishlyy reviewed Oct 8, 2025
View reviewed changes
Copy link

@anglerfishlyy anglerfishlyy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the contribution @arukiidou!
Adding the PKCE option for GitHub OAuth makes sense, especially keeping the default as false for now to avoid breaking anything.
The defaults update and sample.ini changes look straightforward and user-friendly.
From a user perspective, everything seems good. 👍

@colin-stuart colin-stuart requested review from a team, cinaglia and dmihai and removed request for a team October 14, 2025 14:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@torkelo torkelo Awaiting requested review from torkelo torkelo is a code owner

@cinaglia cinaglia Awaiting requested review from cinaglia cinaglia was automatically assigned from grafana/identity-squad

@dmihai dmihai Awaiting requested review from dmihai dmihai was automatically assigned from grafana/identity-squad

1 more reviewer

@anglerfishlyy anglerfishlyy anglerfishlyy left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

12.3.x

Development

Successfully merging this pull request may close these issues.

[Oauth]Add PKCE option for github(GF_AUTH_GITHUB_USE_PKCE)

2 participants

@arukiidou @anglerfishlyy