Skip to content

feat: use OS port selection for OAuth server #1146

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

feat: use OS port selection for OAuth server #1146

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
b3e38a5
feat: use OS port selection for OAuth server
saikumarvasa100-hash Nov 13, 2025
baacc4a
fix: move server_port assignment inside try block
saikumarvasa100-hash Nov 14, 2025
9b6eded
docs: add changelog fragment for OAuth port fix
saikumarvasa100-hash Nov 14, 2025
86bd0c1
fix: remove blank line to fix black formatting
saikumarvasa100-hash Nov 21, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions changelog.d/20241114_oauth_port_fix.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
### Fixed

- Fixed OAuth server initialization that caused AttributeError when OS could not allocate a port. The server_port is now accessed only after successful HTTPServer creation.
28 changes: 9 additions & 19 deletions ggshield/verticals/auth/oauth.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,11 +28,6 @@
CLIENT_ID = "ggshield_oauth"
SCAN_SCOPE = "scan"

# potential port range to be used to run local server
# to handle authorization code callback
# this is the largest band of not commonly occupied ports
# https://stackoverflow.com/questions/10476987/best-tcp-port-number-range-for-internal-applications
USABLE_PORT_RANGE = (29170, 29998)

logger = logging.getLogger(__name__)

Expand Down Expand Up @@ -71,7 +66,7 @@ def __init__(self, config: Config, instance: str) -> None:
self._access_token: Optional[str] = None
# If the PAT expiration date has been enforced to respect the workspace policy
self._expire_at_downsized: bool = False
self._port = USABLE_PORT_RANGE[0]
self._port = 0
self.server: Optional[HTTPServer] = None

self._generate_pkce_pair()
Expand Down Expand Up @@ -163,19 +158,14 @@ def _redirect_to_login(self) -> None:
webbrowser.open_new_tab(request_uri)

def _prepare_server(self) -> None:
for port in range(*USABLE_PORT_RANGE):
try:
self.server = HTTPServer(
# only consider requests from localhost on the predetermined port
("127.0.0.1", port),
functools.partial(RequestHandler, self),
)
self._port = port
break
except OSError:
continue
else:
raise UnexpectedError("Could not find unoccupied port.")
try:
self.server = HTTPServer(
("127.0.0.1", 0), # Let OS choose an available port
functools.partial(RequestHandler, self),
)
self._port = self.server.server_port # Get the assigned port

raise UnexpectedError(f"Could not create local server: {e}")

def _wait_for_callback(self) -> None:
"""
Expand Down