element-hq · sandhose · Mar 12, 2025 · Mar 12, 2025 · Mar 12, 2025 · Mar 12, 2025
diff --git a/crates/cli/src/sync.rs b/crates/cli/src/sync.rs
@@ -165,11 +165,14 @@ pub async fn config_sync(
             }
         }
 
-        for provider in upstream_oauth2_config.providers {
+        for (index, provider) in upstream_oauth2_config.providers.into_iter().enumerate() {
             if !provider.enabled {
                 continue;
             }
 
+            // Use the position in the config of the provider as position in the UI
+            let ui_order = index.try_into().unwrap_or(i32::MAX);
+
             let _span = info_span!("provider", %provider.id).entered();
             if existing_enabled_ids.contains(&provider.id) {
                 info!("Updating provider");
@@ -293,6 +296,7 @@ pub async fn config_sync(
                             .additional_authorization_parameters
                             .into_iter()
                             .collect(),
+                        ui_order,
                     },
                 )
                 .await?;

diff --git a/crates/handlers/src/admin/v1/upstream_oauth_links/mod.rs b/crates/handlers/src/admin/v1/upstream_oauth_links/mod.rs
@@ -43,6 +43,7 @@ mod test_utils {
             userinfo_endpoint_override: None,
             jwks_uri_override: None,
             additional_authorization_parameters: Vec::new(),
+            ui_order: 0,
         }
     }
 }
diff --git a/crates/handlers/src/upstream_oauth2/link.rs b/crates/handlers/src/upstream_oauth2/link.rs
@@ -949,6 +949,7 @@ mod tests {
                     pkce_mode: mas_data_model::UpstreamOAuthProviderPkceMode::Auto,
                     response_mode: None,
                     additional_authorization_parameters: Vec::new(),
+                    ui_order: 0,
                 },
             )
             .await

diff --git a/crates/handlers/src/views/login.rs b/crates/handlers/src/views/login.rs
@@ -436,6 +436,7 @@ mod test {
                     pkce_mode: mas_data_model::UpstreamOAuthProviderPkceMode::Auto,
                     response_mode: None,
                     additional_authorization_parameters: Vec::new(),
+                    ui_order: 0,
                 },
             )
             .await
@@ -476,6 +477,7 @@ mod test {
                     pkce_mode: mas_data_model::UpstreamOAuthProviderPkceMode::Auto,
                     response_mode: None,
                     additional_authorization_parameters: Vec::new(),
+                    ui_order: 1,
                 },
             )
             .await

diff --git a/...rage-pg/.sqlx/query-72de26d5e3c56f4b0658685a95b45b647bb6637e55b662a5a548aa3308c62a8a.json b/...rage-pg/.sqlx/query-72de26d5e3c56f4b0658685a95b45b647bb6637e55b662a5a548aa3308c62a8a.json
diff --git a/...rage-pg/.sqlx/query-99f2a0b53e08d23408dc2837d32d734c8a0e706662e72f3b2585b0c38f42c063.json b/...rage-pg/.sqlx/query-99f2a0b53e08d23408dc2837d32d734c8a0e706662e72f3b2585b0c38f42c063.json
diff --git a/...be94dc893df9107e982583aa954b5067dfd1.json → ...90aeae4a20329045ab23639181a0d0903178.json b/...be94dc893df9107e982583aa954b5067dfd1.json → ...90aeae4a20329045ab23639181a0d0903178.json
diff --git a/crates/storage-pg/migrations/20250312094013_upstream_oauth2_providers_order.sql b/crates/storage-pg/migrations/20250312094013_upstream_oauth2_providers_order.sql
@@ -0,0 +1,9 @@
+-- Copyright 2025 New Vector Ltd.
+--
+-- SPDX-License-Identifier: AGPL-3.0-only
+-- Please see LICENSE in the repository root for full details.
+
+-- Adds a column to track the 'UI order' of the upstream OAuth2 providers, so
+-- that they can be consistently displayed in the UI
+ALTER TABLE upstream_oauth_providers
+  ADD COLUMN ui_order INTEGER NOT NULL DEFAULT 0;
diff --git a/crates/storage-pg/src/upstream_oauth2/mod.rs b/crates/storage-pg/src/upstream_oauth2/mod.rs
@@ -76,6 +76,7 @@ mod tests {
                     pkce_mode: mas_data_model::UpstreamOAuthProviderPkceMode::Auto,
                     response_mode: None,
                     additional_authorization_parameters: Vec::new(),
+                    ui_order: 0,
                 },
             )
             .await
@@ -322,6 +323,7 @@ mod tests {
                         pkce_mode: mas_data_model::UpstreamOAuthProviderPkceMode::Auto,
                         response_mode: None,
                         additional_authorization_parameters: Vec::new(),
+                        ui_order: 0,
                     },
                 )
                 .await

diff --git a/crates/storage-pg/src/upstream_oauth2/provider.rs b/crates/storage-pg/src/upstream_oauth2/provider.rs
@@ -517,9 +517,11 @@ impl UpstreamOAuthProviderRepository for PgUpstreamOAuthProviderRepository<'_> {
                     pkce_mode,
                     response_mode,
                     additional_parameters,
+                    ui_order,
                     created_at
                 ) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11,
-                          $12, $13, $14, $15, $16, $17, $18, $19, $20, $21, $22)
+                          $12, $13, $14, $15, $16, $17, $18, $19, $20,
+                          $21, $22, $23)
                 ON CONFLICT (upstream_oauth_provider_id)
                     DO UPDATE
                     SET
@@ -543,7 +545,8 @@ impl UpstreamOAuthProviderRepository for PgUpstreamOAuthProviderRepository<'_> {
                         discovery_mode = EXCLUDED.discovery_mode,
                         pkce_mode = EXCLUDED.pkce_mode,
                         response_mode = EXCLUDED.response_mode,
-                        additional_parameters = EXCLUDED.additional_parameters
+                        additional_parameters = EXCLUDED.additional_parameters,
+                        ui_order = EXCLUDED.ui_order
                 RETURNING created_at
             "#,
             Uuid::from(id),
@@ -582,6 +585,7 @@ impl UpstreamOAuthProviderRepository for PgUpstreamOAuthProviderRepository<'_> {
             params.pkce_mode.as_str(),
             params.response_mode.as_ref().map(ToString::to_string),
             Json(&params.additional_authorization_parameters) as _,
+            params.ui_order,
             created_at,
         )
         .traced()
@@ -917,6 +921,7 @@ impl UpstreamOAuthProviderRepository for PgUpstreamOAuthProviderRepository<'_> {
                     additional_parameters as "additional_parameters: Json<Vec<(String, String)>>"
                 FROM upstream_oauth_providers
                 WHERE disabled_at IS NULL
+                ORDER BY ui_order ASC, upstream_oauth_provider_id ASC
             "#,
         )
         .traced()

diff --git a/crates/storage/src/upstream_oauth2/provider.rs b/crates/storage/src/upstream_oauth2/provider.rs
@@ -95,6 +95,9 @@ pub struct UpstreamOAuthProviderParams {
 
     /// Additional parameters to include in the authorization request
     pub additional_authorization_parameters: Vec<(String, String)>,
+
+    /// The position of the provider in the UI
+    pub ui_order: i32,
 }
 
 /// Filter parameters for listing upstream OAuth 2.0 providers

diff --git a/...s_writer/snapshots/syn2mas__mas_writer__test__write_user_with_upstream_provider_link.snap b/...s_writer/snapshots/syn2mas__mas_writer__test__write_user_with_upstream_provider_link.snap
@@ -30,6 +30,7 @@ upstream_oauth_providers:
     token_endpoint_auth_method: client_secret_basic
     token_endpoint_override: ~
     token_endpoint_signing_alg: ~
+    ui_order: "0"
     upstream_oauth_provider_id: 00000000-0000-0000-0000-000000000004
     userinfo_endpoint_override: ~
     userinfo_signed_response_alg: ~