From d7ba6c0ae3256774b9bfb0e139e46c290c26da36 Mon Sep 17 00:00:00 2001
From: Hugo Dutka <hugo@coder.com>
Date: Thu, 20 Mar 2025 12:47:29 +0000
Subject: [PATCH] fix IsGithubDotComURL check

---
 coderd/userauth.go | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/coderd/userauth.go b/coderd/userauth.go
index 3c1481b1f9039..63f54f6d157ff 100644
--- a/coderd/userauth.go
+++ b/coderd/userauth.go
@@ -1096,7 +1096,10 @@ func (api *API) userOAuth2Github(rw http.ResponseWriter, r *http.Request) {
 	}
 	// If the user is logging in with github.com we update their associated
 	// GitHub user ID to the new one.
-	if externalauth.IsGithubDotComURL(api.GithubOAuth2Config.AuthCodeURL("")) && user.GithubComUserID.Int64 != ghUser.GetID() {
+	// We use AuthCodeURL from the OAuth2Config field instead of the one on
+	// GithubOAuth2Config because when device flow is configured, AuthCodeURL
+	// is overridden and returns a value that doesn't pass the URL check.
+	if externalauth.IsGithubDotComURL(api.GithubOAuth2Config.OAuth2Config.AuthCodeURL("")) && user.GithubComUserID.Int64 != ghUser.GetID() {
 		err = api.Database.UpdateUserGithubComUserID(ctx, database.UpdateUserGithubComUserIDParams{
 			ID: user.ID,
 			GithubComUserID: sql.NullInt64{