Can't Signout -- OAuth as only Auth

[DaedalusG]

• Sourcegraph version:
• Platform information:

Steps to reproduce:

1. Create a Sourcegraph instance and configure OAuth as the only source of login

	"auth.providers": [
		// {
		// 	"type": "builtin",
		// 	"allowSignup": false
		// },
		{
			"type": "github",
			"displayName": "GitHub",
			"clientID": "REDACTED",
			"clientSecret": "REDACTED",
			"allowSignup": false, // Set to true to enable anyone with a GitHub account to sign up without invitation
			"allowOrgs": [ "sourcegraph" ] // Restrict logins to members of these orgs.
		},
          ]

2. Sign out and attempt to sign back in

Expected behavior:

You should be able to signout

Actual behavior:

You'll very briefly be signed out -- but you'll immediately be signed back in

This is because Sourcegraph will automatically attempt to use the only available sign in method id only one sign on option is available. If OAuth is the only available option a OAuth signing will immediately be attempted.

Just noting this is documented in our codebase comments, so its not a bug per say

[github-actions]

Heads up @jplahn @dan-mckean - the "team/repo-management" label was applied to this issue.

[dan-mckean]

@DaedalusG I'm missing something....

Is the problem simply that it's not expected?

[DaedalusG]

@dan-mckean yeah that's exactly it -- not a bug per say although I think it might sometimes cause some problems with our license renewal flow -- I can't find an issue on that but I seem to recall a case where users became unable to sign in to an instance due to this automated boot signing flow

I've noted this in our docs now though

[dan-mckean]

Thanks @DaedalusG .

We're not going to work on this as a support thing - weird though it is.

There are conversations going on about ownership of auth. This isn't exactly strategic work, but it certainly is a UX enhancement that warrants being made! Thanks for flagging it.

[DaedalusG]

Just want to make a further note that in a test instance where this setup was enabled -- I have a test instance running with this configuration as well as some session exipracy settings --

	"authz.enforceForSiteAdmins": true,
	"auth.sessionExpiry": "1h",

After an upgrade some odd login flow issues were observed for some users --

[sourcegraph-bot-2]

Heads up @sourcegraph/iam-and-admin-experience - the "team/iam-admin-experience" label was applied to this issue.