Stable OAuth provider order and more resilient cookie overriding.

crates/core/src/auth/oauth/providers/mod.rs

@@ -12,12 +12,11 @@ mod yandex;
 #[cfg(test)]
 pub(crate) mod test;
 
-use std::collections::hash_map::HashMap;
 use std::sync::LazyLock;
 use thiserror::Error;
 
 use crate::auth::oauth::OAuthProvider;
-use crate::config::proto::{AuthConfig, OAuthProviderConfig, OAuthProviderId};
+use crate::config::proto::{OAuthProviderConfig, OAuthProviderId};
 
 #[derive(Debug, Error)]
 pub enum OAuthProviderError {
@@ -59,26 +58,3 @@ pub(crate) fn oauth_providers_static_registry() -> &'static [OAuthProviderFactor
 
   return REGISTRY.as_slice();
 }
-
-pub(crate) fn build_oauth_providers_from_config(
-  config: AuthConfig,
-) -> Result<HashMap<String, OAuthProviderType>, OAuthProviderError> {
-  return config
-    .oauth_providers
-    .iter()
-    .map(|(key, config)| {
-      let entry = oauth_providers_static_registry()
-        .iter()
-        .find(|registered| config.provider_id == Some(registered.id as i32));
-
-      let Some(entry) = entry else {
-        return Err(OAuthProviderError::Missing(format!(
-          "Missing implementation for oauth provider: {key}"
-        )));
-      };
-
-      let provider = (entry.factory)(key, config)?;
-      return Ok((provider.name().to_string(), provider));
-    })
-    .collect();
-}

crates/core/src/auth/options.rs

@@ -1,14 +1,17 @@
+use indexmap::IndexMap;
+use itertools::Itertools;
 use log::*;
-use std::collections::HashMap;
 
-use crate::auth::oauth::providers::{OAuthProviderType, build_oauth_providers_from_config};
+use crate::auth::oauth::providers::{
+  OAuthProviderError, OAuthProviderType, oauth_providers_static_registry,
+};
 use crate::auth::password::PasswordOptions;
 use crate::config::proto::AuthConfig;
 
 #[derive(Default)]
 pub struct AuthOptions {
   password_options: PasswordOptions,
-  oauth_providers: HashMap<String, OAuthProviderType>,
+  oauth_providers: IndexMap<String, OAuthProviderType>,
 }
 
 #[derive(Default)]
@@ -61,3 +64,33 @@ impl AuthOptions {
       .collect();
   }
 }
+
+fn build_oauth_providers_from_config(
+  config: AuthConfig,
+) -> Result<IndexMap<String, OAuthProviderType>, OAuthProviderError> {
+  let providers = config
+    .oauth_providers
+    .iter()
+    .map(|(key, config)| {
+      let entry = oauth_providers_static_registry()
+        .iter()
+        .find(|registered| config.provider_id == Some(registered.id as i32));
+
+      let Some(entry) = entry else {
+        return Err(OAuthProviderError::Missing(format!(
+          "Missing implementation for oauth provider: {key}"
+        )));
+      };
+
+      let provider = (entry.factory)(key, config)?;
+      return Ok(provider);
+    })
+    .collect::<Result<Vec<_>, _>>()?;
+
+  return Ok(IndexMap::from_iter(
+    providers
+      .into_iter()
+      .sorted_by(|a, b| Ord::cmp(a.name(), b.name()))
+      .map(|p| (p.name().to_string(), p)),
+  ));
+}

crates/core/src/auth/util.rs

@@ -209,7 +209,13 @@ pub(crate) fn new_cookie_opts(
 /// thus override them.
 pub(crate) fn remove_cookie(cookies: &Cookies, key: &'static str) {
   if cookies.get(key).is_some() {
-    cookies.add(new_cookie(key, "".to_string(), Duration::seconds(1), false));
+    cookies.add(new_cookie_opts(
+      key,
+      "".to_string(),
+      Duration::seconds(1),
+      /* tls_only= */ false,
+      /* same_site= */ false,
+    ));
   }
 }