Configurable oauth.authurl field for compatibility with GHES 3.18+

[paradisfm]

We have been deploying policybot in a FedRAMP environment, and the last hitch is that there is an OAuth issue while connecting to the UI for a specific PR's policies from a PR.
Our analysis shows that PB is sending requests to the public cloud endpoint path /login/oauth/authorize instead of the GHES specific path, /login/oauth/authorize_app

We are running a newer GHES (3.18.7) which strictly enforces endpoint isolation as opposed to earlier versions which tolerated legacy pathing.

Can this field be made configurable in some capacity to account for this?

[bluekeyes]

Sorry to hear you're having trouble with Policy Bot authentication. We run Policy Bot (as well as many other applications built using this library) against multiple GitHub Enterprise Server instances (including in a FedRAMP environment) and haven't seen this issue. We're currently running 3.19.7.

Do you have any documentation from GitHub covering the authorize_app endpoint? The docs I could find for GHES 3.18.7 reference the /login/oauth/authorize endpoint. We can make this configurable if it's necessary, but it would help to see something from GitHub about the /authorize path being a legacy feature. If /authorize_app is the new preferred path, ideally we would switch to that if it's supported on github.com and all currently-supported GHES version.