github provider: allow multiple teams

README.md

@@ -94,7 +94,7 @@ The Azure AD auth provider uses `openid` as it default scope. It uses `https://g
 The GitHub auth provider supports two additional parameters to restrict authentication to Organization or Team level access. Restricting by org and team is normally accompanied with `--email-domain=*`
 
     -github-org="": restrict logins to members of this organisation
-    -github-team="": restrict logins to members of this team
+    -github-team="": restrict logins to members of any of these teams, separated by a comma
 
 If you are using github enterprise, make sure you set the following to the appropriate url:
 

providers/github.go

@@ -3,6 +3,7 @@ package providers
 import (
 	"encoding/json"
 	"fmt"
+	"strings"
 	"io/ioutil"
 	"log"
 	"net/http"
@@ -141,9 +142,12 @@ func (p *GitHubProvider) hasOrgAndTeam(accessToken string) (bool, error) {
 		presentOrgs[team.Org.Login] = true
 		if p.Org == team.Org.Login {
 			hasOrg = true
-			if p.Team == team.Slug {
-				log.Printf("Found Github Organization:%q Team:%q (Name:%q)", team.Org.Login, team.Slug, team.Name)
-				return true, nil
+			ts := strings.Split(p.Team, ",")
+			for _, t := range ts {
+				if t == team.Slug {
+					log.Printf("Found Github Organization:%q Team:%q (Name:%q)", team.Org.Login, team.Slug, team.Name)
+					return true, nil
+				}
 			}
 			presentTeams = append(presentTeams, team.Slug)
 		}