-
-
Notifications
You must be signed in to change notification settings - Fork 5.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OAuth2 provider "userinfo" support #8534
Comments
I've been trying to set up vouch-proxy https://github.com/vouch/vouch-proxy/ to use Gitea as an OAuth2 provider ant it also seems to require the "userinfo" endpoint. |
The same problem with Wekan, it also requires the "userinfo" endpoint. |
In fact we have one https://gitea.com/api/swagger#/user/userGetCurrent , but It may not satisfied the standard. |
Expected request/response:
|
sub = ?!? |
|
This issue has been automatically marked as stale because it has not had recent activity. I am here to help clear issues left open even if solved or waiting for more insight. This issue will be closed if no further activity occurs during the next 2 weeks. If the issue is still valid just add a comment to keep it alive. Thank you for your contributions. |
Keep it open. |
@lafriks what's the status about this issue and referenced PRs? I was trying to integrate Gitea with Concourse CI but it seems that still the missing |
I confirm this would be very useful to use in combination with Jupyterhub. |
Another instance where this would be useful is with setting up Grafana to use Gitea with OAuth, which also expects an OpenID-compatible 'UserInfo' endpoint. |
would a bounty help to get this moving ? |
@mcansky bounty's do help, even smal one show that this is valued ... |
ok, I will organise one through https://www.bountysource.com/issues/82089047-oauth2-provider-userinfo-support ? I will check how exactly that works on the accounting side; |
It's all free spare time (If one is left 🙃) |
ok, let's do this :D there is now a $100 bounty on this feature; my main interest is to get OAuth2 provider features complete so that other tools can fully use Gitea as OAuth2 provider such as ConcourseCI as this is a blocking point for my company to get the pair to match as part of Git Hosting + CI/CD offerings. |
I added the userinfo endpoint in the PR. It isn't tested, but as long as Do you have the ability to test the PR (build with |
all right, let's see how the PR goes, and in the meantime I will get something ready to test; thanks a lot for your prompt action ! |
I've needed a correct working userinfo endpoint to secure a location at my webspace with the openid authorization from gitea. So I developed a working and complete solution which checks against the valid token. I pushed it today and created a pull request. Should fix this issue. |
* Implemented userinfo #8534 * Make lint happy * Add userinfo endpoint to openid-configuration * Give an error when uid equals 0 * Implemented BearerTokenErrorCode handling * instead of ctx.error use ctx.json so that clients parse error and error_description correctly * Removed unneeded if statement * Use switch instead of subsequent if statements Have a default for unknown errorcodes. Co-authored-by: Nils Hillmann <[email protected]> Co-authored-by: nlhsoftware <[email protected]>
Closing as both linked PRs are now merged. @NLH-Software if you are bountyhub you can claim the bounty. |
thank you all !! |
Thank you, your effort on this is much appreciated!
… On 4 May 2021, at 19:02, N. L. H. ***@***.***> wrote:
I've needed a correct working userinfo endpoint to secure a location at my webspace with the openid authorization from gitea. So I developed a working and complete solution which checks against the valid token. I pushed it today and created a pull request.
For testing, just checkout the version from my source branch, build it (tested on arm64 and amd64) and use it on your environment.
Maybe I will add the usage of the scope later. (so an admin can select which field he requests from gitea)
Should fix this issue.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or unsubscribe.
|
Thx @NLH-Software 🙏 I'll give it a try ASAP for my use case (see: #8534 (comment)). |
If you have problems, let me know and we can find out, which configuration is needed. |
I tested out adding gitea as Oauth provider for a concourse ci setup with docker; I followed https://docs.gitea.io/en-us/oauth2-provider/ and https://concourse-ci.org/generic-oauth.html Unfortunately I am still getting an error : I used a freshly built docker image (mcansky/gitea:latest) locally. Happy to do a debug session one of these days if it can help figure out something. |
Can you try https://concourse-ci.org/generic-oidc-auth.html for setup? Probably this should work. Implemented is the userinfo like in the comment from november 19 and described at https://openid.net/specs/openid-connect-core-1_0.html#UserInfo mentioned by lunny. I tested it successfully with grafana and mod_auth_openidc for apache, so I think you must use the oidc authentication variant. |
* Implemented userinfo go-gitea#8534 * Make lint happy * Add userinfo endpoint to openid-configuration * Give an error when uid equals 0 * Implemented BearerTokenErrorCode handling * instead of ctx.error use ctx.json so that clients parse error and error_description correctly * Removed unneeded if statement * Use switch instead of subsequent if statements Have a default for unknown errorcodes. Co-authored-by: Nils Hillmann <[email protected]> Co-authored-by: nlhsoftware <[email protected]>
Gitea has an OAuth2 provider that can be used to connect applications. ConcourseCI requires that Gitea has a "userinfo" endpoint though, which it currently does not provide. userinfo seems to be fairly simple (https://connect2id.com/products/server/docs/api/userinfo) and part of openid connect (there is a separate issue from someone else to provide that)/
The text was updated successfully, but these errors were encountered: