500 Server Error after adding openid connect provider #10382

Closed
opened 2025-11-02 09:05:49 -06:00 by GiteaMirror · 5 comments
Owner

Originally created by @cchartmann on GitHub (Mar 4, 2023).

Description

Instead of an informative error message i get an 500 Server Error.

Log:
.../providers_openid.go:42:CreateGothProvider() [W] [640291c5] Failed to create OpenID Connect Provider with name 'xxx' with url 'openid.xxx': Get "openid.xxx": unsupported protocol scheme ""

I think it would be possible to give this info in the Webinterface

The next 500 Server Error happens if the discovery URL returns HTML content.

Gitea Version

1.18.5

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

No response

Screenshots

No response

Git Version

No response

Operating System

No response

How are you running Gitea?

i use an release from Github on Uberspace
see this Guide for more info:
https://lab.uberspace.de/guide_gitea/

Database

MySQL

Originally created by @cchartmann on GitHub (Mar 4, 2023). ### Description Instead of an informative error message i get an 500 Server Error. Log: .../providers_openid.go:42:CreateGothProvider() [W] [640291c5] Failed to create OpenID Connect Provider with name 'xxx' with url 'openid.xxx': Get "openid.xxx": unsupported protocol scheme "" I think it would be possible to give this info in the Webinterface The next 500 Server Error happens if the discovery URL returns HTML content. ### Gitea Version 1.18.5 ### Can you reproduce the bug on the Gitea demo site? No ### Log Gist _No response_ ### Screenshots _No response_ ### Git Version _No response_ ### Operating System _No response_ ### How are you running Gitea? i use an release from Github on Uberspace see this Guide for more info: https://lab.uberspace.de/guide_gitea/ ### Database MySQL
GiteaMirror added the type/bug label 2025-11-02 09:05:49 -06:00
Author
Owner

@wxiaoguang commented on GitHub (Mar 4, 2023):

Could yuo check your URL in config? Maybe it should be "https://openid.xxx" but not "openid.xxx"

@wxiaoguang commented on GitHub (Mar 4, 2023): Could yuo check your URL in config? Maybe it should be "https://openid.xxx" but not "openid.xxx"
Author
Owner

@cchartmann commented on GitHub (Mar 4, 2023):

yes that is true. and i solved my problem but i would propose to make a more useful message than an 500 Server Error.

@cchartmann commented on GitHub (Mar 4, 2023): yes that is true. and i solved my problem but i would propose to make a more useful message than an 500 Server Error.
Author
Owner

@cchartmann commented on GitHub (Mar 4, 2023):

i think Gitea answers a lot of things with a 500 Server Error instead of an useful error message in cases in which it is possible to make an message, that describes the Problem, gives some useful information and could allow the user to change the input.

@cchartmann commented on GitHub (Mar 4, 2023): i think Gitea answers a lot of things with a 500 Server Error instead of an useful error message in cases in which it is possible to make an message, that describes the Problem, gives some useful information and could allow the user to change the input.
Author
Owner

@wxiaoguang commented on GitHub (Mar 4, 2023):

Agree to improve. There are a lot of 500 errors in Gitea, which is very unfriendly to end users.

It just needs time and manpower to clean them one by one .....

@wxiaoguang commented on GitHub (Mar 4, 2023): Agree to improve. There are a lot of 500 errors in Gitea, which is very unfriendly to end users. It just needs time and manpower to clean them one by one .....
Author
Owner

@ELISHELL commented on GitHub (Mar 10, 2023):

i have a same problem.

I set up an openid provider with keycloack. return {"error":"invalid_grant","error_description":"Code not valid"}

gitea logs:

2023/03/10 12:32:03 ...rs/web/auth/oauth.go:914:SignInOAuthCallback() [E] [640ab2c3] UserSignIn: oauth2: cannot fetch token: 400 Bad Request

Response: {"error":"invalid_grant","error_description":"Code not valid"}

2023/03/10 12:32:03 [640ab2c3] router: completed GET /user/oauth2/sso/callback?state=c5cf88da-769b-417b-a451-901244628e34&session_state=74ca5811-632b-4de3-a59a-0be4b8370212&code=c1af9b2c-657b-4569-9b1f-49e7c6e2d5c0.74ca5811-632b-4de3-a59a-0be4b8370212.f9fe9635-f7bd-408a-900a-0711fd0c5d2f for ...:0, 500 Internal Server Error in 451.5ms @ auth/oauth.go:877(auth.SignInOAuthCallback)

keycloak logs:

12:32:03,582 WARN [org.keycloak.events] (default task-21) type=CODE_TO_TOKEN_ERROR, realmId=xhkj, clientId=gitea_fanle_work, userId=3d4b845d-f6f3-4559-8b64-9f9094ce9712, ipAddress=..., error=not_allowed, grant_type=authorization_code, code_id=74ca5811-632b-4de3-a59a-0be4b8370212, client_auth_method=client-secret

12:32:03,585 WARN [org.keycloak.protocol.oidc.utils.OAuth2CodeParser] (default task-21) Code 'c1af9b2c-657b-4569-9b1f-49e7c6e2d5c0' already used for userSession '74ca5811-632b-4de3-a59a-0be4b8370212' and client 'f9fe9635-f7bd-408a-900a-0711fd0c5d2f'.

12:32:03,586 WARN [org.keycloak.events] (default task-21) type=CODE_TO_TOKEN_ERROR, realmId=xhkj, clientId=gitea_fanle_work, userId=null, ipAddress=..., error=invalid_code, grant_type=authorization_code, code_id=74ca5811-632b-4de3-a59a-0be4b8370212, client_auth_method=client-secret

@ELISHELL commented on GitHub (Mar 10, 2023): i have a same problem. I set up an openid provider with keycloack. return `{"error":"invalid_grant","error_description":"Code not valid"}` gitea logs: > 2023/03/10 12:32:03 ...rs/web/auth/oauth.go:914:SignInOAuthCallback() [E] [640ab2c3] UserSignIn: oauth2: cannot fetch token: 400 Bad Request > Response: {"error":"invalid_grant","error_description":"Code not valid"} > 2023/03/10 12:32:03 [640ab2c3] router: completed GET /user/oauth2/sso/callback?state=c5cf88da-769b-417b-a451-901244628e34&session_state=74ca5811-632b-4de3-a59a-0be4b8370212&code=c1af9b2c-657b-4569-9b1f-49e7c6e2d5c0.74ca5811-632b-4de3-a59a-0be4b8370212.f9fe9635-f7bd-408a-900a-0711fd0c5d2f for **.**.**.**:0, 500 Internal Server Error in 451.5ms @ auth/oauth.go:877(auth.SignInOAuthCallback) keycloak logs: > 12:32:03,582 WARN [org.keycloak.events] (default task-21) type=CODE_TO_TOKEN_ERROR, realmId=xhkj, clientId=gitea_fanle_work, userId=3d4b845d-f6f3-4559-8b64-9f9094ce9712, ipAddress=**.**.**.**, error=not_allowed, grant_type=authorization_code, code_id=74ca5811-632b-4de3-a59a-0be4b8370212, client_auth_method=client-secret > 12:32:03,585 WARN [org.keycloak.protocol.oidc.utils.OAuth2CodeParser] (default task-21) Code 'c1af9b2c-657b-4569-9b1f-49e7c6e2d5c0' already used for userSession '74ca5811-632b-4de3-a59a-0be4b8370212' and client 'f9fe9635-f7bd-408a-900a-0711fd0c5d2f'. > 12:32:03,586 WARN [org.keycloak.events] (default task-21) type=CODE_TO_TOKEN_ERROR, realmId=xhkj, clientId=gitea_fanle_work, userId=null, ipAddress=**.**.**.**, error=invalid_code, grant_type=authorization_code, code_id=74ca5811-632b-4de3-a59a-0be4b8370212, client_auth_method=client-secret
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/gitea#10382