mirror of
https://github.com/go-gitea/gitea.git
synced 2026-07-16 04:42:51 -05:00
Integrate an OAuth2 provider #14
Closed
opened 2025-11-02 03:03:33 -06:00 by GiteaMirror
·
44 comments
No Branch/Tag Specified
main
release/v1.25
release/v1.24
release/v1.23
release/v1.22
release/v1.21
release/v1.20
release/v1.19
release/v1.18
release/v1.17
release/v1.16
release/v1.15
release/v1.14
release/v1.13
release/v1.12
release/v1.11
release/v1.10
release/v1.9
release/v1.8
v1.25.3
v1.25.2
v1.25.1
v1.25.0
v1.24.7
v1.25.0-rc0
v1.26.0-dev
v1.24.6
v1.24.5
v1.24.4
v1.24.3
v1.24.2
v1.24.1
v1.24.0
v1.23.8
v1.24.0-rc0
v1.25.0-dev
v1.23.7
v1.23.6
v1.23.5
v1.23.4
v1.23.3
v1.23.2
v1.23.1
v1.23.0
v1.23.0-rc0
v1.24.0-dev
v1.22.6
v1.22.5
v1.22.4
v1.22.3
v1.22.2
v1.22.1
v1.22.0
v1.23.0-dev
v1.22.0-rc1
v1.21.11
v1.22.0-rc0
v1.21.10
v1.21.9
v1.21.8
v1.21.7
v1.21.6
v1.21.5
v1.21.4
v1.21.3
v1.21.2
v1.20.6
v1.21.1
v1.21.0
v1.21.0-rc2
v1.21.0-rc1
v1.20.5
v1.22.0-dev
v1.21.0-rc0
v1.20.4
v1.20.3
v1.20.2
v1.20.1
v1.20.0
v1.19.4
v1.21.0-dev
v1.20.0-rc2
v1.20.0-rc1
v1.20.0-rc0
v1.19.3
v1.19.2
v1.19.1
v1.19.0
v1.19.0-rc1
v1.20.0-dev
v1.19.0-rc0
v1.18.5
v1.18.4
v1.18.3
v1.18.2
v1.18.1
v1.18.0
v1.17.4
v1.18.0-rc1
v1.19.0-dev
v1.18.0-rc0
v1.17.3
v1.17.2
v1.17.1
v1.17.0
v1.17.0-rc2
v1.16.9
v1.17.0-rc1
v1.18.0-dev
v1.16.8
v1.16.7
v1.16.6
v1.16.5
v1.16.4
v1.16.3
v1.16.2
v1.16.1
v1.16.0
v1.15.11
v1.17.0-dev
v1.16.0-rc1
v1.15.10
v1.15.9
v1.15.8
v1.15.7
v1.15.6
v1.15.5
v1.15.4
v1.15.3
v1.15.2
v1.15.1
v1.14.7
v1.15.0
v1.15.0-rc3
v1.14.6
v1.15.0-rc2
v1.14.5
v1.16.0-dev
v1.15.0-rc1
v1.14.4
v1.14.3
v1.14.2
v1.14.1
v1.14.0
v1.13.7
v1.14.0-rc2
v1.13.6
v1.13.5
v1.14.0-rc1
v1.15.0-dev
v1.13.4
v1.13.3
v1.13.2
v1.13.1
v1.13.0
v1.12.6
v1.13.0-rc2
v1.14.0-dev
v1.13.0-rc1
v1.12.5
v1.12.4
v1.12.3
v1.12.2
v1.12.1
v1.11.8
v1.12.0
v1.11.7
v1.12.0-rc2
v1.11.6
v1.12.0-rc1
v1.13.0-dev
v1.11.5
v1.11.4
v1.11.3
v1.10.6
v1.12.0-dev
v1.11.2
v1.10.5
v1.11.1
v1.10.4
v1.11.0
v1.11.0-rc2
v1.10.3
v1.11.0-rc1
v1.10.2
v1.10.1
v1.10.0
v1.9.6
v1.9.5
v1.10.0-rc2
v1.11.0-dev
v1.10.0-rc1
v1.9.4
v1.9.3
v1.9.2
v1.9.1
v1.9.0
v1.9.0-rc2
v1.10.0-dev
v1.9.0-rc1
v1.8.3
v1.8.2
v1.8.1
v1.8.0
v1.8.0-rc3
v1.7.6
v1.8.0-rc2
v1.7.5
v1.8.0-rc1
v1.9.0-dev
v1.7.4
v1.7.3
v1.7.2
v1.7.1
v1.7.0
v1.7.0-rc3
v1.6.4
v1.7.0-rc2
v1.6.3
v1.7.0-rc1
v1.7.0-dev
v1.6.2
v1.6.1
v1.6.0
v1.6.0-rc2
v1.5.3
v1.6.0-rc1
v1.6.0-dev
v1.5.2
v1.5.1
v1.5.0
v1.5.0-rc2
v1.5.0-rc1
v1.5.0-dev
v1.4.3
v1.4.2
v1.4.1
v1.4.0
v1.4.0-rc3
v1.4.0-rc2
v1.3.3
v1.4.0-rc1
v1.3.2
v1.3.1
v1.3.0
v1.3.0-rc2
v1.3.0-rc1
v1.2.3
v1.2.2
v1.2.1
v1.2.0
v1.2.0-rc3
v1.2.0-rc2
v1.1.4
v1.2.0-rc1
v1.1.3
v1.1.2
v1.1.1
v1.1.0
v1.0.2
v1.0.1
v1.0.0
v0.9.99
Labels
Clear labels
$20
$250
$50
$500
backport/done
💎 Bounty
docs-update-needed
good first issue
hacktoberfest
issue/bounty
issue/confirmed
issue/critical
issue/duplicate
issue/needs-feedback
issue/not-a-bug
issue/regression
issue/stale
issue/workaround
lgtm/need 2
modifies/api
modifies/translation
outdated/backport/v1.18
outdated/theme/markdown
outdated/theme/timetracker
performance/bigrepo
performance/cpu
performance/memory
performance/speed
pr/breaking
proposal/accepted
proposal/rejected
pr/wip
pull-request
reviewed/wontfix
💰 Rewarded
skip-changelog
status/blocked
topic/accessibility
topic/api
topic/authentication
topic/build
topic/code-linting
topic/commit-signing
topic/content-rendering
topic/deployment
topic/distribution
topic/federation
topic/gitea-actions
topic/issues
topic/lfs
topic/mobile
topic/moderation
topic/packages
topic/pr
topic/projects
topic/repo
topic/repo-migration
topic/security
topic/theme
topic/ui
topic/ui-interaction
topic/ux
topic/webhooks
topic/wiki
type/bug
type/deprecation
type/docs
type/enhancement
type/feature
type/miscellaneous
type/proposal
type/question
type/refactoring
type/summary
type/testing
type/upstream
Mirrored from GitHub Pull Request
Milestone
No items
No Milestone
Projects
Clear projects
No project
No Assignees
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: github-starred/gitea#14
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @tboerger on GitHub (Nov 3, 2016).
To make it easier for other applications to hook into Gitea we should integrate an OAuth2 provider, that way tools like Drone CI can authenticate against Gitea much easier. A good library for that can be https://github.com/RangelReale/osin.
Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.
@joubertredrat commented on GitHub (Nov 3, 2016):
Oh, sounds good this :)
@bkcsoft commented on GitHub (Nov 4, 2016):
Should this be integrated as "The" login-handler, or as an optional dependency? (i.e. build tag)
@tboerger commented on GitHub (Nov 4, 2016):
I think we can always integrate it but add an option for admins to disable it
@lunny commented on GitHub (Nov 4, 2016):
No build tag but default is closed until admin open it.
@joubertredrat commented on GitHub (Nov 4, 2016):
Nice idea 👍
@bkcsoft commented on GitHub (Nov 7, 2016):
@tboerger @lunny I was more wondering if all Authentication should be handled by OAuth, therefore removing the old auth-module
@JohnTheodore commented on GitHub (May 2, 2017):
+1, this would be awesome!!!
@femaref commented on GitHub (Jun 9, 2017):
is there an ETA for this? Would make life easier.
@lafriks commented on GitHub (Sep 4, 2017):
I think this one could be good option to integrate into gitea - https://github.com/coreos/dex
@lunny commented on GitHub (Sep 5, 2017):
@lafriks Looks good, but it requires go1.8 I think.
@mikehaertl commented on GitHub (Sep 5, 2017):
Here's another Go based alternative: https://github.com/ory/hydra
It seems quite easy to set up. Here's a nice tutorial: https://www.ory.am/run-oauth2-server-open-source-api-security.html?
@lafriks commented on GitHub (Sep 5, 2017):
@mikehaertl Hydra does not support JWT and from what I understand even if added they won't be in community edition - https://ory.gitbooks.io/hydra/content/faq.html#is-jwt-supported
@tboerger commented on GitHub (Sep 5, 2017):
JWT is a must have for drone integration
@ts468 commented on GitHub (Dec 15, 2017):
Remotely related, but would it also be possible to extend gitea so that gitea can listen on a second interface over which every access is granted automatically?
The idea is to allow tooling without OAuth2 authentication capabilities, like Hydra, to fetch data over, e.g., the loopback interface.
@jonasfranz commented on GitHub (Mar 11, 2018):
https://github.com/ory/fosite looks like a promising library to integrate this feature. It is used by hydra AFAIK.
@tboerger commented on GitHub (Mar 12, 2018):
IMHO https://github.com/coreos/dex looks more promising
@bkcsoft commented on GitHub (Apr 28, 2018):
Migrating all existing users would be a PITA though 😂
@aaronpk commented on GitHub (Jun 4, 2018):
It would be fantastic if Gitea were its own OAuth2 provider! In fact, IndieAuth is the perfect candidate for how to implement this.
IndieAuth is an OAuth 2.0 extension, which avoids the centralized problems with existing OAuth solutions by using DNS for "registration" of client IDs and user IDs. Every user account is identified by a URL (for Gitea this could be your Gitea user page), and client IDs are also URLs (would be the Gitea instance home page in this case.)
This would let people sign in to other Gitea instances without any sort of prior relationship or doing client registration and such. Happy to walk through this in more detail if you're interested!
(originally posted at https://aaronparecki.com/2018/06/04/12/gitea-indieauth)
@tboerger commented on GitHub (Jun 4, 2018):
Sounds like it's comparable with openid connect.
@aaronpk commented on GitHub (Jun 4, 2018):
Not quite, since OpenID Connect still requires registering clients to get client credentials to use with the flows. There is a dynamic client registration part of OpenID Connect, but this allows you to entirely bypass the need for registering clients separately since we just piggyback on the existing DNS for identifying clients.
(originally posted at https://aaronparecki.com/2018/06/04/18/)
@ekozan commented on GitHub (Jun 14, 2018):
I'll make an PRs for this one if nobody work on it
@bkcsoft commented on GitHub (Jun 15, 2018):
@ekozan Mind linking to "OIDC" since I have no clue what that is 🙂
@ekozan commented on GitHub (Jun 15, 2018):
@bkcsoft :D sorry openid Connect : http://openid.net/connect/
It's like openid3 based on oauth2
but i have dig more and i'll stick to Oauth2 for the moment
Because all big ( Gitlab, Github, etc... ) use Oauth
@ekozan commented on GitHub (Jun 17, 2018):
I need some help and advise on the design :)
Do you think i'm right :
@tboerger @bkcsoft @lunny
@tarelda commented on GitHub (Jun 25, 2018):
IMHO, integrate OAuth2 endpoints with maintained external lib (no point in reinventing the wheel) into API. Maybe even strip out code generation from authentication code flow and force only global/org scope. At least this would work for tools like Drone, registry etc.
@lunny commented on GitHub (Jun 26, 2018):
@ekozan just like github, I think. :)
@ekozan commented on GitHub (Jun 26, 2018):
@tarelda Oauth2 is realy simple protocol integrate an external library is just pointless, and many required library is already present in Gitea - 60% of the oauth or OIDC provider is the UI :)
I'll make the PR next week i had no time for finish the UI this week
@jonasfranz commented on GitHub (Jun 30, 2018):
@ekozan You can create a seperate PR for the UI, this may improve the review speed.
@vtolstov commented on GitHub (Aug 13, 2018):
so, what library decided to use? i don't find any pr about oauth2 server in gitea
@xdevs23 commented on GitHub (Aug 13, 2018):
I'm waiting for this one as well. Definitely looking forward to it!
@JohnTheodore commented on GitHub (Aug 22, 2018):
Is there a branch or PR related to this change? or we're still in the discussion phase.
@lunny commented on GitHub (Aug 23, 2018):
@JohnTheodore no people are working on this.
@xdevs23 commented on GitHub (Aug 23, 2018):
That's unfortunate
@JohnTheodore commented on GitHub (Aug 24, 2018):
@ekozan mentioned a PR, I wasn't sure if that happened.
@JohnTheodore commented on GitHub (Sep 5, 2018):
@lunny it sounds like dex would be the library to use for resolving this issue? Are there changes to dex that are necessary for it to be the way you want?
In general how does the go-gitea project deal with something like a 'design document'. So if you, tboerger, lafriks, bkcsoft, etc all agree on a design with say dex, is that design written down somewhere? This way if someone wants to work on it, they'll do it in a way the project maintainers want.
@lunny commented on GitHub (Sep 6, 2018):
We ever want to create a design process but in fact we haven't obey that because it's unnecessary for most features. We depend on Pull Requests approvals to control the quality of the codes. Any PR some maintainers against will be discussed more until two maintainers agreed and no maintainers against. A big PR of course should be required write the design detail on the PR's description. As an oauth provider, it's a mature technology.I think what we need to do is to find a maintained-well library and follow it's design.
@ekozan commented on GitHub (Oct 7, 2018):
i'm totaly busy .... :/ i havent finish the work
@lunny commented on GitHub (Oct 21, 2018):
@ekozan never mind. :)
@techknowlogick commented on GitHub (Nov 13, 2018):
If anyone is interested in working on this, I wrote an adapter for https://github.com/go-oauth2/oauth2 that allows use of XORM https://github.com/techknowlogick/go-oauth2-xorm Next would be to add the routes to handle oauth.
@stale[bot] commented on GitHub (Jan 13, 2019):
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs during the next 2 weeks. Thank you for your contributions.
@AfroThundr3007730 commented on GitHub (Jan 13, 2019):
There should be a way to mark this as "keep open", since there is clearly still demand for this.
@jonasfranz commented on GitHub (Jan 13, 2019):
There is a open PR too.
@AfroThundr3007730 commented on GitHub (Jan 21, 2019):
@lafriks Mind tagging this one as reviewed too? :)
@xdevs23 commented on GitHub (Feb 2, 2019):
Looking forward to this