Users redirected to account linking page despite ACCOUNT_LINKING set to auto #14491

New Issue

GiteaMirror · 2025-11-02T11:14:23-06:00

GiteaMirror commented

2025-11-02 11:14:23 -06:00

Originally created by @SeraphJACK on GitHub (May 15, 2025).

Description

We're switching from one IDP to another, so I added a new identity source in gitea admin page.

Users can successfully authenticate with the new identity source. However, they're redirected to account linking page after authenticating with the new identity source, despite having ACCOUNT_LINKING set to auto on the server.

Relevant configuration:

[service]
DISABLE_REGISTRATION = false
REQUIRE_SIGNIN_VIEW = true
REGISTER_EMAIL_CONFIRM = false
ENABLE_NOTIFY_MAIL = false
ALLOW_ONLY_EXTERNAL_REGISTRATION = true
ENABLE_CAPTCHA = false
DEFAULT_KEEP_EMAIL_PRIVATE = false
DEFAULT_ALLOW_CREATE_ORGANIZATION = true
DEFAULT_ENABLE_TIMETRACKING = true
ENABLE_PASSWORD_SIGNIN_FORM = false
ENABLE_BASIC_AUTHENTICATION = false
ENABLE_PASSKEY_AUTHENTICATION = false

[oauth2_client]
ENABLE_AUTO_REGISTRATION = true
ACCOUNT_LINKING = auto

[admin]
DISABLE_REGULAR_ORG_CREATION = true
EXTERNAL_USER_DISABLE_FEATURES = deletion,manage_ssh_keys,manage_mfa,manage_credentials

Gitea Version

1.23.8

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

https://gist.github.com/SeraphJACK/e6b5d95d786d673bcd276fbd22104e55

Screenshots

Git Version

No response

Operating System

No response

How are you running Gitea?

Via docker compose:

version: "3"

services:
  server:
    image: gitea/gitea:1.23.8
    container_name: gitea
    environment:
      - USER_UID=1000
      - USER_GID=1000
    volumes:
      - data:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
     #- /home/git/.ssh/:/data/git/.ssh
    ports:
      - "127.0.0.1:3001:3000"
     #- "222:22"
    restart: always

volumes:
  data: {}

Database

SQLite

Originally created by @SeraphJACK on GitHub (May 15, 2025). ### Description We're switching from one IDP to another, so I added a new identity source in gitea admin page. Users can successfully authenticate with the new identity source. However, they're redirected to account linking page after authenticating with the new identity source, despite having `ACCOUNT_LINKING` set to `auto` on the server. Relevant configuration: ```ini [service] DISABLE_REGISTRATION = false REQUIRE_SIGNIN_VIEW = true REGISTER_EMAIL_CONFIRM = false ENABLE_NOTIFY_MAIL = false ALLOW_ONLY_EXTERNAL_REGISTRATION = true ENABLE_CAPTCHA = false DEFAULT_KEEP_EMAIL_PRIVATE = false DEFAULT_ALLOW_CREATE_ORGANIZATION = true DEFAULT_ENABLE_TIMETRACKING = true ENABLE_PASSWORD_SIGNIN_FORM = false ENABLE_BASIC_AUTHENTICATION = false ENABLE_PASSKEY_AUTHENTICATION = false [oauth2_client] ENABLE_AUTO_REGISTRATION = true ACCOUNT_LINKING = auto [admin] DISABLE_REGULAR_ORG_CREATION = true EXTERNAL_USER_DISABLE_FEATURES = deletion,manage_ssh_keys,manage_mfa,manage_credentials ``` ### Gitea Version 1.23.8 ### Can you reproduce the bug on the Gitea demo site? No ### Log Gist https://gist.github.com/SeraphJACK/e6b5d95d786d673bcd276fbd22104e55 ### Screenshots ![Image](https://github.com/user-attachments/assets/71033de9-245f-459d-b0c5-ed8c068464fc) ### Git Version _No response_ ### Operating System _No response_ ### How are you running Gitea? Via docker compose: ```yaml version: "3" services: server: image: gitea/gitea:1.23.8 container_name: gitea environment: - USER_UID=1000 - USER_GID=1000 volumes: - data:/data - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro #- /home/git/.ssh/:/data/git/.ssh ports: - "127.0.0.1:3001:3000" #- "222:22" restart: always volumes: data: {} ``` ### Database SQLite

GiteaMirror added the type/bug label 2025-11-02 11:14:23 -06:00

GiteaMirror closed this issue

2025-11-02 11:14:23 -06:00

GiteaMirror commented

2025-11-02 11:14:24 -06:00

@SeraphJACK commented on GitHub (May 15, 2025):

Never mind, the configuration should be in oauth2_client instead of oauth2.

@SeraphJACK commented on GitHub (May 15, 2025): Never mind, the configuration should be in `oauth2_client` instead of `oauth2`.

GiteaMirror commented

2025-11-02 11:14:24 -06:00

@SeraphJACK commented on GitHub (May 15, 2025):

Users are still redirected to account linking page, after correcting the configuration.

@SeraphJACK commented on GitHub (May 15, 2025): Users are still redirected to account linking page, after correcting the configuration.

GiteaMirror commented

2025-11-02 11:14:24 -06:00

@SeraphJACK commented on GitHub (May 15, 2025):

Fixed by adding following config to oauth2_client:

OPENID_CONNECT_SCOPES = email

@SeraphJACK commented on GitHub (May 15, 2025): Fixed by adding following config to `oauth2_client`: ```ini OPENID_CONNECT_SCOPES = email ```

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/gitea#14491

Users redirected to account linking page despite ACCOUNT_LINKING set to auto #14491

Description

Gitea Version

Can you reproduce the bug on the Gitea demo site?

Log Gist

Screenshots

Git Version

Operating System

How are you running Gitea?

Database

Users redirected to account linking page despite `ACCOUNT_LINKING` set to `auto` #14491