github-starred/gitea
2
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-03-12 02:24:21 -05:00
Code Issues 2.6k Packages Projects Releases 100 Wiki Activity

OAuth2 provider "userinfo" support #4125

New Issue
Closed
opened 2025-11-02 05:39:09 -06:00 by GiteaMirror · 27 comments
GiteaMirror commented 2025-11-02 05:39:09 -06:00
Owner
Copy Link

Originally created by @carlokok on GitHub (Oct 16, 2019).

Originally assigned to: @lafriks on GitHub.

Gitea has an OAuth2 provider that can be used to connect applications. ConcourseCI requires that Gitea has a "userinfo" endpoint though, which it currently does not provide. userinfo seems to be fairly simple (https://connect2id.com/products/server/docs/api/userinfo) and part of openid connect (there is a separate issue from someone else to provide that)/

Originally created by @carlokok on GitHub (Oct 16, 2019). Originally assigned to: @lafriks on GitHub. Gitea has an OAuth2 provider that can be used to connect applications. ConcourseCI requires that Gitea has a "userinfo" endpoint though, which it currently does not provide. userinfo seems to be fairly simple (https://connect2id.com/products/server/docs/api/userinfo) and part of openid connect (there is a separate issue from someone else to provide that)/
GiteaMirror commented 2025-11-02 05:39:10 -06:00
Author
Owner
Copy Link

@fizzyduck commented on GitHub (Oct 25, 2019):

I've been trying to set up vouch-proxy https://github.com/vouch/vouch-proxy/ to use Gitea as an OAuth2 provider ant it also seems to require the "userinfo" endpoint.

@fizzyduck commented on GitHub (Oct 25, 2019): I've been trying to set up vouch-proxy [https://github.com/vouch/vouch-proxy/](url) to use Gitea as an OAuth2 provider ant it also seems to require the "userinfo" endpoint.
GiteaMirror commented 2025-11-02 05:39:10 -06:00
Author
Owner
Copy Link

@sikmir commented on GitHub (Nov 12, 2019):

The same problem with Wekan, it also requires the "userinfo" endpoint.

@sikmir commented on GitHub (Nov 12, 2019): The same problem with [Wekan](https://github.com/wekan/wekan), it also requires the "userinfo" endpoint.
GiteaMirror commented 2025-11-02 05:39:10 -06:00
Author
Owner
Copy Link

@lunny commented on GitHub (Nov 13, 2019):

In fact we have one https://gitea.com/api/swagger#/user/userGetCurrent , but It may not satisfied the standard.

@lunny commented on GitHub (Nov 13, 2019): In fact we have one https://gitea.com/api/swagger#/user/userGetCurrent , but It may not satisfied the standard.
GiteaMirror commented 2025-11-02 05:39:11 -06:00
Author
Owner
Copy Link

@sikmir commented on GitHub (Nov 13, 2019):

In fact we have one https://gitea.com/api/swagger#/user/userGetCurrent , but It may not satisfied the standard.

Expected request/response:

>> GET /login/oauth/userinfo
Authorization: Basic <access_token>
Accept: application/json

<< HTTP/1.1 200 OK
Content-Type: application/json

{
    "sub": "248289761001",
    "name": "Jane Doe",
    "preferred_username": "j.doe",
    "email": "janedoe@example.com",
    "picture": "http://example.com/janedoe/me.jpg"
}
@sikmir commented on GitHub (Nov 13, 2019): > In fact we have one https://gitea.com/api/swagger#/user/userGetCurrent , but It may not satisfied the standard. Expected request/response: ``` >> GET /login/oauth/userinfo Authorization: Basic <access_token> Accept: application/json << HTTP/1.1 200 OK Content-Type: application/json { "sub": "248289761001", "name": "Jane Doe", "preferred_username": "j.doe", "email": "janedoe@example.com", "picture": "http://example.com/janedoe/me.jpg" } ```
GiteaMirror commented 2025-11-02 05:39:12 -06:00
Author
Owner
Copy Link

@6543 commented on GitHub (Nov 13, 2019):

sub = ?!?
name = user.full_name
preferred_username = user.username
email = user.email
picture = user.avatar_url

@6543 commented on GitHub (Nov 13, 2019): sub = ?!? name = user.full_name preferred_username = user.username email = user.email picture = user.avatar_url
GiteaMirror commented 2025-11-02 05:39:12 -06:00
Author
Owner
Copy Link

@aaronpk commented on GitHub (Feb 2, 2020):

sub is short for "subject" and is supposed to be a unique identifier for the user account, not necessarily something human readable. You could use an internal database ID for example.

@aaronpk commented on GitHub (Feb 2, 2020): `sub` is short for "subject" and is supposed to be a unique identifier for the user account, not necessarily something human readable. You could use an internal database ID for example.
GiteaMirror commented 2025-11-02 05:39:13 -06:00
Author
Owner
Copy Link

@stale[bot] commented on GitHub (Apr 2, 2020):

This issue has been automatically marked as stale because it has not had recent activity. I am here to help clear issues left open even if solved or waiting for more insight. This issue will be closed if no further activity occurs during the next 2 weeks. If the issue is still valid just add a comment to keep it alive. Thank you for your contributions.

@stale[bot] commented on GitHub (Apr 2, 2020): This issue has been automatically marked as stale because it has not had recent activity. I am here to help clear issues left open even if solved or waiting for more insight. This issue will be closed if no further activity occurs during the next 2 weeks. If the issue is still valid just add a comment to keep it alive. Thank you for your contributions.
GiteaMirror commented 2025-11-02 05:39:13 -06:00
Author
Owner
Copy Link

@sikmir commented on GitHub (Apr 2, 2020):

Keep it open.

@sikmir commented on GitHub (Apr 2, 2020): Keep it open.
GiteaMirror commented 2025-11-02 05:39:13 -06:00
Author
Owner
Copy Link

@ppaulweber commented on GitHub (Jul 21, 2020):

@lafriks what's the status about this issue and referenced PRs? I was trying to integrate Gitea with Concourse CI but it seems that still the missing userinfo endpoint in the latest gitea release is a showstopper for a proper OAuth integration.

@ppaulweber commented on GitHub (Jul 21, 2020): @lafriks what's the status about this issue and referenced PRs? I was trying to integrate Gitea with Concourse CI but it seems that still the missing `userinfo` endpoint in the latest `gitea` release is a showstopper for a proper OAuth integration.
GiteaMirror commented 2025-11-02 05:39:13 -06:00
Author
Owner
Copy Link

@kevung commented on GitHub (Dec 10, 2020):

I confirm this would be very useful to use in combination with Jupyterhub.
https://oauthenticator.readthedocs.io/en/latest/writing-an-oauthenticator.html
https://oauthenticator.readthedocs.io/en/latest/getting-started.html

@kevung commented on GitHub (Dec 10, 2020): I confirm this would be very useful to use in combination with Jupyterhub. https://oauthenticator.readthedocs.io/en/latest/writing-an-oauthenticator.html https://oauthenticator.readthedocs.io/en/latest/getting-started.html
GiteaMirror commented 2025-11-02 05:39:13 -06:00
Author
Owner
Copy Link

@reivilibre commented on GitHub (Jan 16, 2021):

Another instance where this would be useful is with setting up Grafana to use Gitea with OAuth, which also expects an OpenID-compatible 'UserInfo' endpoint.

https://grafana.com/docs/grafana/latest/auth/generic-oauth/

@reivilibre commented on GitHub (Jan 16, 2021): Another instance where this would be useful is with setting up Grafana to use Gitea with OAuth, which also expects an OpenID-compatible 'UserInfo' endpoint. https://grafana.com/docs/grafana/latest/auth/generic-oauth/
GiteaMirror commented 2025-11-02 05:39:14 -06:00
Author
Owner
Copy Link

@lunny commented on GitHub (Jan 18, 2021):

ref: https://openid.net/specs/openid-connect-core-1_0.html#UserInfo

@lunny commented on GitHub (Jan 18, 2021): ref: https://openid.net/specs/openid-connect-core-1_0.html#UserInfo
GiteaMirror commented 2025-11-02 05:39:14 -06:00
Author
Owner
Copy Link

@mcansky commented on GitHub (Mar 3, 2021):

would a bounty help to get this moving ?
this would be really useful to advocate for Gitea by showing it works for a bunch more other services properly.

@mcansky commented on GitHub (Mar 3, 2021): would a bounty help to get this moving ? this would be really useful to advocate for Gitea by showing it works for a bunch more other services properly.
GiteaMirror commented 2025-11-02 05:39:14 -06:00
Author
Owner
Copy Link

@6543 commented on GitHub (Mar 3, 2021):

@mcansky bounty's do help, even smal one show that this is valued ...

@6543 commented on GitHub (Mar 3, 2021): @mcansky bounty's do help, even smal one show that this is valued ...
GiteaMirror commented 2025-11-02 05:39:15 -06:00
Author
Owner
Copy Link

@mcansky commented on GitHub (Mar 4, 2021):

@mcansky bounty's do help, even smal one show that this is valued ...

ok, I will organise one through https://www.bountysource.com/issues/82089047-oauth2-provider-userinfo-support ? I will check how exactly that works on the accounting side;
how is the usual "load" of the developers on the project ? are some of you all the time on it or is it mostly "on the side" ?

@mcansky commented on GitHub (Mar 4, 2021): > @mcansky bounty's do help, even smal one show that this is valued ... ok, I will organise one through https://www.bountysource.com/issues/82089047-oauth2-provider-userinfo-support ? I will check how exactly that works on the accounting side; how is the usual "load" of the developers on the project ? are some of you all the time on it or is it mostly "on the side" ?
GiteaMirror commented 2025-11-02 05:39:15 -06:00
Author
Owner
Copy Link

@6543 commented on GitHub (Mar 4, 2021):

It's all free spare time (If one is left 🙃)
-> "on the side"

@6543 commented on GitHub (Mar 4, 2021): It's all free spare time (If one is left :upside_down_face:) -> "on the side"
GiteaMirror commented 2025-11-02 05:39:15 -06:00
Author
Owner
Copy Link

@mcansky commented on GitHub (Mar 9, 2021):

ok, let's do this :D there is now a $100 bounty on this feature; my main interest is to get OAuth2 provider features complete so that other tools can fully use Gitea as OAuth2 provider such as ConcourseCI as this is a blocking point for my company to get the pair to match as part of Git Hosting + CI/CD offerings.

@mcansky commented on GitHub (Mar 9, 2021): ok, let's do this :D there is now a $100 bounty on this feature; my main interest is to get OAuth2 provider features complete so that other tools can fully use Gitea as OAuth2 provider such as ConcourseCI as this is a blocking point for my company to get the pair to match as part of Git Hosting + CI/CD offerings.
GiteaMirror commented 2025-11-02 05:39:16 -06:00
Author
Owner
Copy Link

@titpetric commented on GitHub (Mar 10, 2021):

I added the userinfo endpoint in the PR. It isn't tested, but as long as ctx.User is filled out on the request, this should be it. From what I understand, the reqSignIn in the /login/oauth group definition should fill this out.

Do you have the ability to test the PR (build with make and test?).

@titpetric commented on GitHub (Mar 10, 2021): I added the userinfo endpoint in the PR. It isn't tested, but as long as `ctx.User` is filled out on the request, this should be it. From what I understand, the `reqSignIn` in the `/login/oauth` group definition should fill this out. Do you have the ability to test the PR (build with `make` and test?).
GiteaMirror commented 2025-11-02 05:39:16 -06:00
Author
Owner
Copy Link

@mcansky commented on GitHub (Mar 10, 2021):

all right, let's see how the PR goes, and in the meantime I will get something ready to test; thanks a lot for your prompt action !

@mcansky commented on GitHub (Mar 10, 2021): all right, let's see how the PR goes, and in the meantime I will get something ready to test; thanks a lot for your prompt action !
GiteaMirror commented 2025-11-02 05:39:17 -06:00
Author
Owner
Copy Link

@NLH-Software commented on GitHub (May 4, 2021):

I've needed a correct working userinfo endpoint to secure a location at my webspace with the openid authorization from gitea. So I developed a working and complete solution which checks against the valid token. I pushed it today and created a pull request.
For testing, just checkout the version from my source branch, build it (tested on arm64 and amd64) and use it on your environment.
Maybe I will add the usage of the scope later. (so an admin can select which field he requests from gitea)

Should fix this issue.

@NLH-Software commented on GitHub (May 4, 2021): I've needed a correct working userinfo endpoint to secure a location at my webspace with the openid authorization from gitea. So I developed a working and complete solution which checks against the valid token. I pushed it today and created a pull request. For testing, just checkout the version from my source branch, build it (tested on arm64 and amd64) and use it on your environment. Maybe I will add the usage of the scope later. (so an admin can select which field he requests from gitea) Should fix this issue.
GiteaMirror commented 2025-11-02 05:39:17 -06:00
Author
Owner
Copy Link

@techknowlogick commented on GitHub (May 6, 2021):

Closing as both linked PRs are now merged. @NLH-Software if you are bountyhub you can claim the bounty.

@techknowlogick commented on GitHub (May 6, 2021): Closing as both linked PRs are now merged. @NLH-Software if you are bountyhub you can claim the bounty.
GiteaMirror commented 2025-11-02 05:39:17 -06:00
Author
Owner
Copy Link

@mcansky commented on GitHub (May 6, 2021):

thank you all !!

@mcansky commented on GitHub (May 6, 2021): thank you all !!
GiteaMirror commented 2025-11-02 05:39:17 -06:00
Author
Owner
Copy Link

@fizzyduck commented on GitHub (May 6, 2021):

Thank you, your effort on this is much appreciated!

On 4 May 2021, at 19:02, N. L. H. @.***> wrote:

I've needed a correct working userinfo endpoint to secure a location at my webspace with the openid authorization from gitea. So I developed a working and complete solution which checks against the valid token. I pushed it today and created a pull request.
For testing, just checkout the version from my source branch, build it (tested on arm64 and amd64) and use it on your environment.
Maybe I will add the usage of the scope later. (so an admin can select which field he requests from gitea)

Should fix this issue.


You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or unsubscribe.

@fizzyduck commented on GitHub (May 6, 2021): Thank you, your effort on this is much appreciated! > On 4 May 2021, at 19:02, N. L. H. ***@***.***> wrote: > > I've needed a correct working userinfo endpoint to secure a location at my webspace with the openid authorization from gitea. So I developed a working and complete solution which checks against the valid token. I pushed it today and created a pull request. > For testing, just checkout the version from my source branch, build it (tested on arm64 and amd64) and use it on your environment. > Maybe I will add the usage of the scope later. (so an admin can select which field he requests from gitea) > > Should fix this issue. > > — > You are receiving this because you commented. > Reply to this email directly, view it on GitHub, or unsubscribe.
GiteaMirror commented 2025-11-02 05:39:18 -06:00
Author
Owner
Copy Link

@ppaulweber commented on GitHub (May 6, 2021):

Thx @NLH-Software 🙏 I'll give it a try ASAP for my use case (see: https://github.com/go-gitea/gitea/issues/8534#issuecomment-661789052).

@ppaulweber commented on GitHub (May 6, 2021): Thx @NLH-Software :pray: I'll give it a try ASAP for my use case (see: https://github.com/go-gitea/gitea/issues/8534#issuecomment-661789052).
GiteaMirror commented 2025-11-02 05:39:18 -06:00
Author
Owner
Copy Link

@NLH-Software commented on GitHub (May 6, 2021):

Thx @NLH-Software 🙏 I'll give it a try ASAP for my use case (see: #8534 (comment)).

If you have problems, let me know and we can find out, which configuration is needed.

@NLH-Software commented on GitHub (May 6, 2021): > Thx @NLH-Software 🙏 I'll give it a try ASAP for my use case (see: [#8534 (comment)](https://github.com/go-gitea/gitea/issues/8534#issuecomment-661789052)). If you have problems, let me know and we can find out, which configuration is needed.
GiteaMirror commented 2025-11-02 05:39:18 -06:00
Author
Owner
Copy Link

@mcansky commented on GitHub (Jun 19, 2021):

I tested out adding gitea as Oauth provider for a concourse ci setup with docker; I followed https://docs.gitea.io/en-us/oauth2-provider/ and https://concourse-ci.org/generic-oauth.html Unfortunately I am still getting an error :

image

I used a freshly built docker image (mcansky/gitea:latest) locally. Happy to do a debug session one of these days if it can help figure out something.

@mcansky commented on GitHub (Jun 19, 2021): I tested out adding gitea as Oauth provider for a concourse ci setup with docker; I followed https://docs.gitea.io/en-us/oauth2-provider/ and https://concourse-ci.org/generic-oauth.html Unfortunately I am still getting an error : ![image](https://user-images.githubusercontent.com/148204/122642799-794f8780-d10c-11eb-8cbb-bef639079f55.png) I used a freshly built docker image (mcansky/gitea:latest) locally. Happy to do a debug session one of these days if it can help figure out something.
GiteaMirror commented 2025-11-02 05:39:18 -06:00
Author
Owner
Copy Link

@NLH-Software commented on GitHub (Jun 21, 2021):

I tested out adding gitea as Oauth provider for a concourse ci setup with docker; I followed https://docs.gitea.io/en-us/oauth2-provider/ and https://concourse-ci.org/generic-oauth.html Unfortunately I am still getting an error :

image

I used a freshly built docker image (mcansky/gitea:latest) locally. Happy to do a debug session one of these days if it can help figure out something.

Can you try https://concourse-ci.org/generic-oidc-auth.html for setup? Probably this should work. Implemented is the userinfo like in the comment from november 19 and described at https://openid.net/specs/openid-connect-core-1_0.html#UserInfo mentioned by lunny.

I tested it successfully with grafana and mod_auth_openidc for apache, so I think you must use the oidc authentication variant.

@NLH-Software commented on GitHub (Jun 21, 2021): > I tested out adding gitea as Oauth provider for a concourse ci setup with docker; I followed https://docs.gitea.io/en-us/oauth2-provider/ and https://concourse-ci.org/generic-oauth.html Unfortunately I am still getting an error : > > ![image](https://user-images.githubusercontent.com/148204/122642799-794f8780-d10c-11eb-8cbb-bef639079f55.png) > > I used a freshly built docker image (mcansky/gitea:latest) locally. Happy to do a debug session one of these days if it can help figure out something. Can you try https://concourse-ci.org/generic-oidc-auth.html for setup? Probably this should work. Implemented is the userinfo like in the comment from november 19 and described at https://openid.net/specs/openid-connect-core-1_0.html#UserInfo mentioned by lunny. I tested it successfully with grafana and mod_auth_openidc for apache, so I think you must use the oidc authentication variant.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
$20
$250
$50
$500
backport/done
💎 Bounty
docs-update-needed
good first issue
hacktoberfest
issue/bounty
issue/confirmed
issue/critical
issue/duplicate
issue/needs-feedback
issue/not-a-bug
issue/regression
issue/stale
issue/workaround
lgtm/need 2
modifies/api
modifies/translation
outdated/backport/v1.18
outdated/theme/markdown
outdated/theme/timetracker
performance/bigrepo
performance/cpu
performance/memory
performance/speed
pr/breaking
proposal/accepted
proposal/rejected
pr/wip
pull-request
Mirrored from GitHub Pull Request
 reviewed/wontfix
💰 Rewarded
skip-changelog
status/blocked
topic/accessibility
topic/api
topic/authentication
topic/build
topic/code-linting
topic/commit-signing
topic/content-rendering
topic/deployment
topic/distribution
topic/federation
topic/gitea-actions
topic/issues
topic/lfs
topic/mobile
topic/moderation
topic/packages
topic/pr
topic/projects
topic/repo
topic/repo-migration
topic/security
topic/theme
topic/ui
topic/ui-interaction
topic/ux
topic/webhooks
topic/wiki
type/bug
type/deprecation
type/docs
type/enhancement
type/feature
type/miscellaneous
type/proposal
type/question
type/refactoring
type/summary
type/testing
type/upstream
No Label issue/bounty issue/confirmed topic/authentication type/enhancement
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/gitea#4125
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?