Gitea as an OpenID-2.0 provider #531

@cweiske commented on GitHub (Jul 14, 2017):

Why is every software trying to become a OpenID provider? Gitea being an OpenID consumer is totally fine on its own.

I do not think that it's necessary for federated pull requests to be an OpenID provider.

@cweiske commented on GitHub (Jul 14, 2017): Why is every software trying to become a OpenID provider? Gitea being an OpenID consumer is totally fine on its own. I do not think that it's necessary for federated pull requests to be an OpenID provider.

GiteaMirror commented

@jhasse commented on GitHub (Jul 14, 2017):

It isn't necessary, but it makes it easier as you don't have to create a traditional account on every Gitea instance where you want to open a pull request (and you don't have or don't want to use a different OpenID provider).

@jhasse commented on GitHub (Jul 14, 2017): It isn't necessary, but it makes it easier as you don't have to create a traditional account on every Gitea instance where you want to open a pull request (and you don't have or don't want to use a different OpenID provider).

GiteaMirror commented

@bkcsoft commented on GitHub (Aug 24, 2017):

If you can setup your own gitea-instance you can setup your own OpenID provider. I really don't get why Gitea has to be a provider for everything 😒

@bkcsoft commented on GitHub (Aug 24, 2017): If you can setup your own gitea-instance you can setup your own OpenID provider. I _really_ don't get why Gitea has to be a provider for everything 😒

GiteaMirror commented

@MaxG87 commented on GitHub (Feb 11, 2019):

Albeit this thread is quiet for some time I want to add some points for the sake of the argument.

If you can setup your own gitea-instance you can setup your own OpenID provider.

And instantly you have to maintain two systems instead of one. Because a project decided not to contribute to infrastructure it partly relies on. And maintaining more systems in a self-hosting setting means much more opportunity to miss important updates.

Furthermore, at least for me, the condition of free, decentralised OpenID infrastructure seems to be quite bad. You can reuse the logins of your accounts at the usual tech giants, but only because someone hardcoded the support for them. I hardly know a service where you can use OpenID tokens from the provider of your choice. I also don't know providers of such tokens that could be used freely. All I know off is the possibility to integrate third-party-logins in your website for preselected third parties.

Long story short: OpenID needs more providers, otherwise Giteas OpenID feature cannot be used in a decentralised way. Gitea should be such a provider to reduce required mainenance efforts in self-hosting settings.

I really don't get why Gitea has to be a provider for everything

It is only about OpenID, isn't it? For me, this seems to be much less than everything.

@MaxG87 commented on GitHub (Feb 11, 2019): Albeit this thread is quiet for some time I want to add some points for the sake of the argument. > If you can setup your own gitea-instance you can setup your own OpenID provider. And instantly you have to maintain two systems instead of one. Because a project decided not to contribute to infrastructure it partly relies on. And maintaining more systems in a self-hosting setting means much more opportunity to miss important updates. Furthermore, at least for me, the condition of free, decentralised OpenID infrastructure seems to be quite bad. You can reuse the logins of your accounts at the usual tech giants, but only because someone hardcoded the support for them. I hardly know a service where you can use OpenID tokens from the provider of your choice. I also don't know providers of such tokens that could be used freely. All I know off is the possibility to integrate third-party-logins in your website for preselected third parties. Long story short: OpenID needs more providers, otherwise Giteas OpenID feature cannot be used in a decentralised way. Gitea should be such a provider to reduce required mainenance efforts in self-hosting settings. > I _really_ don't get why Gitea has to be a provider for everything It is only about OpenID, isn't it? For me, this seems to be much less than everything.

GiteaMirror commented

@lunny commented on GitHub (Apr 21, 2019):

Since Gitea now could be as OAuth2 provider, that's not too difficult.

@lunny commented on GitHub (Apr 21, 2019): Since Gitea now could be as OAuth2 provider, that's not too difficult.

GiteaMirror commented

@stale[bot] commented on GitHub (Jun 20, 2019):

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs during the next 2 weeks. Thank you for your contributions.

@stale[bot] commented on GitHub (Jun 20, 2019): This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs during the next 2 weeks. Thank you for your contributions.

GiteaMirror commented

@strk commented on GitHub (Jun 20, 2019):

I still think this is an important feature. Since Gitea does support OpenID-2.0, by acting as a provider would allow accessing all enabled Gitea instances via identity provided by your own. A big step toward federation.

@strk commented on GitHub (Jun 20, 2019): I still think this is an important feature. Since Gitea does support `OpenID-2.0`, by acting as a provider would allow accessing all enabled Gitea instances via identity provided by your own. A big step toward federation.

GiteaMirror commented

@zeripath commented on GitHub (Jun 20, 2019):

If you put links to the specs in this issue anyone that's interested in building this functionality will have an easier time doing it.

@zeripath commented on GitHub (Jun 20, 2019): If you put links to the specs in this issue anyone that's interested in building this functionality will have an easier time doing it.

GiteaMirror commented

@6543 commented on GitHub (Nov 6, 2019):

gitea now can act as openID provider - so close this issue?

@6543 commented on GitHub (Nov 6, 2019): gitea now can act as openID provider - so close this issue?

GiteaMirror commented

@lunny commented on GitHub (Nov 7, 2019):

Which PR resolved this?

@lunny commented on GitHub (Nov 7, 2019): Which PR resolved this?

GiteaMirror commented

https://docs.gitea.io/en-us/oauth2-provider/?

@6543 commented on GitHub (Nov 7, 2019):

@6543 commented on GitHub (Nov 7, 2019): https://docs.gitea.io/en-us/oauth2-provider/?

GiteaMirror commented

@jolheiser commented on GitHub (Nov 7, 2019):

https://docs.gitea.io/en-us/oauth2-provider/?

OpenID is not OAuth2

For example, OAuth2 allows another service to access the Gitea API on your behalf, whereas OpenID would allow another service to treat your Gitea account as a valid account on their platform.
Apologies if that's not 100% correct, but it's my understanding of it on a high-level.

EDIT: This StackOverflow question answers it better than I did.

@jolheiser commented on GitHub (Nov 7, 2019): > https://docs.gitea.io/en-us/oauth2-provider/? OpenID is not OAuth2 For example, OAuth2 allows another service to access the Gitea API on your behalf, whereas OpenID would allow another service to treat your Gitea account as a valid account on their platform. Apologies if that's not 100% correct, but it's my understanding of it on a high-level. EDIT: This [StackOverflow question](https://stackoverflow.com/questions/1087031/whats-the-difference-between-openid-and-oauth) answers it better than I did.

GiteaMirror commented

@philpraxis commented on GitHub (Jul 28, 2020):

That would be great if Gitea can become OpenID Connect provider !
I don't know if I can ask, but let's go: Can someone familiar with the code explain the level of complexity (or days / weeks / months dev time) that such feature would need?

@philpraxis commented on GitHub (Jul 28, 2020): That would be great if Gitea can become OpenID Connect provider ! I don't know if I can ask, but let's go: Can someone familiar with the code explain the level of complexity (or days / weeks / months dev time) that such feature would need?

GiteaMirror commented

@strk commented on GitHub (Jan 2, 2021):

I think we want discovery for this ticket to be closed. Without discovery a Gitea instance could not be used as an identity provider for other Gitea instances. This ticket was about OpenID-2.0 for this reason (decentralization of identities)

@strk commented on GitHub (Jan 2, 2021): I think we want discovery for this ticket to be closed. Without discovery a Gitea instance could not be used as an identity provider for other Gitea instances. This ticket was about `OpenID-2.0` for this reason (decentralization of identities)

GiteaMirror commented

@strk commented on GitHub (Jun 28, 2021):

Why was this closed ? There's no discovery implemented.

@strk commented on GitHub (Jun 28, 2021): Why was this closed ? There's no discovery implemented.

GiteaMirror commented

@6543 commented on GitHub (Jun 28, 2021):

@strk I think so: https://try.gitea.io/.well-known/openid-configuration

@6543 commented on GitHub (Jun 28, 2021): @strk I think so: https://try.gitea.io/.well-known/openid-configuration

GiteaMirror commented