Support mailcow as oauth provider #5831

New Issue

GiteaMirror · 2025-11-02T06:37:15-06:00

GiteaMirror commented

2025-11-02 06:37:15 -06:00

Originally created by @thisni1s on GitHub (Aug 5, 2020).

Gitea version (or commit ref): 1.13.0
Git version: -
Operating system: Debian 10
Database (use [x]):
- PostgreSQL
- MySQL
- MSSQL
- SQLite
Can you reproduce the bug at https://try.gitea.io:
- Yes (provide example URL)
- No
- Not relevant
Log gist:

Description

I tried getting Gitea to authenticate against a Mailcow OAuth Server and encountered the following strange problem:
The instance has no user registered besides the admin user. When I try to register the first real user everything works fine, i can login to my Mailcow account and grant Gitea access. After that i am asked to enter a username and email address for Gitea, which i enter and press register. I can then use Gitea.

Now the problem comes when i try to register the second user. Everything seems to work fine also, but after granting Gitea access to my account i am taken straight to the dashboard without entering a username or email adress. AND i am for whatever reason logged in as the first User! I can even create repos etc.

I don't think that this is expected behavior even if Mailcow isnt an officially supported OAuth Provider

Originally created by @thisni1s on GitHub (Aug 5, 2020).   - Gitea version (or commit ref): 1.13.0 - Git version: - - Operating system: Debian 10 - Database (use `[x]`): - [x] PostgreSQL - [ ] MySQL - [ ] MSSQL - [ ] SQLite - Can you reproduce the bug at https://try.gitea.io: - [ ] Yes (provide example URL) - [x] No - [ ] Not relevant - Log gist: ## Description I tried getting Gitea to authenticate against a Mailcow OAuth Server and encountered the following strange problem: The instance has no user registered besides the admin user. When I try to register the first real user everything works fine, i can login to my Mailcow account and grant Gitea access. After that i am asked to enter a username and email address for Gitea, which i enter and press register. I can then use Gitea. Now the problem comes when i try to register the second user. Everything seems to work fine also, but after granting Gitea access to my account i am taken straight to the dashboard without entering a username or email adress. AND i am for whatever reason logged in as the first User! I can even create repos etc. I don't think that this is expected behavior even if Mailcow isnt an officially supported OAuth Provider

GiteaMirror added the type/proposal type/upstream labels 2025-11-02 06:37:15 -06:00

GiteaMirror closed this issue

2025-11-02 06:37:15 -06:00

GiteaMirror commented

2025-11-02 06:37:17 -06:00

@techknowlogick commented on GitHub (Aug 5, 2020):

What provider did you tell Gitea that Mailcow was?

@techknowlogick commented on GitHub (Aug 5, 2020): What provider did you tell Gitea that Mailcow was?

GiteaMirror commented

2025-11-02 06:37:17 -06:00

@thisni1s commented on GitHub (Aug 5, 2020):

I tried Gitea and Nextcloud as Providers, with custom URLs of course

@thisni1s commented on GitHub (Aug 5, 2020): I tried Gitea and Nextcloud as Providers, with custom URLs of course

GiteaMirror commented

2025-11-02 06:37:17 -06:00

@lafriks commented on GitHub (Aug 5, 2020):

What info does mailcow token contains?

@lafriks commented on GitHub (Aug 5, 2020): What info does mailcow token contains?

GiteaMirror commented

2025-11-02 06:37:17 -06:00

@thisni1s commented on GitHub (Aug 5, 2020):

First an authorization code is attached to the redirect url like this:
https://myredirecturi.com/cb?code=yourcode&state=xyz

Then you can request an access token i.e. with curl
curl -X POST -H "Content-Type: application/x-www-form-urlencoded" -d "grant_type=authorization_code&code=yourcode&redirect_uri=https://example.com/oauth/callback&client_id=youclientid&client_secret=yoursecret" https://mail.example.com/oauth/token

Mailcow will answer with an access token:
{"access_token":"abctokenabc","expires_in":86400,"token_type":"Bearer","scope":"profile","refresh_token":"abcrefreshtokenabc"}

Then you can get the user info from /oauth/profile and the access token as Bearer token. Mailcow will answer with:

{
"success": true,
"username": "test@example.com",
"identifier": "test@example.com",
"email": "test@example.com",
"full_name": "test",
"displayName": "test",
"created": "2020-06-29 15:15:30",
"modified": "2020-08-04 23:36:53",
"active": 1
}

I however noticed, that the answer has text/html as content type and not application/json and appending ?format=json like you do in the nextcloud queries does not work.

Also this is the OAuth library used by mailcow: oauth2-server-php

@thisni1s commented on GitHub (Aug 5, 2020): First an authorization code is attached to the redirect url like this: https://myredirecturi.com/cb?code=yourcode&state=xyz Then you can request an access token i.e. with curl ``curl -X POST -H "Content-Type: application/x-www-form-urlencoded" -d "grant_type=authorization_code&code=yourcode&redirect_uri=https://example.com/oauth/callback&client_id=youclientid&client_secret=yoursecret" https://mail.example.com/oauth/token `` Mailcow will answer with an access token: {"access_token":"abctokenabc","expires_in":86400,"token_type":"Bearer","scope":"profile","refresh_token":"abcrefreshtokenabc"} Then you can get the user info from /oauth/profile and the access token as Bearer token. Mailcow will answer with: { "success": true, "username": "test@example.com", "identifier": "test@example.com", "email": "test@example.com", "full_name": "test", "displayName": "test", "created": "2020-06-29 15:15:30", "modified": "2020-08-04 23:36:53", "active": 1 } I however noticed, that the answer has ``text/html`` as content type and not ``application/json`` and appending ``?format=json`` like you do in the nextcloud queries does not work. Also this is the OAuth library used by mailcow: [oauth2-server-php](https://github.com/bshaffer/oauth2-server-php)

GiteaMirror commented

2025-11-02 06:37:18 -06:00

@techknowlogick commented on GitHub (Aug 6, 2020):

as there are two issues present here, 1. supporting mailcow, and 2. logging into the wrong account, before we go down the rabbit hole of "lets debug a non-supported provider" lets first confirm the broken behaviour in a working provider. @NilsKempen are you able to confirm this behaviour with Github as a provider (or another provider known to work).

@techknowlogick commented on GitHub (Aug 6, 2020): as there are two issues present here, 1. supporting mailcow, and 2. logging into the wrong account, before we go down the rabbit hole of "lets debug a non-supported provider" lets first confirm the broken behaviour in a working provider. @NilsKempen are you able to confirm this behaviour with Github as a provider (or another provider known to work).

GiteaMirror commented

2025-11-02 06:37:19 -06:00

@thisni1s commented on GitHub (Aug 6, 2020):

No, i just tried Github and Google and both seem top work fine.

@thisni1s commented on GitHub (Aug 6, 2020): No, i just tried Github and Google and both seem top work fine.

GiteaMirror commented

2025-11-02 06:37:19 -06:00

@techknowlogick commented on GitHub (Aug 13, 2020):

I will change this to just the first issue then of supporting mailcow in that case.

@techknowlogick commented on GitHub (Aug 13, 2020): I will change this to just the first issue then of supporting mailcow in that case.

GiteaMirror commented

2025-11-02 06:37:20 -06:00

@6543 commented on GitHub (Nov 21, 2020):

@NilsKempen would be nice if you could open an issue at https://github.com/markbates/goth/issues/new

@6543 commented on GitHub (Nov 21, 2020): @NilsKempen would be nice if you could open an issue at https://github.com/markbates/goth/issues/new

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/gitea#5831