Setting to forward login page to specific provider #7774

New Issue

GiteaMirror · 2025-11-02T07:36:10-06:00

GiteaMirror commented

2025-11-02 07:36:10 -06:00

Originally created by @yoyoyonas on GitHub (Aug 29, 2021).

Gitea version (or commit ref): 1.15.0
Git version: 2.25.1
Operating system: Ubuntu 20.04
Database (use [x]):
- PostgreSQL
- MySQL
- MSSQL
- SQLite
Can you reproduce the bug at https://try.gitea.io:
- Yes (provide example URL)
- No
Log gist:

Description

I propose to add an option to directly forward the web login screen to that of one specific OAuth2 provider, without having to click on the provider link below the credential fields.
This would be very useful for setups where only one single authentication provider is used.

Originally created by @yoyoyonas on GitHub (Aug 29, 2021).   - Gitea version (or commit ref): 1.15.0 - Git version: 2.25.1 - Operating system: Ubuntu 20.04    - Database (use `[x]`): - [ ] PostgreSQL - [x] MySQL - [ ] MSSQL - [ ] SQLite - Can you reproduce the bug at https://try.gitea.io: - [ ] Yes (provide example URL) - [x] No - Log gist:    ## Description  I propose to add an option to directly forward the web login screen to that of one specific OAuth2 provider, without having to click on the provider link below the credential fields. This would be very useful for setups where only one single authentication provider is used.

GiteaMirror closed this issue

2025-11-02 07:36:11 -06:00

GiteaMirror commented

2025-11-02 07:36:11 -06:00

@zeripath commented on GitHub (Aug 30, 2021):

Wouldn't a custom template suffice?

@zeripath commented on GitHub (Aug 30, 2021): Wouldn't a custom template suffice?

GiteaMirror commented

2025-11-02 07:36:11 -06:00

@yoyoyonas commented on GitHub (Aug 31, 2021):

Tbh I am not completely aware of golang's full templating capabilities in that regard. But wouldn’t that imply to replace the credential fields on the normal login screen?
My intention was actually to forward directly to the existing login form, delivered by the web interface of the OIDC provider. To consequently have one unified login user interface for every connected service.

@yoyoyonas commented on GitHub (Aug 31, 2021): Tbh I am not completely aware of golang's full templating capabilities in that regard. But wouldn’t that imply to replace the credential fields on the normal login screen? My intention was actually to forward directly to the existing login form, delivered by the web interface of the OIDC provider. To consequently have one unified login user interface for every connected service.

GiteaMirror commented

2025-11-02 07:36:12 -06:00

@zeripath commented on GitHub (Aug 31, 2021):

Write a file custom/templates/user/auth/signin_inner.tmpl:

		{{if or (not .LinkAccountMode) (and .LinkAccountMode .LinkAccountModeSignIn)}}
		{{template "base/alert" .}}
		{{end}}
		<h4 class="ui top attached header center">
			{{if .LinkAccountMode}}
				{{.i18n.Tr "auth.oauth_signin_title"}}
			{{else}}
				{{.i18n.Tr "auth.login_userpass"}}
			{{end}}
		</h4>
		<div class="ui attached segment">
			{{if .ShowRegistrationButton}}
				<div class="inline field">
					<label></label>
					<a href="{{AppSubUrl}}/user/sign_up">{{.i18n.Tr "auth.sign_up_now" | Str2html}}</a>
				</div>
			{{end}}

			{{if and .OrderedOAuth2Names .OAuth2Providers}}
			<div class="ui attached segment">
				<div class="oauth2 center">
					<div id="oauth2-login-loader" class="ui disabled centered loader"></div>
					<div>
						<div id="oauth2-login-navigator">
							<p>{{.i18n.Tr "sign_in_with"}}</p>
							{{range $key := .OrderedOAuth2Names}}
								{{$provider := index $.OAuth2Providers $key}}
								<a href="{{AppSubUrl}}/user/oauth2/{{$key}}">
									<img
										alt="{{$provider.DisplayName}}{{if eq $provider.Name "openidConnect"}} ({{$key}}){{end}}"
										title="{{$provider.DisplayName}}{{if eq $provider.Name "openidConnect"}} ({{$key}}){{end}}"
										class="{{$provider.Name}} oauth-login-image"
										src="{{AppSubUrl}}{{$provider.Image}}"
									></a>
							{{end}}
						</div>
					</div>
				</div>
			</div>
			{{end}}
		</div>

Then you lose the db login form.

If you adjust the section {{if and .OrderedOAuth2Names .OAuth2Providers}} to only show the required OAuth2 provider option.

You can also change your navbar so that the login button instead of being a link to signin is actually just a link to:

{{AppSubUrl}}/user/oauth2/AUTH_NUMBER where AUTH_NUMBER is the provider number for your chosen oauth provider.

@zeripath commented on GitHub (Aug 31, 2021): Write a file `custom/templates/user/auth/signin_inner.tmpl`: ```handlebars {{if or (not .LinkAccountMode) (and .LinkAccountMode .LinkAccountModeSignIn)}} {{template "base/alert" .}} {{end}} <h4 class="ui top attached header center"> {{if .LinkAccountMode}} {{.i18n.Tr "auth.oauth_signin_title"}} {{else}} {{.i18n.Tr "auth.login_userpass"}} {{end}} </h4> <div class="ui attached segment"> {{if .ShowRegistrationButton}} <div class="inline field"> <label></label> <a href="{{AppSubUrl}}/user/sign_up">{{.i18n.Tr "auth.sign_up_now" | Str2html}}</a> </div> {{end}} {{if and .OrderedOAuth2Names .OAuth2Providers}} <div class="ui attached segment"> <div class="oauth2 center"> <div id="oauth2-login-loader" class="ui disabled centered loader"></div> <div> <div id="oauth2-login-navigator"> <p>{{.i18n.Tr "sign_in_with"}}</p> {{range $key := .OrderedOAuth2Names}} {{$provider := index $.OAuth2Providers $key}} <a href="{{AppSubUrl}}/user/oauth2/{{$key}}"> <img alt="{{$provider.DisplayName}}{{if eq $provider.Name "openidConnect"}} ({{$key}}){{end}}" title="{{$provider.DisplayName}}{{if eq $provider.Name "openidConnect"}} ({{$key}}){{end}}" class="{{$provider.Name}} oauth-login-image" src="{{AppSubUrl}}{{$provider.Image}}" ></a> {{end}} </div> </div> </div> </div> {{end}} </div> ``` Then you lose the db login form. If you adjust the section `{{if and .OrderedOAuth2Names .OAuth2Providers}}` to only show the required OAuth2 provider option. You can also change your navbar so that the login button instead of being a link to signin is actually just a link to: `{{AppSubUrl}}/user/oauth2/AUTH_NUMBER` where AUTH_NUMBER is the provider number for your chosen oauth provider.

GiteaMirror commented

2025-11-02 07:36:12 -06:00

@yoyoyonas commented on GitHub (Apr 5, 2022):

Sorry for my late reply and thank you @zeripath for the template. But it does not solve my request: I operate a private instance with REQUIRE_SIGNIN_VIEW = true. My intention is, that whenever a user is not logged in yet and gets redirected to the login page (via LANDING_PAGE = login), he is without interaction redirected further to the login interface of the specified OIDC provider (and in case he is already logged in to the provider, automatically logged in to Gitea).

But I now have a working solution by just letting the reverse proxy redirect /user/login to /user/oauth2/$providername. So from my point of view, this issue can be closed.

@yoyoyonas commented on GitHub (Apr 5, 2022): Sorry for my late reply and thank you @zeripath for the template. But it does not solve my request: I operate a private instance with `REQUIRE_SIGNIN_VIEW = true`. My intention is, that whenever a user is not logged in yet and gets redirected to the login page (via `LANDING_PAGE = login`), he is _without_ interaction redirected further to the login interface of the specified OIDC provider (and in case he is already logged in to the provider, automatically logged in to Gitea). But I now have a working solution by just letting the reverse proxy redirect `/user/login` to `/user/oauth2/$providername`. So from my point of view, this issue can be closed.

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/gitea#7774