Cannot connect gitea with drones, bad request #8313

New Issue

GiteaMirror · 2025-11-02T08:01:59-06:00

GiteaMirror commented

2025-11-02 08:01:59 -06:00

Originally created by @deepio on GitHub (Jan 3, 2022).

Gitea Version

1.15.9

Git Version

No response

Operating System

No response

How are you running Gitea?

I'm using gitea/gitea:latest image on a k3s cluster running ARM64 and the same with drones. Has a regression occurred?
I have hostAliases declared in the deployments but it seems to point to the right location.

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: gitea
  labels:
    app: gitea
spec:
  replicas: 1
  selector:
    matchLabels:
      app: gitea
  strategy:
    type: RollingUpdate
  template:
    metadata:
      labels:
        app: gitea
    spec:
      containers:
      - name: gitea
        image: gitea/gitea:latest
        imagePullPolicy: Always
        ports:
        - containerPort: 3000
          name: http
          protocol: TCP
        resources: {}
        volumeMounts:
        - name: storage-volume
          mountPath: "/data"
          subPath: ""
        env:
        - name: TZ
          value: America/Toronto
        - name: USER_UID
          value: "1000"
        - name: USER_GID
          value: "1000"
      nodeSelector:
        kubernetes.io/arch: arm64
      restartPolicy: Always
      hostAliases:
      - ip: "10.10.26.29"
        hostnames:
        - "drones.homelab.com"
        - "gitea.homelab.com"
<snip>

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: drones
  labels:
    app: drones
spec:
  replicas: 1
  selector:
    matchLabels:
      app: drones
  strategy:
    type: RollingUpdate
  template:
    metadata:
      labels:
        app: drones
    spec:
      containers:
      - name: drones
        image: drone/drone:latest
        imagePullPolicy: Always
        ports:
        - containerPort: 80
          name: http
          protocol: TCP
        resources: {}
        volumeMounts:
        - name: storage-volume
          mountPath: "/data"
          subPath: ""
        env:
        - name: DRONE_GITEA_SERVER
          value: "http://gitea.homelab.com"
        - name: DRONE_SERVER_HOST
          value: "drones.homelab.com"
        - name: DRONE_SERVER_PROTO
          value: "http"
        - name: DRONE_DATADOG_ENABLED
          value: False
        - name: "DRONE_RPC_SECRET"
          valueFrom:
            secretKeyRef:
              name: "gitea-drones"
              key: "DRONE_RPC_SECRET"
        - name: "DRONE_GITEA_CLIENT_ID"
          valueFrom:
            secretKeyRef:
              name: "gitea-drones"
              key: "DRONE_GITEA_CLIENT_ID"
        - name: "DRONE_GITEA_CLIENT_SECRET"
          valueFrom:
            secretKeyRef:
              name: "gitea-drones"
              key: "DRONE_GITEA_CLIENT_SECRET"
      restartPolicy: Always
      hostAliases:
      - ip: "10.10.26.29"
        hostnames:
        - "drones.homelab.com"
        - "gitea.homelab.com"
<snip>

This is what I see from the logs on gitea.

│ 2022/01/03 14:07:01 Started GET /login/oauth/authorize?client_id=my_secret%0A&redirect_uri=http%3A%2F%2Fdrones.homelab.com%2Flogin&response_type=code&state=8866cb397916001e for 10.42.0.1:0                                    │
│ 2022/01/03 14:07:01 ...rs/web/user/oauth.go:683:handleAuthorizeError() [W] Authorization failed: Client ID not registered                                                                                                                                  │
│ 2022/01/03 14:07:01 Completed GET /login/oauth/authorize?client_id=my_secret%0A&redirect_uri=http%3A%2F%2Fdrones.homelab.com%2Flogin&response_type=code&state=8866cb397916001e 400 Bad Request in 22.041745ms

Database

No response

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

No response

Description

I'm not sure if this is a problem with drones or a problem with gitea, the request from drones seems fine?

Screenshots

Originally created by @deepio on GitHub (Jan 3, 2022). ### Gitea Version 1.15.9 ### Git Version _No response_ ### Operating System _No response_ ### How are you running Gitea? - I'm using `gitea/gitea:latest` image on a k3s cluster running ARM64 and the same with drones. Has a regression occurred? - I have `hostAliases` declared in the deployments but it seems to point to the right location. ```yaml --- apiVersion: apps/v1 kind: Deployment metadata: name: gitea labels: app: gitea spec: replicas: 1 selector: matchLabels: app: gitea strategy: type: RollingUpdate template: metadata: labels: app: gitea spec: containers: - name: gitea image: gitea/gitea:latest imagePullPolicy: Always ports: - containerPort: 3000 name: http protocol: TCP resources: {} volumeMounts: - name: storage-volume mountPath: "/data" subPath: "" env: - name: TZ value: America/Toronto - name: USER_UID value: "1000" - name: USER_GID value: "1000" nodeSelector: kubernetes.io/arch: arm64 restartPolicy: Always hostAliases: - ip: "10.10.26.29" hostnames: - "drones.homelab.com" - "gitea.homelab.com" <snip> ``` ```yaml --- apiVersion: apps/v1 kind: Deployment metadata: name: drones labels: app: drones spec: replicas: 1 selector: matchLabels: app: drones strategy: type: RollingUpdate template: metadata: labels: app: drones spec: containers: - name: drones image: drone/drone:latest imagePullPolicy: Always ports: - containerPort: 80 name: http protocol: TCP resources: {} volumeMounts: - name: storage-volume mountPath: "/data" subPath: "" env: - name: DRONE_GITEA_SERVER value: "http://gitea.homelab.com" - name: DRONE_SERVER_HOST value: "drones.homelab.com" - name: DRONE_SERVER_PROTO value: "http" - name: DRONE_DATADOG_ENABLED value: False - name: "DRONE_RPC_SECRET" valueFrom: secretKeyRef: name: "gitea-drones" key: "DRONE_RPC_SECRET" - name: "DRONE_GITEA_CLIENT_ID" valueFrom: secretKeyRef: name: "gitea-drones" key: "DRONE_GITEA_CLIENT_ID" - name: "DRONE_GITEA_CLIENT_SECRET" valueFrom: secretKeyRef: name: "gitea-drones" key: "DRONE_GITEA_CLIENT_SECRET" restartPolicy: Always hostAliases: - ip: "10.10.26.29" hostnames: - "drones.homelab.com" - "gitea.homelab.com" <snip> ``` This is what I see from the logs on gitea. ``` │ 2022/01/03 14:07:01 Started GET /login/oauth/authorize?client_id=my_secret%0A&redirect_uri=http%3A%2F%2Fdrones.homelab.com%2Flogin&response_type=code&state=8866cb397916001e for 10.42.0.1:0 │ │ 2022/01/03 14:07:01 ...rs/web/user/oauth.go:683:handleAuthorizeError() [W] Authorization failed: Client ID not registered │ │ 2022/01/03 14:07:01 Completed GET /login/oauth/authorize?client_id=my_secret%0A&redirect_uri=http%3A%2F%2Fdrones.homelab.com%2Flogin&response_type=code&state=8866cb397916001e 400 Bad Request in 22.041745ms ``` ### Database _No response_ ### Can you reproduce the bug on the Gitea demo site? No ### Log Gist _No response_ ### Description I'm not sure if this is a problem with drones or a problem with gitea, the request from drones seems fine? ### Screenshots <img width="1036" alt="edited" src="https://user-images.githubusercontent.com/28245482/147972120-28a14cda-1263-451d-ad78-fafeb1f91d15.png">

GiteaMirror added the issue/needs-feedback label 2025-11-02 08:01:59 -06:00

GiteaMirror closed this issue

2025-11-02 08:01:59 -06:00

GiteaMirror commented

2025-11-02 08:02:00 -06:00

@techknowlogick commented on GitHub (Jan 4, 2022):

A tip: It is recommended that you use the helm chart for installing Gitea on kubernetes https://gitea.com/gitea/helm-chart/

In your logs, I'm guessing you redacted them, but where it says client_id you have it listed as "my_secret", that is supposed to be the client ID, not the secret. We'd need you to also confirm that oauth is not working with any application, and not just that it isn't working with Drone.

Additional information would also be helpful, such as which version did you upgrade from, etc.. would also be helpful.

@techknowlogick commented on GitHub (Jan 4, 2022): A tip: It is recommended that you use the helm chart for installing Gitea on kubernetes https://gitea.com/gitea/helm-chart/ In your logs, I'm guessing you redacted them, but where it says client_id you have it listed as "my_secret", that is supposed to be the client ID, not the secret. We'd need you to also confirm that oauth is not working with any application, and not just that it isn't working with Drone. Additional information would also be helpful, such as which version did you upgrade from, etc.. would also be helpful.

GiteaMirror commented

2025-11-02 08:02:00 -06:00

@deepio commented on GitHub (Jan 4, 2022):

That's right, I replaced my_secret with the uuid that was there before. It's the same uuid as the one I put a red block over in the screenshot. I would rather not use helm if I can. I didn't upgrade from any version, this is a brand new deployment moving over from gitlab so it's entirely likely that the OAuth2 is not setup correctly. I can use my deployment of Gitea as the Oauth2 provider, correct?

@deepio commented on GitHub (Jan 4, 2022): That's right, I replaced my_secret with the uuid that was there before. It's the same uuid as the one I put a red block over in the screenshot. I would rather not use helm if I can. I didn't upgrade from any version, this is a brand new deployment moving over from gitlab so it's entirely likely that the OAuth2 is not setup correctly. I can use my deployment of Gitea as the Oauth2 provider, correct?

GiteaMirror commented

2025-11-02 08:02:00 -06:00

@deepio commented on GitHub (Jan 4, 2022):

Failing forward, drone appears to be adding a %0A after the client id and I get a Unregistered Redirect URI error when I manually send the same request because of the csrf. If I remove the state the request goes through so this appears to be a problem in gitea configuration or in drones. Should I leave the issue open until I figure out which and post the solution for the next person who tries this?

@deepio commented on GitHub (Jan 4, 2022): Failing forward, drone appears to be adding a `%0A` after the client id and I get a `Unregistered Redirect URI` error when I manually send the same request because of the csrf. If I remove the state the request goes through so this appears to be a problem in gitea configuration or in drones. Should I leave the issue open until I figure out which and post the solution for the next person who tries this?

GiteaMirror commented

2025-11-02 08:02:00 -06:00

@techknowlogick commented on GitHub (Jan 4, 2022):

As drone is adding additional information to the URL then that is an issue with Drone. Likely due to how the secret is being read into the container, but I'd recommend discussing it with them. As for now I will close this ticket.

Bon soir 🌙

@techknowlogick commented on GitHub (Jan 4, 2022): As drone is adding additional information to the URL then that is an issue with Drone. Likely due to how the secret is being read into the container, but I'd recommend discussing it with them. As for now I will close this ticket. Bon soir 🌙

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/gitea#8313