OAuth userinfo empty name fallback #8817

New Issue

GiteaMirror · 2025-11-02T08:19:46-06:00

GiteaMirror commented

2025-11-02 08:19:46 -06:00

Originally created by @luwol03 on GitHub (Apr 12, 2022).

Feature Description

I tried to setup gitea as a oauth provider for my new penpot instance. However I always got errors from penpot that something is wrong (described here penpot/penpot#1802). After a while of debugging, I found out, that the empty name in the user_info response of the oauth process is causing that problems.

// GET http://myserver:3333/login/oauth/userinfo
{
    "sub": "2",
    "name": "",
    "preferred_username": "user1",
    "email": "user1@gmail.com",
    "picture": "http://myserver:3333/avatar/XXXXXXXXXXXXXXXXXX",
    "groups": null
}

However I feel like returning the value of preferred_username in the name field instead of an empty name (which can cause many issues) would be a good choice.

Screenshots

No response

Originally created by @luwol03 on GitHub (Apr 12, 2022). ### Feature Description I tried to setup gitea as a oauth provider for my new penpot instance. However I always got errors from penpot that something is wrong (described here penpot/penpot#1802). After a while of debugging, I found out, that the empty name in the `user_info` response of the oauth process is causing that problems. ```js // GET http://myserver:3333/login/oauth/userinfo { "sub": "2", "name": "", "preferred_username": "user1", "email": "user1@gmail.com", "picture": "http://myserver:3333/avatar/XXXXXXXXXXXXXXXXXX", "groups": null } ``` However I feel like returning the value of `preferred_username` in the name field instead of an empty name (which can cause many issues) would be a good choice. ### Screenshots _No response_

GiteaMirror added the hacktoberfest type/feature type/proposal good first issue labels 2025-11-02 08:19:46 -06:00

GiteaMirror closed this issue

2025-11-02 08:19:46 -06:00

GiteaMirror commented

2025-11-02 08:19:47 -06:00

@wxiaoguang commented on GitHub (Apr 12, 2022):

FYI:

preferred_username	String	The primary username that represents the user. It could be an email address, phone number, or a generic username without a specified format. Its value is mutable and might change over time. Since it is mutable, this value must not be used to make authorization decisions. It can be used for username hints, however, and in human-readable UI as a username. The profile scope is required in order to receive this claim. Present only in v2.0 tokens.
name	String	The name claim provides a human-readable value that identifies the subject of the token. The value isn't guaranteed to be unique, it can be changed, and it's designed to be used only for display purposes. The profile scope is required to receive this claim.

And the fix could be easy:
change the Name: ctx.Doer.FullName, to Name: ctx.Doer.GetDisplayName(), in auth/oauth.go.

@wxiaoguang commented on GitHub (Apr 12, 2022): FYI: preferred_username | String | The primary username that represents the user. It could be an email address, phone number, or a generic username without a specified format. Its value is mutable and might change over time. Since it is mutable, this value must not be used to make authorization decisions. It can be used for username hints, however, and in human-readable UI as a username. The profile scope is required in order to receive this claim. Present only in v2.0 tokens. -- | -- | -- name | String | The name claim provides a human-readable value that identifies the subject of the token. The value isn't guaranteed to be unique, it can be changed, and it's designed to be used only for display purposes. The profile scope is required to receive this claim. And the fix could be easy: change the `Name: ctx.Doer.FullName,` to `Name: ctx.Doer.GetDisplayName(),` in `auth/oauth.go`.

GiteaMirror commented

2025-11-02 08:19:48 -06:00

@luwol03 commented on GitHub (Apr 12, 2022):

I suppose that the function returns the username but preferres the full username right?

And thank you for that table. Never knew that preferred_username could actually be any user field like username, email, ...

@luwol03 commented on GitHub (Apr 12, 2022): I suppose that the function returns the username but preferres the full username right? And thank you for that table. Never knew that preferred_username could actually be any user field like username, email, ...

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/gitea#8817