github-starred/gitea
2
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-03-12 02:24:21 -05:00
Code Issues 2.6k Packages Projects Releases 100 Wiki Activity

http error 500 when trying to link accounts via oauth #8960

New Issue
Closed
opened 2025-11-02 08:24:08 -06:00 by GiteaMirror · 14 comments
GiteaMirror commented 2025-11-02 08:24:08 -06:00
Owner
Copy Link

Originally created by @Mai-Lapyst on GitHub (May 15, 2022).

Description

Steps to reproduce:

  • Setup an OAuth2 authentication source for gitlab
    • Type: OAuth2
    • Name: gitlab
    • Type: GitLab
    • Set custom URLs
  • Setup an OAUth Application in gitlab (tested via Instance-Wide Application)
    • Scopes: read_api, read_user, profile, email
    • Set as Trusted & Confidential
    • Add the url https://<your gitea domain>/user/oauth2/gitlab/callback as allowed redirect
  • Try to login using the provider via the Login Screen of your instance.
    At first it will redirect correctly to gitlab, but when returning to gitea, the user is shown an error 500.

Log Output (Debug):

Mai 15 17:49:59 gitea gitea[55669]: 2022/05/15 17:49:59 Started GET /user/oauth2/gitlab for 127.0.0.1:46492
Mai 15 17:49:59 gitea gitea[55669]: 2022/05/15 17:49:59 Completed GET /user/oauth2/gitlab 307 Temporary Redirect in 48.576997ms
Mai 15 17:50:00 gitea gitea[55669]: 2022/05/15 17:50:00 Started GET /user/oauth2/gitlab/callback?code=REDACTED&state=REDACTED for 127.0.0.1:46494
Mai 15 17:50:00 gitea gitea[55669]: 2022/05/15 17:50:00 ...rs/web/auth/oauth.go:849:SignInOAuthCallback() [E] UserSignIn: could not find a matching session for this request
Mai 15 17:50:00 gitea gitea[55669]: 2022/05/15 17:50:00 ...s/context/context.go:204:HTML() [D] Template: status/500
Mai 15 17:50:00 gitea gitea[55669]: 2022/05/15 17:50:00 Completed GET /user/oauth2/gitlab/callback?code=REDACTED&state=REDACTED 500 Internal Server Error in 11.231758ms

Gitea Version

1.16.7, 1.16.8

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

No response

Screenshots

No response

Git Version

No response

Operating System

linux

How are you running Gitea?

Via the offical binary: https://docs.gitea.io/en-us/install-from-binary/

Database

MySQL

Originally created by @Mai-Lapyst on GitHub (May 15, 2022). ### Description Steps to reproduce: - Setup an OAuth2 authentication source for gitlab - Type: OAuth2 - Name: `gitlab` - Type: GitLab - Set custom URLs - Setup an OAUth Application in gitlab (tested via Instance-Wide Application) - Scopes: read_api, read_user, profile, email - Set as Trusted & Confidential - Add the url `https://<your gitea domain>/user/oauth2/gitlab/callback` as allowed redirect - Try to login using the provider via the Login Screen of your instance. At first it will redirect correctly to gitlab, but when returning to gitea, the user is shown an error 500. Log Output (Debug): ``` Mai 15 17:49:59 gitea gitea[55669]: 2022/05/15 17:49:59 Started GET /user/oauth2/gitlab for 127.0.0.1:46492 Mai 15 17:49:59 gitea gitea[55669]: 2022/05/15 17:49:59 Completed GET /user/oauth2/gitlab 307 Temporary Redirect in 48.576997ms Mai 15 17:50:00 gitea gitea[55669]: 2022/05/15 17:50:00 Started GET /user/oauth2/gitlab/callback?code=REDACTED&state=REDACTED for 127.0.0.1:46494 Mai 15 17:50:00 gitea gitea[55669]: 2022/05/15 17:50:00 ...rs/web/auth/oauth.go:849:SignInOAuthCallback() [E] UserSignIn: could not find a matching session for this request Mai 15 17:50:00 gitea gitea[55669]: 2022/05/15 17:50:00 ...s/context/context.go:204:HTML() [D] Template: status/500 Mai 15 17:50:00 gitea gitea[55669]: 2022/05/15 17:50:00 Completed GET /user/oauth2/gitlab/callback?code=REDACTED&state=REDACTED 500 Internal Server Error in 11.231758ms ``` ### Gitea Version 1.16.7, 1.16.8 ### Can you reproduce the bug on the Gitea demo site? No ### Log Gist _No response_ ### Screenshots _No response_ ### Git Version _No response_ ### Operating System linux ### How are you running Gitea? Via the offical binary: https://docs.gitea.io/en-us/install-from-binary/ ### Database MySQL
GiteaMirror added the type/bug label 2025-11-02 08:24:08 -06:00
GiteaMirror commented 2025-11-02 08:24:09 -06:00
Author
Owner
Copy Link

@cdlm commented on GitHub (May 17, 2022):

I'm getting http 500 as well with 1.16.8, just trying to log in with 2FA.
edit: that was on iOS, but I don't see the problem anymore…

@cdlm commented on GitHub (May 17, 2022): I'm getting http 500 as well with 1.16.8, just trying to log in with 2FA. **edit:** that was on iOS, but I don't see the problem anymore…
GiteaMirror commented 2025-11-02 08:24:09 -06:00
Author
Owner
Copy Link

@fgma commented on GitHub (Jun 26, 2022):

I'm also having the same issue. Running gitea and authentik as oauth2 provider using latest official docker images. Currently this is gitea v1.17.0-rc1 and authentik 2022.6.3.

When trying to login I end up with error 500 in the frontend and the following log entry:

router: completed GET /user/oauth2/oauth2authentik/callback?code=[redacted] for 172.20.0.5:55112, 500 Internal Server Error in 6217.0ms @ auth/oauth.go:808(auth.SignInOAuthCallback)

@fgma commented on GitHub (Jun 26, 2022): I'm also having the same issue. Running gitea and authentik as oauth2 provider using latest official docker images. Currently this is gitea v1.17.0-rc1 and authentik 2022.6.3. When trying to login I end up with error 500 in the frontend and the following log entry: `router: completed GET /user/oauth2/oauth2authentik/callback?code=[redacted] for 172.20.0.5:55112, 500 Internal Server Error in 6217.0ms @ auth/oauth.go:808(auth.SignInOAuthCallback)`
GiteaMirror commented 2025-11-02 08:24:09 -06:00
Author
Owner
Copy Link

@C-EO commented on GitHub (Jun 28, 2022):

I get the same issue too.
Gitea Version : v.1.17.0-rc1

@C-EO commented on GitHub (Jun 28, 2022): I get the same issue too. Gitea Version : v.1.17.0-rc1
GiteaMirror commented 2025-11-02 08:24:09 -06:00
Author
Owner
Copy Link

@bat553 commented on GitHub (Jul 8, 2022):

Same issue too.
Docker version of Gitea 1.16.8

Response: {"error":"invalid_grant","error_description":"Code not valid"}

@bat553 commented on GitHub (Jul 8, 2022): Same issue too. Docker version of Gitea 1.16.8 `Response: {"error":"invalid_grant","error_description":"Code not valid"}`
GiteaMirror commented 2025-11-02 08:24:09 -06:00
Author
Owner
Copy Link

@revolunet commented on GitHub (Jul 31, 2022):

anyone resolved this ?

@revolunet commented on GitHub (Jul 31, 2022): anyone resolved this ?
GiteaMirror commented 2025-11-02 08:24:09 -06:00
Author
Owner
Copy Link

@lunny commented on GitHub (Aug 22, 2022):

Is it random or always?

@lunny commented on GitHub (Aug 22, 2022): Is it random or always?
GiteaMirror commented 2025-11-02 08:24:09 -06:00
Author
Owner
Copy Link

@C-EO commented on GitHub (Aug 27, 2022):

I might have found a solution.

But did you guys read the instructions when creating the oauths in the
admin dashboard?

Might work if you try to follow everything.

Comment for more help.

On Monday, August 22, 2022, Lunny Xiao @.***> wrote:

Is it random or always?


Reply to this email directly, view it on GitHub
https://github.com/go-gitea/gitea/issues/19715#issuecomment-1221752657,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/AUO62OHWKSIHARKURRJQG3DV2LXLRANCNFSM5V7IVDKQ
.
You are receiving this because you commented.Message ID:
@.***>

@C-EO commented on GitHub (Aug 27, 2022): I might have found a solution. But did you guys read the instructions when creating the oauths in the admin dashboard? Might work if you try to follow everything. Comment for more help. On Monday, August 22, 2022, Lunny Xiao ***@***.***> wrote: > Is it random or always? > > — > Reply to this email directly, view it on GitHub > <https://github.com/go-gitea/gitea/issues/19715#issuecomment-1221752657>, > or unsubscribe > <https://github.com/notifications/unsubscribe-auth/AUO62OHWKSIHARKURRJQG3DV2LXLRANCNFSM5V7IVDKQ> > . > You are receiving this because you commented.Message ID: > ***@***.***> >
GiteaMirror commented 2025-11-02 08:24:10 -06:00
Author
Owner
Copy Link

@C-EO commented on GitHub (Aug 28, 2022):

It might just be random
Although some guys might experience it always.

On Saturday, August 27, 2022, Dennis Sebalemba @.***>
wrote:

I might have found a solution.

But did you guys read the instructions when creating the oauths in the
admin dashboard?

Might work if you try to follow everything.

Comment for more help.

On Monday, August 22, 2022, Lunny Xiao @.***> wrote:

Is it random or always?


Reply to this email directly, view it on GitHub
<https://github.com/go-gitea/gitea/issues/19715#issuecomment-1221752657
,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/
AUO62OHWKSIHARKURRJQG3DV2LXLRANCNFSM5V7IVDKQ>
.
You are receiving this because you commented.Message ID:
@.***>


Reply to this email directly, view it on GitHub
https://github.com/go-gitea/gitea/issues/19715#issuecomment-1229253327,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/AUO62OE3VHUX5OGPBRK34VLV3JUULANCNFSM5V7IVDKQ
.
You are receiving this because you are subscribed to this thread.Message
ID: @.***>

@C-EO commented on GitHub (Aug 28, 2022): It might just be random Although some guys might experience it always. On Saturday, August 27, 2022, Dennis Sebalemba ***@***.***> wrote: > I might have found a solution. > > But did you guys read the instructions when creating the oauths in the > admin dashboard? > > Might work if you try to follow everything. > > Comment for more help. > > On Monday, August 22, 2022, Lunny Xiao ***@***.***> wrote: > > > Is it random or always? > > > > — > > Reply to this email directly, view it on GitHub > > <https://github.com/go-gitea/gitea/issues/19715#issuecomment-1221752657 > >, > > or unsubscribe > > <https://github.com/notifications/unsubscribe-auth/ > AUO62OHWKSIHARKURRJQG3DV2LXLRANCNFSM5V7IVDKQ> > > . > > You are receiving this because you commented.Message ID: > > ***@***.***> > > > > — > Reply to this email directly, view it on GitHub > <https://github.com/go-gitea/gitea/issues/19715#issuecomment-1229253327>, > or unsubscribe > <https://github.com/notifications/unsubscribe-auth/AUO62OE3VHUX5OGPBRK34VLV3JUULANCNFSM5V7IVDKQ> > . > You are receiving this because you are subscribed to this thread.Message > ID: ***@***.***> >
GiteaMirror commented 2025-11-02 08:24:10 -06:00
Author
Owner
Copy Link

@Mai-Lapyst commented on GitHub (Aug 31, 2022):

Tested it again with fresh installs of 1.16.7 - 1.16.9 & 1.17.1 and now all versions just do fine.

I guess it's really just either an random bug or some sort of miss-configuration.

One thing I found out though is that you need to name the source "gitlab" when trying to use gitlab as oauth provider, otherwise it wont work for some reason.

Also as a help for others: I noticed that some fields are not properly trimmed on save, but only when you edit it in the frontend. Save it again and the value is properly trimmed. (#21005)

@Mai-Lapyst commented on GitHub (Aug 31, 2022): Tested it again with fresh installs of 1.16.7 - 1.16.9 & 1.17.1 and now all versions just do fine. I guess it's really just either an random bug or some sort of miss-configuration. One thing I found out though is that you **need** to name the source "gitlab" when trying to use gitlab as oauth provider, otherwise it wont work for some reason. Also as a help for others: I noticed that some fields are not properly trimmed on save, but only when you edit it in the frontend. Save it again and the value is properly trimmed. (#21005)
GiteaMirror commented 2025-11-02 08:24:10 -06:00
Author
Owner
Copy Link

@zeripath commented on GitHub (Sep 1, 2022):

I think this is likely due to some timing issue in that the requests have been interleaved in some odd way.

I'm just not sure how we'd go about chasing this problem down more clearly as it appears strangely intermittent and random which makes creating a test case almost impossible.

@zeripath commented on GitHub (Sep 1, 2022): I think this is likely due to some timing issue in that the requests have been interleaved in some odd way. I'm just not sure how we'd go about chasing this problem down more clearly as it appears strangely intermittent and random which makes creating a test case almost impossible.
GiteaMirror commented 2025-11-02 08:24:10 -06:00
Author
Owner
Copy Link

@ewo2022 commented on GitHub (Sep 19, 2022):

Get a similar error when trying to connect our keycloak cluster with gitea. I can not even configure OAuth. I get directly an internal server error. Sadly without any meaningful error message.

Maybe the access token does not have the right authorities? Which authorities does gitea (OAuth OpenID Connect) expect?

Does gitea search for the URLs provided here: https://docs.gitea.io/en-us/oauth2-provider/
Keycloak provides /.well-known/openid-configuration but all other endpoints are localed somewhere else.

v: 1.17.2 running as a pod in k8s

UPDATE:
Sorry, now it running. My fault. Wrong configuration of a Networkpolicy. So make sure your gitea server is allowed to connect to your idm.

@ewo2022 commented on GitHub (Sep 19, 2022): Get a similar error when trying to connect our keycloak cluster with gitea. I can not even configure OAuth. I get directly an internal server error. Sadly without any meaningful error message. Maybe the access token does not have the right authorities? Which authorities does gitea (OAuth OpenID Connect) expect? Does gitea search for the URLs provided here: https://docs.gitea.io/en-us/oauth2-provider/ Keycloak provides /.well-known/openid-configuration but all other endpoints are localed somewhere else. v: 1.17.2 running as a pod in k8s UPDATE: Sorry, now it running. My fault. Wrong configuration of a Networkpolicy. So make sure your gitea server is allowed to connect to your idm.
GiteaMirror commented 2025-11-02 08:24:11 -06:00
Author
Owner
Copy Link

@sebw commented on GitHub (Jan 7, 2023):

Ran into an error 500 while trying to configure gitea with authentik.

Turns out I made a mistake in the slug in the auto discovery URL.

Throwing an error 500 instead of say a 404 make you look for more serious problems.

@sebw commented on GitHub (Jan 7, 2023): Ran into an error 500 while trying to configure gitea with authentik. Turns out I made a mistake in the slug in the auto discovery URL. Throwing an error 500 instead of say a 404 make you look for more serious problems.
GiteaMirror commented 2025-11-02 08:24:11 -06:00
Author
Owner
Copy Link

@C-EO commented on GitHub (Feb 11, 2023):

Tested it again with fresh installs of 1.16.7 - 1.16.9 & 1.17.1 and now all versions just do fine.

I guess it's really just either an random bug or some sort of miss-configuration.

One thing I found out though is that you need to name the source "gitlab" when trying to use gitlab as oauth provider, otherwise it wont work for some reason.

Also as a help for others: I noticed that some fields are not properly trimmed on save, but only when you edit it in the frontend. Save it again and the value is properly trimmed. (#21005)

You actually need to name your OAuth login the same as the url.

Scenarios:
If we could say gitlab begins with "g" then in the callback URL it should begin with "g":

example:
https://<your gitea domain>/user/oauth2/gitlab/callback

If it begins with "G" then the callback URL should have it in uppercase too:

example:
https://<your gitea domain>/user/oauth2/Gitlab/callback

@C-EO commented on GitHub (Feb 11, 2023): > Tested it again with fresh installs of 1.16.7 - 1.16.9 & 1.17.1 and now all versions just do fine. > > I guess it's really just either an random bug or some sort of miss-configuration. > > One thing I found out though is that you **need** to name the source "gitlab" when trying to use gitlab as oauth provider, otherwise it wont work for some reason. > > Also as a help for others: I noticed that some fields are not properly trimmed on save, but only when you edit it in the frontend. Save it again and the value is properly trimmed. (#21005) You actually need to name your OAuth login the same as the url. Scenarios: If we could say `gitlab` begins with "g" then in the callback URL it should begin with "g": example: `https://<your gitea domain>/user/oauth2/gitlab/callback` If it begins with "G" then the callback URL should have it in uppercase too: example: `https://<your gitea domain>/user/oauth2/Gitlab/callback`
GiteaMirror commented 2025-11-02 08:24:11 -06:00
Author
Owner
Copy Link

@wxiaoguang commented on GitHub (Apr 26, 2023):

In most cases, it's caused by this problem:

https://github.com/go-gitea/gitea/issues/23936

@wxiaoguang commented on GitHub (Apr 26, 2023): In most cases, it's caused by this problem: https://github.com/go-gitea/gitea/issues/23936
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
$20
$250
$50
$500
backport/done
💎 Bounty
docs-update-needed
good first issue
hacktoberfest
issue/bounty
issue/confirmed
issue/critical
issue/duplicate
issue/needs-feedback
issue/not-a-bug
issue/regression
issue/stale
issue/workaround
lgtm/need 2
modifies/api
modifies/translation
outdated/backport/v1.18
outdated/theme/markdown
outdated/theme/timetracker
performance/bigrepo
performance/cpu
performance/memory
performance/speed
pr/breaking
proposal/accepted
proposal/rejected
pr/wip
pull-request
Mirrored from GitHub Pull Request
 reviewed/wontfix
💰 Rewarded
skip-changelog
status/blocked
topic/accessibility
topic/api
topic/authentication
topic/build
topic/code-linting
topic/commit-signing
topic/content-rendering
topic/deployment
topic/distribution
topic/federation
topic/gitea-actions
topic/issues
topic/lfs
topic/mobile
topic/moderation
topic/packages
topic/pr
topic/projects
topic/repo
topic/repo-migration
topic/security
topic/theme
topic/ui
topic/ui-interaction
topic/ux
topic/webhooks
topic/wiki
type/bug
type/deprecation
type/docs
type/enhancement
type/feature
type/miscellaneous
type/proposal
type/question
type/refactoring
type/summary
type/testing
type/upstream
No Label type/bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/gitea#8960
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?