Gitea: Implement well known OpenID Configuration

Created on 1 Nov 2019  路  11Comments  路  Source: go-gitea/gitea

Description

The PR #5378 initially implemented the OAuth2 provider. I love the idea to have gitea as my SSO provider :-)
However, it seems like the .well-known/... endpoints are missing. This is also stated in the PR, "_will be implemented in another PR_".
I'm trying to get ArgoCD to work (see this), and it seems like it tries to connect to https://<server>/ .well-known/openid-configuration, which does not exist and returns a 401.

I guess this goes into the same direction as https://github.com/go-gitea/gitea/issues/8534.

Would be cool if gitea had support for that as well!

Edit: More info on the endpoint can be found here

kinproposal
Source
picture tommyknows
👍3

Most helpful comment

I have started implementing it

picture lafriks on 5 Nov 2019
👍7

All 11 comments

I think that's the part of OpenID provider standard but gitea doesn't implement.

lunny picture lunny on 2 Nov 2019

Yes. Interestingly, there is a reference to this endpoint here: https://github.com/go-gitea/gitea/blob/232340f5e3ebe61787021bebea01fd755513c72b/options/locale/locale_en-US.ini#L1772

Sadly I don't think it is relevant at all 馃檪

tommyknows picture tommyknows on 2 Nov 2019

I have started implementing it

lafriks picture lafriks on 5 Nov 2019
👍7

@lafriks Glad to see someone is working on it! Any news when we can except this feature to be merged? Thanks a lot!

josipradic picture josipradic on 8 Jan 2020

I'm planning to finish it for 1.12

lafriks picture lafriks on 9 Jan 2020
🚀4

How would this work when Gitea is running in a subpath (ie, example.com/gitea/)? I'm thinking we could probably put in docs that it isn't supported for for subpath installations (because .well-known has to be served from root path)

techknowlogick picture techknowlogick on 9 Jan 2020

@techknowlogick that is not true, it is supported to have it also in subpath

lafriks picture lafriks on 9 Jan 2020

Hi there. I've been researching about OpenID Connect because I'm really interested in centralize auth credentials in gitea for our dev team.

I still don't fully undertand OIDC but correct me if I'm wrong. Would it be possible to implement my own ./well-known/openid-configuration if I write it and serve it statically from my http proxy before the request hits Gitea?

As far as I understand, that file is some sort of mapper of the available oauth endpoints and grant types, right?

mnavarrocarter picture mnavarrocarter on 9 Jul 2020

any news update?

v7lin picture v7lin on 26 Aug 2020

AFAIC this works already?

pat-s picture pat-s on 18 Oct 2020

AFAIC this works already?

No, still missing userinfo endpoint.

sikmir picture sikmir on 18 Oct 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

tuxfanou picture tuxfanou  路  3Comments
mirhec picture mirhec  路  3Comments
jonasfranz picture jonasfranz  路  3Comments
thehowl picture thehowl  路  3Comments
jorise7 picture jorise7  路  3Comments