Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Integrate an OAuth2 provider #27

Closed
tboerger opened this issue Nov 3, 2016 · 44 comments · Fixed by #5378
Closed

Integrate an OAuth2 provider #27

tboerger opened this issue Nov 3, 2016 · 44 comments · Fixed by #5378
Labels
issue/confirmed Issue has been reviewed and confirmed to be present or accepted to be implemented type/feature Completely new functionality. Can only be merged if feature freeze is not active.
Milestone

Comments

@tboerger
Copy link
Member

tboerger commented Nov 3, 2016

To make it easier for other applications to hook into Gitea we should integrate an OAuth2 provider, that way tools like Drone CI can authenticate against Gitea much easier. A good library for that can be https://github.com/RangelReale/osin.


Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.

@tboerger tboerger added the type/enhancement An improvement of existing functionality label Nov 3, 2016
@tboerger tboerger added this to the 1.2.0 milestone Nov 3, 2016
@joubertredrat
Copy link
Contributor

Oh, sounds good this :)

@tboerger tboerger added type/feature Completely new functionality. Can only be merged if feature freeze is not active. and removed type/enhancement An improvement of existing functionality labels Nov 3, 2016
@bkcsoft
Copy link
Member

bkcsoft commented Nov 4, 2016

Should this be integrated as "The" login-handler, or as an optional dependency? (i.e. build tag)

@tboerger
Copy link
Member Author

tboerger commented Nov 4, 2016

I think we can always integrate it but add an option for admins to disable it

@lunny
Copy link
Member

lunny commented Nov 4, 2016

No build tag but default is closed until admin open it.

@joubertredrat
Copy link
Contributor

Nice idea 👍

@bkcsoft
Copy link
Member

bkcsoft commented Nov 7, 2016

@tboerger @lunny I was more wondering if all Authentication should be handled by OAuth, therefore removing the old auth-module

dbalexandre pushed a commit to gitlabhq/gitlabhq that referenced this issue Dec 21, 2016
It adds a brand new importer for Gitea!

This is a continuation of !6945 started by @bkc.

Gitea aims to be 100% GitHub-compatible but there's a few differences:

- Gitea is not an OAuth provider (yet): go-gitea/gitea#27
  - This means we cannot map Gitea users given an assignee ID => assignees are not set on imported issues and merge requests
- No releases API for now: go-gitea/gitea#330
- API version is `v1` (GitHub is `v3`)
- The IID field for milestones is `id` compared to `number` in GitHub.
- Issues, PRs, milestones, labels don't have a `url` field (the importer now fallback to `''` in that case)

**Known issues:**

- Comments are not imported because comments JSON always have a blank `html_url`/`issue_url`/`pull_request_url`, so the IID cannot be extracted and the issuable cannot be found... :( This is tracked in go-gitea/gitea#401, and solved by gogs/gogs#3624 but this needs to be submitted / merged in Gitea.

This is noted in the documentation.

## Are there points in the code the reviewer needs to double check?

1. I've made `Import::GiteaController` inherit from `Import::GithubController` since both controllers should be identical in the long-term and their current differences are small.
1. I've added a base `IssuableFormatter` class from which `IssueFormatter` & `PullRequestFormatter` inherit
1. I've added shared examples for GitHub/Gitea importer classes
1. I've made `Gitlab::ImportSources` more robust and tested! 🎄 
1. I've added routing specs for import routes! 🎄 

Closes #22348

See merge request !8116
@lunny lunny mentioned this issue Feb 23, 2017
20 tasks
@lunny lunny modified the milestones: 1.3.0, 1.2.0 Apr 6, 2017
@JohnTheodore
Copy link

+1, this would be awesome!!!

@femaref
Copy link

femaref commented Jun 9, 2017

is there an ETA for this? Would make life easier.

@lafriks
Copy link
Member

lafriks commented Sep 4, 2017

I think this one could be good option to integrate into gitea - https://github.com/coreos/dex

@lunny
Copy link
Member

lunny commented Sep 5, 2017

@lafriks Looks good, but it requires go1.8 I think.

@mikehaertl
Copy link

Here's another Go based alternative: https://github.com/ory/hydra

ORY Hydra is not an identity provider (user sign up, user log in, password reset flow), but connects to your existing identity provider through a consent app.

It seems quite easy to set up. Here's a nice tutorial: https://www.ory.am/run-oauth2-server-open-source-api-security.html?

@lafriks
Copy link
Member

lafriks commented Sep 5, 2017

@mikehaertl Hydra does not support JWT and from what I understand even if added they won't be in community edition - https://ory.gitbooks.io/hydra/content/faq.html#is-jwt-supported

@tboerger
Copy link
Member Author

tboerger commented Sep 5, 2017

JWT is a must have for drone integration

@lunny lunny modified the milestones: 1.3.0, 1.x.x Oct 10, 2017
@ts468
Copy link

ts468 commented Dec 15, 2017

Remotely related, but would it also be possible to extend gitea so that gitea can listen on a second interface over which every access is granted automatically?

The idea is to allow tooling without OAuth2 authentication capabilities, like Hydra, to fetch data over, e.g., the loopback interface.

@jonasfranz
Copy link
Member

https://github.com/ory/fosite looks like a promising library to integrate this feature. It is used by hydra AFAIK.

@jonasfranz
Copy link
Member

@ekozan You can create a seperate PR for the UI, this may improve the review speed.

@vtolstov
Copy link

so, what library decided to use? i don't find any pr about oauth2 server in gitea

@xdevs23
Copy link

xdevs23 commented Aug 13, 2018

I'm waiting for this one as well. Definitely looking forward to it!

@go-gitea go-gitea deleted a comment from cutec-chris Aug 19, 2018
@JohnTheodore
Copy link

Is there a branch or PR related to this change? or we're still in the discussion phase.

@lunny
Copy link
Member

lunny commented Aug 23, 2018

@JohnTheodore no people are working on this.

@xdevs23
Copy link

xdevs23 commented Aug 23, 2018

That's unfortunate

@JohnTheodore
Copy link

@ekozan mentioned a PR, I wasn't sure if that happened.

@JohnTheodore
Copy link

@lunny it sounds like dex would be the library to use for resolving this issue? Are there changes to dex that are necessary for it to be the way you want?

In general how does the go-gitea project deal with something like a 'design document'. So if you, tboerger, lafriks, bkcsoft, etc all agree on a design with say dex, is that design written down somewhere? This way if someone wants to work on it, they'll do it in a way the project maintainers want.

@lunny
Copy link
Member

lunny commented Sep 6, 2018

We ever want to create a design process but in fact we haven't obey that because it's unnecessary for most features. We depend on Pull Requests approvals to control the quality of the codes. Any PR some maintainers against will be discussed more until two maintainers agreed and no maintainers against. A big PR of course should be required write the design detail on the PR's description. As an oauth provider, it's a mature technology.I think what we need to do is to find a maintained-well library and follow it's design.

@ekozan
Copy link

ekozan commented Oct 7, 2018

i'm totaly busy .... :/ i havent finish the work

@lunny
Copy link
Member

lunny commented Oct 21, 2018

@ekozan never mind. :)

@techknowlogick
Copy link
Member

If anyone is interested in working on this, I wrote an adapter for https://github.com/go-oauth2/oauth2 that allows use of XORM https://github.com/techknowlogick/go-oauth2-xorm Next would be to add the routes to handle oauth.

@stale
Copy link

stale bot commented Jan 13, 2019

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs during the next 2 weeks. Thank you for your contributions.

@stale stale bot added the issue/stale label Jan 13, 2019
@AfroThundr3007730
Copy link

There should be a way to mark this as "keep open", since there is clearly still demand for this.

@stale stale bot removed the issue/stale label Jan 13, 2019
@jonasfranz
Copy link
Member

There is a open PR too.

@AfroThundr3007730
Copy link

@lafriks Mind tagging this one as reviewed too? :)

@lafriks lafriks added the issue/confirmed Issue has been reviewed and confirmed to be present or accepted to be implemented label Jan 21, 2019
@lafriks lafriks modified the milestones: 1.x.x, 1.8.0 Jan 21, 2019
@xdevs23
Copy link

xdevs23 commented Feb 2, 2019

Looking forward to this

lunny referenced this issue in lunny/gitea Feb 7, 2019
* add get tags info method for releases

* composite variable decleare
@go-gitea go-gitea locked and limited conversation to collaborators Nov 24, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
issue/confirmed Issue has been reviewed and confirmed to be present or accepted to be implemented type/feature Completely new functionality. Can only be merged if feature freeze is not active.
Projects
None yet
Development

Successfully merging a pull request may close this issue.