Gitea oAuth Fails

[kaysersoze]

When attempting to authenticate via Gitea oAuth, I always receive the message:

Error 400
Bad Request

Cannot complete user auth

From looking at the code at https://github.com/thomiceli/opengist/blob/master/internal/web/auth.go#L141C2-L144C3, it appears that this is failing in gothic's CompleteUserAuth but I don't' have any way to see why it's failing.

Is this a known issue (with hopefully a simple fix) and/or is there a way for me to see what the exact error that gothic is returning?

The rest of the flow (ie. redirecting to Gitea, authorizing the application) seems to be working properly.

Thanks in advance.

[thomiceli]

The error might be written in the callback url ?

[kaysersoze]

The error might be written in the callback url ?

At a OG_LOG_LEVEL of trace I only get the following in the Opengist log:

opengist | 6:17PM INF HTTP URI=/oauth/gitea/callback?code=KIOwQCdGB0Q3g8sCUFbeLgfTCWfvHAnEfBktyNf2Y0Za&state=S6_eOnt15-uW6ij7t6mOKvaGT1ZJMLYRPWl2RTfl9ZqIW2wFDucmjcp6jcnWk2iCyPGSCh7t3e4QqiP4IneQgQ%3D%3D ip=192.168.0.XXX method=GET status=400

[yedajiang44]

see here

[graphixillusion]

I'm having the exact same issue using Authentik as oAuth. I think everything is configured correctly in authenthik but i get error 400 in opengist. Any clue?

[thomiceli]

I'm having the exact same issue using Authentik as oAuth. I think everything is configured correctly in authenthik but i get error 400 in opengist. Any clue?

Does your openid url ends with /.well-known/openid-configuration ?

Anyway yes, the error should be more explicit than it is right now

[graphixillusion]

Does your openid url ends with /.well-known/openid-configuration ?

Yep, the address ends with that. Authenthik manage these urls like this:

https://domain/application/o/opengist/.well-known/openid-configuration

opengist is the name given inside authentik

[graphixillusion]

@thomiceli ok with the new version the error msg is this:

Error 400
Bad Request
Cannot complete user auth: securecookie: the value is too long

[ghost]

Same here while adding a Codeberg login.

Set redirect URI to https://opengist.example.com/oauth/gitea/callback
Set Codeberg URL, id and secret as an env variable.

But logging in with Codeberg results in Unregistered Redirect URI.

Nice to see at least the GitHub option works fine.

[thomiceli]

Same here while adding a Codeberg login.

Set redirect URI to https://opengist.example.com/oauth/gitea/callback Set Codeberg URL, id and secret as an env variable.

But logging in with Codeberg results in Unregistered Redirect URI.

Nice to see at least the GitHub option works fine.

Codeberg is working fine for me.

By any chance did you put literally opengist.example.com in your redirect URI ?

[graphixillusion]

With the last 1.6.0 i'm still getting this error using authentik

Bad Request
Cannot complete user auth: securecookie: the value is too long: 4224

Is there something that can be adjusted authentik side to make it work?

[ghost]

Same here while adding a Codeberg login.
Set redirect URI to https://opengist.example.com/oauth/gitea/callback Set Codeberg URL, id and secret as an env variable.
But logging in with Codeberg results in Unregistered Redirect URI.

Nice to see at least the GitHub option works fine.

Codeberg is working fine for me.

By any chance did you put literally opengist.example.com in your redirect URI ?

That is an example, but I used my actual domain.

[thomiceli]

With the last 1.6.0 i'm still getting this error using authentik

Bad Request Cannot complete user auth: securecookie: the value is too long: 4224

Is there something that can be adjusted authentik side to make it work?

I don't know about authentik at all but I will check

Same here while adding a Codeberg login.
Set redirect URI to https://opengist.example.com/oauth/gitea/callback Set Codeberg URL, id and secret as an env variable.
But logging in with Codeberg results in Unregistered Redirect URI.

Nice to see at least the GitHub option works fine.

Codeberg is working fine for me.
By any chance did you put literally opengist.example.com in your redirect URI ?

That is an example, but I used my actual domain.

What version of Codeberg do you use ?

[thomiceli]

With the last 1.6.0 i'm still getting this error using authentik

Bad Request Cannot complete user auth: securecookie: the value is too long: 4224

Is there something that can be adjusted authentik side to make it work?

@graphixillusion what if you only select 'profile' on your authentik provider scopes ?

[graphixillusion]

With the last 1.6.0 i'm still getting this error using authentik
Bad Request Cannot complete user auth: securecookie: the value is too long: 4224
Is there something that can be adjusted authentik side to make it work?

@graphixillusion what if you only select 'profile' on your authentik provider scopes ?

Selecting only profile in the scopes section i have this error (version 1.6.1):

Error 400
Bad Request
Cannot complete user auth: securecookie: the value is too long: 4124

[thomiceli]

Same here while adding a Codeberg login.
Set redirect URI to https://opengist.example.com/oauth/gitea/callback Set Codeberg URL, id and secret as an env variable.
But logging in with Codeberg results in Unregistered Redirect URI.

Nice to see at least the GitHub option works fine.

Codeberg is working fine for me.
By any chance did you put literally opengist.example.com in your redirect URI ?

That is an example, but I used my actual domain.

@SudoVanilla Can you ensure, when you create your Codeberg oauth application, that this option is checked ?

[ghost]

This option was not ticked.
Now it works, since I enabled that!

[nervous-inhuman]

With the last 1.6.0 i'm still getting this error using authentik
Bad Request Cannot complete user auth: securecookie: the value is too long: 4224
Is there something that can be adjusted authentik side to make it work?

@graphixillusion what if you only select 'profile' on your authentik provider scopes ?

Selecting only profile in the scopes section i have this error (version 1.6.1):

Error 400 Bad Request Cannot complete user auth: securecookie: the value is too long: 4124

+1

Also having issues with Authentik and OpenGist, same error as @graphixillusion is having (also after redusing the scope to profile)

I have opened a new issue to track this separately: #212

[GhaziTriki]

@thomiceli it looks like the issue is back. Everything was working fine until I upgrade gitea and opengist. I get Unregistered Redirect URI. I double check everything, I don't see any issue.