KN4CK3R
commented
1 year ago This error is returned by the upstream library: https://github.com/markbates/goth You changed the return url for this issue?
Open constantin-baciu opened 1 year ago
KN4CK3R
commented
1 year ago This error is returned by the upstream library: https://github.com/markbates/goth You changed the return url for this issue?
constantin-baciu
commented
1 year ago Yes, I know it's an upstream library. Yes, I did change the URL. (I've just corrected the issue description to remove some formatting)
constantin-baciu
commented
1 year ago I wonder if I have to add the UserRead scope, like the lib uses by default. See here
chrisunterricht
commented
1 year ago Is there any update on this as I run into the exact same problem.
Description
I'm trying to setup OAuth 2.0 against my corporate Azure AD. I'm using Azure AD V2. I've added the application in Azure AD and now I'm trying to configure my Gitea install to do that.
The Client ID, Secret and tenant are OK. The return URL is https://base_url/user/oauth2/authentication_name/callback
But, when I try to login, Gitea presents me a http500. Looking at the logs, I see this:
UserSignIn: <authentication name> responded with a 403 trying to fetch user informationMeanwhile, the Azure AD logs show my successful login attempt.
I dug a little deeper and I've found that the MS Graph URL used is https://graph.microsoft.com/v1.0/ Some other applications I have setup to use OAuth 2 against the same Azure tenant are using another URL: https://graph.microsoft.com/oidc/userinfo
Comparing the Azure setup for the Gitea integration with the others we've implemented, there's nothing different.
I wonder if there's something that needs to happen on Azure AD for this to work. I can't find any documentation on the Gitea website about how to set things up.
Screenshots
Gitea Version
1.18.rc0
Can you reproduce the bug on the Gitea demo site?
No
Operating System
No response
Browser Version
Chrome (latest), Edge (latest)