search

go-gitea / gitea

Git with a cup of tea! Painless self-hosted all-in-one software development service, including Git hosting, code review, team collaboration, package registry and CI/CD
https://gitea.com
MIT License
45.24k stars 5.5k forks source link

Support HTTP POST requests to `/userinfo`, aligning to OpenID Core specification #32578

Closed marcellmars closed 1 day ago

marcellmars commented 1 day ago

This PR adds support for the HTTP POST requests to /userinfo endpoint. While the OpenID Core specification recommends using HTTP GET, at least MinIO uses HTTP POST in their OIDC login flow.

OpenID Core:

I tested this manually with a local MinIO instance, and it successfully allows their [x] Claim User Info setting to be checked. Without this change, it fails with a Method not allowed error from the IdP.

GiteaBot commented 1 day ago

I was unable to create a backport for 1.22. @marcellmars, please send one manually. :tea:

go run ./contrib/backport 32578
...  // fix git conflicts if any
go run ./contrib/backport --continue