search

go-gitea / gitea

Git with a cup of tea! Painless self-hosted all-in-one software development service, including Git hosting, code review, team collaboration, package registry and CI/CD
https://gitea.com
MIT License
45.43k stars 5.52k forks source link

500 upon authentik OAuth2/OpenID: login #32674

Open moan0s opened 4 days ago

moan0s commented 4 days ago

Description

I configured Authentik and Gitea as described in this manual. When trying to login via this OAuth-Flow I encounter a http 500 error and cannot log in via this flow. Reloading does not solve the problem (#5005).

The server log says: 

oauth2: error decoding JWT token: jws: invalid token received, not all parts available

Callback that fails with 500: https://git.hyteck.de/user/oauth2/QZT%20Authentik/callback?code=c26c5f75c939524d98f5f67e3d58c6b6&state=08176cae-79d6-46a3-04c7-36670db77079 (not the real code or state).

I specifically configured samesite: Lax as per https://github.com/go-gitea/gitea/issues/25542, same for GITEA__server__ROOT_URL=https://git.hyteck.de (I also tried including a backslash at the end)

I also set GITEA__oauth2_client__ENABLE_AUTO_REGISTRATION=true

I'm looking for ways to debug this further. Feel free to ask for more information.

Gitea Version

1.22.3

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

https://gist.github.com/moan0s/6e214403d9f1cd15265259455529b3fb

Screenshots

No response

Git Version

No response

Operating System

docker (running on ubuntu)

How are you running Gitea?

Gitea is run as docker container started by a systemd service as deployed by the mash-playbook, same for authentik. Both run behind Traefik.

Database

PostgreSQL

KN4CK3R commented 1 day ago

Works for me by following the linked tutorial. I even tried to use a name with a space like you did but that worked too.