Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Gitea as an OpenID provider #1310

Open
strk opened this issue Mar 17, 2017 · 12 comments
Open

Gitea as an OpenID provider #1310

strk opened this issue Mar 17, 2017 · 12 comments

Comments

@strk
Copy link
Member

@strk strk commented Mar 17, 2017

Now that OpenID instances can be configured to accept an OpenID login, it could be nice if they ccould also serve as OpenID providers so to build what would become the authentication layer of a federation of code repositories. See also #184

@lunny lunny added this to the 1.x.x milestone Mar 18, 2017
@lunny lunny added the kind/feature label Mar 18, 2017
@cweiske

This comment has been minimized.

Copy link
Contributor

@cweiske cweiske commented Jul 14, 2017

Why is every software trying to become a OpenID provider? Gitea being an OpenID consumer is totally fine on its own.

I do not think that it's necessary for federated pull requests to be an OpenID provider.

@jhasse

This comment has been minimized.

Copy link

@jhasse jhasse commented Jul 14, 2017

It isn't necessary, but it makes it easier as you don't have to create a traditional account on every Gitea instance where you want to open a pull request (and you don't have or don't want to use a different OpenID provider).

@bkcsoft

This comment has been minimized.

Copy link
Member

@bkcsoft bkcsoft commented Aug 24, 2017

If you can setup your own gitea-instance you can setup your own OpenID provider. I really don't get why Gitea has to be a provider for everything 😒

@MaxG87

This comment has been minimized.

Copy link

@MaxG87 MaxG87 commented Feb 11, 2019

Albeit this thread is quiet for some time I want to add some points for the sake of the argument.

If you can setup your own gitea-instance you can setup your own OpenID provider.

And instantly you have to maintain two systems instead of one. Because a project decided not to contribute to infrastructure it partly relies on. And maintaining more systems in a self-hosting setting means much more opportunity to miss important updates.

Furthermore, at least for me, the condition of free, decentralised OpenID infrastructure seems to be quite bad. You can reuse the logins of your accounts at the usual tech giants, but only because someone hardcoded the support for them. I hardly know a service where you can use OpenID tokens from the provider of your choice. I also don't know providers of such tokens that could be used freely. All I know off is the possibility to integrate third-party-logins in your website for preselected third parties.

Long story short: OpenID needs more providers, otherwise Giteas OpenID feature cannot be used in a decentralised way. Gitea should be such a provider to reduce required mainenance efforts in self-hosting settings.

I really don't get why Gitea has to be a provider for everything

It is only about OpenID, isn't it? For me, this seems to be much less than everything.

@lunny

This comment has been minimized.

Copy link
Member

@lunny lunny commented Apr 21, 2019

Since Gitea now could be as OAuth2 provider, that's not too difficult.

@stale

This comment has been minimized.

Copy link

@stale stale bot commented Jun 20, 2019

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs during the next 2 weeks. Thank you for your contributions.

@stale stale bot added the stale label Jun 20, 2019
@stale stale bot removed the stale label Jun 20, 2019
@strk

This comment has been minimized.

Copy link
Member Author

@strk strk commented Jun 20, 2019

I still think this is an important feature. Since Gitea does support OpenID-2.0, by acting as a provider would allow accessing all enabled Gitea instances via identity provided by your own. A big step toward federation.

@zeripath

This comment has been minimized.

Copy link
Contributor

@zeripath zeripath commented Jun 20, 2019

If you put links to the specs in this issue anyone that's interested in building this functionality will have an easier time doing it.

@6543

This comment has been minimized.

Copy link
Member

@6543 6543 commented Nov 6, 2019

gitea now can act as openID provider - so close this issue?

@lunny

This comment has been minimized.

Copy link
Member

@lunny lunny commented Nov 7, 2019

Which PR resolved this?

@6543

This comment has been minimized.

Copy link
Member

@6543 6543 commented Nov 7, 2019

@jolheiser

This comment has been minimized.

Copy link
Member

@jolheiser jolheiser commented Nov 7, 2019

https://docs.gitea.io/en-us/oauth2-provider/?

OpenID is not OAuth2

For example, OAuth2 allows another service to access the Gitea API on your behalf, whereas OpenID would allow another service to treat your Gitea account as a valid account on their platform.
Apologies if that's not 100% correct, but it's my understanding of it on a high-level.

EDIT: This StackOverflow question answers it better than I did.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
9 participants
You can’t perform that action at this time.