500 Server Error after adding openid connect provider

[cchartmann]

Description

Instead of an informative error message i get an 500 Server Error.

Log:
.../providers_openid.go:42:CreateGothProvider() [W] [640291c5] Failed to create OpenID Connect Provider with name 'xxx' with url 'openid.xxx': Get "openid.xxx": unsupported protocol scheme ""

I think it would be possible to give this info in the Webinterface

The next 500 Server Error happens if the discovery URL returns HTML content.

Gitea Version

1.18.5

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

No response

Screenshots

No response

Git Version

No response

Operating System

No response

How are you running Gitea?

i use an release from Github on Uberspace
see this Guide for more info:
https://lab.uberspace.de/guide_gitea/

Database

MySQL

[wxiaoguang]

Could yuo check your URL in config? Maybe it should be "https://openid.xxx" but not "openid.xxx"

[cchartmann]

yes that is true. and i solved my problem but i would propose to make a more useful message than an 500 Server Error.

[cchartmann]

i think Gitea answers a lot of things with a 500 Server Error instead of an useful error message in cases in which it is possible to make an message, that describes the Problem, gives some useful information and could allow the user to change the input.

[wxiaoguang]

Agree to improve. There are a lot of 500 errors in Gitea, which is very unfriendly to end users.

It just needs time and manpower to clean them one by one .....

[ELISHELL]

i have a same problem.

I set up an openid provider with keycloack. return {"error":"invalid_grant","error_description":"Code not valid"}

gitea logs:

2023/03/10 12:32:03 ...rs/web/auth/oauth.go:914:SignInOAuthCallback() [E] [640ab2c3] UserSignIn: oauth2: cannot fetch token: 400 Bad Request

Response: {"error":"invalid_grant","error_description":"Code not valid"}

2023/03/10 12:32:03 [640ab2c3] router: completed GET /user/oauth2/sso/callback?state=c5cf88da-769b-417b-a451-901244628e34&session_state=74ca5811-632b-4de3-a59a-0be4b8370212&code=c1af9b2c-657b-4569-9b1f-49e7c6e2d5c0.74ca5811-632b-4de3-a59a-0be4b8370212.f9fe9635-f7bd-408a-900a-0711fd0c5d2f for ...:0, 500 Internal Server Error in 451.5ms @ auth/oauth.go:877(auth.SignInOAuthCallback)

keycloak logs:

12:32:03,582 WARN [org.keycloak.events] (default task-21) type=CODE_TO_TOKEN_ERROR, realmId=xhkj, clientId=gitea_fanle_work, userId=3d4b845d-f6f3-4559-8b64-9f9094ce9712, ipAddress=..., error=not_allowed, grant_type=authorization_code, code_id=74ca5811-632b-4de3-a59a-0be4b8370212, client_auth_method=client-secret

12:32:03,585 WARN [org.keycloak.protocol.oidc.utils.OAuth2CodeParser] (default task-21) Code 'c1af9b2c-657b-4569-9b1f-49e7c6e2d5c0' already used for userSession '74ca5811-632b-4de3-a59a-0be4b8370212' and client 'f9fe9635-f7bd-408a-900a-0711fd0c5d2f'.

12:32:03,586 WARN [org.keycloak.events] (default task-21) type=CODE_TO_TOKEN_ERROR, realmId=xhkj, clientId=gitea_fanle_work, userId=null, ipAddress=..., error=invalid_code, grant_type=authorization_code, code_id=74ca5811-632b-4de3-a59a-0be4b8370212, client_auth_method=client-secret