Adding OAuth2/ OpenID Connect to Gitea
I host my own Gitea server, which I use as a self-hosted alternative to GitHub. Over the last couple of days, and for fun, I have been migrating any hosted services that are capable over to supported authentication sources.
If you are not familiar with Gitea, it is an open-source git hosting platform written in Go. It was originally forked from the Gogs project and it takes a lot of design queue from GitHub.
Where I can, I am trying to set up my services to use Azure Active Directory (AAD) as an authentication provider. This post will go through the steps to set up the authentication provider.
Gitea supports many different authentications types, but in this setup, we will be using Oauth2 with OpenID Connect as the provider.
- Log into Gitea, and navigate to
Authentication Sources. Then click on
Add Authentication Source.
2. Fill the form out with the following values;
|OAuth2 Provider||OpenID Connect|
|Client ID (Key)||To be created in AAD|
|Client Secret||To be created in AAD|
|Icon URL||Your icon URL|
|OpenID Connect Auto Discovery URL||https://login.microsoftonline.com/TENANT-ID/v2.0/.well-known/openid-configuration|
Leave this window open as we will need to collect values from AAD side of things.
3. Log into
AAD , and navigate to the
App Registrations blade.
4. Click on
new registration and enter a meaningful name, I called mine
Make sure you select your corresponding account type, most will likely be set up to
Accounts in this organizational directory only (Tenant Name Here only - Single tenant).
Redirect URI from what we created from Gitea and click
Your Redirect URI will look something like this;
https://mygiteaserver.awesomedomain.com/user/oauth2/<AUTHENTICATION NAME FROM GITEA>/callback
Replace <AUTHENTICATION NAME FROM GITEA> with what you put in the Authentication Name from Gitea. In this example we used
5. For Azure to provide the correct authorization flow we need to change out
Application Type to
Native. This can be done by going into the
Authentication blade in the Azure Portal.
Allow public client flow to
6. Next we need to generate a
Client Secret. Navigate to
Certificate & Secrets, and create a new client secret.
Set the Client Secret
Expiry and click on
7. Copy the
Value from the newly create client secret, and paste this into the
Client Secret field on the Gitea page.
8. Back in Azure, go back to the
Overview page, and copy the
Application (client) ID string. This will go into the
Client ID (Key) field in Gitea.
9. Finally, we will collect our TenantID from the Overview page, and update our
OpenID Connect Auto Discovery URL with the
10. Test it out, go to your Gitea site, click on the
OpenID button and sign in with your AAD account and voila you should load straight into your account.
Bonus tip: If you have an existing account already created in Gitea, you can link this new authentication method to an existing account.