Skip to content

Implement PKCE for OpenID Connect - Unable to login with LogTo #21376

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
mhkarimi1383 opened this issue Oct 8, 2022 · 8 comments
Open

Implement PKCE for OpenID Connect - Unable to login with LogTo #21376

mhkarimi1383 opened this issue Oct 8, 2022 · 8 comments
Labels
type/feature Completely new functionality. Can only be merged if feature freeze is not active. type/upstream This is an issue in one of Gitea's dependencies and should be reported there

Comments

@mhkarimi1383
Copy link

Description

Hi,
I want to connect my Gitea instance to Logto OpenID connect
but I'm getting 421 status code with the error below in gitea container logs

2022/10/08 09:53:16 ...rs/web/auth/oauth.go:834:SignInOAuthCallback() [I] [63411754] Failed OAuth callback: (invalid_request) Authorization Server policy requires PKCE to be used for this request

I'm not able to do it in demo site since my logto instance is not fully available in public

Gitea Version

1.17.2

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

No response

Screenshots

No response

Git Version

No response

Operating System

No response

How are you running Gitea?

Docker Container

Database

PostgreSQL
@zeripath
Copy link
Contributor

zeripath commented Oct 8, 2022

Unfortunately the upstream library we use https://github.com/markbates/goth doesn't appear to implement PKCE authentication for OpenIDConnect - and therefore it looks like we don't support it.

I'm not certain because although I've read the OAuth specs several times it was a while ago, but I'm not certain that it would necesarily be too difficult to implement.

@zeripath zeripath added type/feature Completely new functionality. Can only be merged if feature freeze is not active. and removed type/bug labels Oct 8, 2022
@zeripath zeripath changed the title OpenID Connect Problem (With Logto) Implement PKCE for OpenID Connect - Unable to login with LogTo Oct 8, 2022
@mhkarimi1383
Copy link
Author

mhkarimi1383 commented Oct 8, 2022
edited
Loading

I think someone fixed that for zoom authentication markbates/goth#459
I think it's good to make it for OpenID Connect too...

@mhkarimi1383 mhkarimi1383 mentioned this issue Oct 8, 2022
Closed
@mhkarimi1383
Copy link
Author

I created an issue in https://github.com/markbates/goth: markbates/goth#473
we can close this one I think
Or
Keep it open and wait for update...

@zeripath zeripath mentioned this issue Oct 9, 2022
Merged
@zeripath
Copy link
Contributor

zeripath commented Oct 9, 2022

We should keep this issue open as a marker to add the changes once the associated PR is merged.

@wxiaoguang wxiaoguang added the type/upstream This is an issue in one of Gitea's dependencies and should be reported there label Oct 9, 2022
@techknowlogick techknowlogick mentioned this issue Oct 12, 2022
Closed
@sedadas
Copy link

sedadas commented Mar 10, 2023

Hello,
I would also like to see this implemented. I am attempting to use ownCloud Infinite Scale with Gitea as an IDP, but it does not work, because OICS only supports login with PKCE: owncloud/ocis#2445
What would be the effort, given that Gitea is now also using a version of goth that supports this?

@lunny
Copy link
Member

lunny commented Mar 14, 2023

Gitea now are using 1.76.0 which have included markbates/goth#474 . So this has been resolved? @zeripath @techknowlogick

@techknowlogick
Copy link
Member

per the comment in #21426 (comment), work needs to be done on Gitea's side to be able to support this.

@djpbessems
Copy link

Is there a milestone or ETA for this planned? I would like to use Pinniped with Gitea, but it's incompatible at the moment.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type/feature Completely new functionality. Can only be merged if feature freeze is not active. type/upstream This is an issue in one of Gitea's dependencies and should be reported there
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

update goth to add pkce support techknowlogick/gitea
7 participants
@lunny @techknowlogick @zeripath @wxiaoguang @sedadas @djpbessems @mhkarimi1383