Description
Description
I am trying to add authelia as an OpenID provider by following the instructions here. It seems like everything is working fine except the account linking part. I already have an administrator account setup locally and want to access the same account via authelia. The name and email are identical in Gitea and authelia.
On the login page, I click on "Sign in with authelia":
I am then redirected to my authelia instance where I can log into my account. After granting access, I am redirected to Gitea where I am greeted with the following screen (I cannot use the option "Register New Account" as I already have an account setup with the same name and email):
I would expect a login form to show here instead of the blank area under the heading. Using the passkey option, I can login but it seems like the account is still not connected. When logging out and in again (with authelia) I am again redirected to this linking screen although I would expect the process to only be needed once.
Here is my config (note that I of cource replaced my-domain.com and the client secret with the correct values in my actual config):
app.ini
[openid]
ENABLE_OPENID_SIGNIN = false
ENABLE_OPENID_SIGNUP = true
WHITELISTED_URIS = auth.my-domain.com
[oauth2_client]
REGISTER_EMAIL_CONFIRM = true
OPENID_CONNECT_SCOPES = openid email profile
USERNAME = email
ACCOUNT_LINKING = auto
ENABLE_AUTO_REGISTRATION = false
From the log, I can see the following related entries:
gitea | 2025/01/19 16:36:40 ...eb/routing/logger.go:102:func1() [I] router: completed GET /user/oauth2/authelia for A.X.Y.Z:0, 307 Temporary Redirect in 5.5ms @ auth/oauth.go:36(auth.SignInOAuth)
gitea | 2025/01/19 16:36:41 ...eb/routing/logger.go:102:func1() [I] router: completed GET /user/oauth2/authelia/callback?code=SOME_CODE&iss=https%3A%2F%2Fauth.my-domain.com&scope=openid+email+profile&state=SOME_STATE for A.X.Y.Z:0, 303 See Other in 362.1ms @ auth/oauth.go:75(auth.SignInOAuthCallback)
gitea | 2025/01/19 16:36:42 ...eb/routing/logger.go:102:func1() [I] router: completed GET /user/link_account for A.X.Y.Z:0, 200 OK in 3.0ms @ auth/linkaccount.go:31(auth.LinkAccount)gitea | 2025/01/19 16:45:42 ...eb/routing/logger.go:102:func1() [I] router: completed GET /user/link_account for A.X.Y.Z:0, 303 See Other in 3.1ms @ web/web.go:138(web.registerRoutes.verifyAuthWithOptions)
gitea | 2025/01/19 16:45:42 ...eb/routing/logger.go:102:func1() [I] router: completed GET / for A.X.Y.Z:0, 200 OK in 33.4ms @ web/home.go:32(web.Home)Gitea Version
1.23.1
Can you reproduce the bug on the Gitea demo site?
No
Log Gist
No response
Screenshots
No response
Git Version
No response
Operating System
No response
How are you running Gitea?
compose.yml:
services:
gitea:
image: docker.io/gitea/gitea:1.23.1
container_name: gitea
environment:
- APP_NAME="Gitea"
- USER_UID=1000
- USER_GID=1000
- USER=git
- RUN_MODE=prod
- DOMAIN=gitea.my-domain.com
- SSH_DOMAIN=gitea.my-domain.com
- HTTP_PORT=3000
- ROOT_URL=https://gitea.my-domain.com
- SSH_PORT=2222
- SSH_LISTEN_PORT=22
- DB_TYPE=sqlite3
restart: unless-stopped
volumes:
- ./data:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
ports:
- 2222:22
labels:
- traefik.enable=true
- traefik.http.routers.gitea.entrypoints=https
- traefik.http.routers.gitea.rule=Host(`gitea.my-domain.com`)
- traefik.http.services.gitea.loadbalancer.server.port=3000
runner:
image: gitea/act_runner:0.2.11
restart: unless-stopped
depends_on:
- gitea
volumes:
- ./data/act_runner:/data
- /var/run/docker.sock:/var/run/docker.sock
environment:
- GITEA_INSTANCE_URL=https://gitea.my-domain.com
- GITEA_RUNNER_REGISTRATION_TOKEN=XYZ
- GITHUB_COM_TOKEN=XYZDatabase
SQLite