OpenI
/
aiforge
Not watched
1
0
Fork 0
Code
Releases 128 Wiki Activity
Issues 0 Pull Requests 0 Datasets Model Cloudbrain
You can not select more than 25 topics Topics must start with a chinese character,a letter or number, can include dashes ('-') and can be up to 35 characters long.
9706 Commits
197 Branches
392 MB
5317 Download
Tree: 22bfedfb69
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '22bfedfb69'
${ noResults }
aiforge/docs/content/doc/advanced/oauth2-provider.md

oauth2-provider.md 3.7 kB
Raw Normal View History

Add oauth2 documentation (#6604) * Add oauth2 documentation Signed-off-by: Jonas Franz <info@jonasfranz.software> * Apply suggestions from code review Co-Authored-By: jonasfranz <info@jonasfranz.software> * Update docs/content/doc/advanced/oauth2-provider.md Co-Authored-By: jonasfranz <info@jonasfranz.software> * Update oauth2-provider.md
6 years ago
 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192 
  1. ---

  2. date: "2019-04-19:44:00+01:00"

  3. title: "OAuth2 provider"

  4. slug: "oauth2-provider"

  5. weight: 41

  6. toc: true

  7. draft: false

  8. menu:

  9.   sidebar:

  10.     parent: "advanced"

  11.     name: "OAuth2 Provider"

  12.     weight: 41

  13.     identifier: "oauth2-provider"

  14. ---

  15. 

  16. 

  17. # OAuth2 provider

  18. 

  19. Gitea supports acting as an OAuth2 provider to allow third party applications to access its resources with the user's consent. This feature is available since release 1.8.0.

  20. 

  21. ## Endpoints

  22. 

  23. 

  24. Endpoint               | URL

  25. -----------------------|----------------------------

  26. Authorization Endpoint | `/login/oauth/authorize`

  27. Access Token Endpoint  | `/login/oauth/access_token`

  28. 

  29. 

  30. ## Supported OAuth2 Grants

  31. 

  32. At the moment Gitea only supports the [**Authorization Code Grant**](https://tools.ietf.org/html/rfc6749#section-1.3.1) standard with additional support of the [Proof Key for Code Exchange (PKCE)](https://tools.ietf.org/html/rfc7636) extension.

  33.  

  34. 

  35. To use the Authorization Code Grant as a third party application it is required to register a new application via the "Settings" (`/user/settings/applications`) section of the settings.

  36. 

  37. ## Scopes

  38. 

  39. Currently Gitea does not support scopes (see [#4300](https://github.com/go-gitea/gitea/issues/4300)) and all third party applications will be granted access to all resources of the user and his/her organizations.

  40. 

  41. ## Example

  42. 

  43. **Note:** This example does not use PKCE.

  44. 

  45. 1. Redirect to user to the authorization endpoint in order to get his/her consent for accessing the resources:

  46. 

  47. ```curl

  48. https://[YOUR-GITEA-URL]/login/oauth/authorize?client_id=CLIENT_ID&redirect_uri=REDIRECT_URI& response_type=code&state=STATE

  49. ``` 

  50. 

  51. The `CLIENT_ID` can be obtained by registering an application in the settings. The `STATE` is a random string that will be send back to your application after the user authorizes. The `state` parameter is optional but should be used to prevent CSRF attacks.

  52. 

  53. 

  54. ![Authorization Page](/authorize.png)

  55. 

  56. The user will now be asked to authorize your application. If they authorize it, the user will be redirected to the `REDIRECT_URL`, for example:

  57. 

  58. ```curl

  59. https://[REDIRECT_URI]?code=RETURNED_CODE&state=STATE

  60. ```

  61. 

  62. 2. Using the provided `code` from the redirect, you can request a new application and refresh token. The access token endpoints accepts POST requests with  `application/json` and `application/x-www-form-urlencoded` body, for example:

  63. 

  64. ```curl

  65. POST https://[YOUR-GITEA-URL]/login/oauth/access_token

  66. ```

  67. 

  68. ```json

  69. {

  70. 	"client_id": "YOUR_CLIENT_ID",

  71. 	"client_secret": "YOUR_CLIENT_SECRET",

  72. 	"code": "RETURNED_CODE",

  73. 	"grant_type": "authorization_code",

  74. 	"redirect_uri": "REDIRECT_URI"

  75. }

  76. ```

  77. 

  78. Response:

  79. ```json

  80. {  

  81. "access_token":"eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJnbnQiOjIsInR0IjowLCJleHAiOjE1NTUxNzk5MTIsImlhdCI6MTU1NTE3NjMxMn0.0-iFsAwBtxuckA0sNZ6QpBQmywVPz129u75vOM7wPJecw5wqGyBkmstfJHAjEOqrAf_V5Z-1QYeCh_Cz4RiKug",  

  82. "token_type":"bearer",  

  83. "expires_in":3600,  

  84. "refresh_token":"eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJnbnQiOjIsInR0IjoxLCJjbnQiOjEsImV4cCI6MTU1NzgwNDMxMiwiaWF0IjoxNTU1MTc2MzEyfQ.S_HZQBy4q9r5SEzNGNIoFClT43HPNDbUdHH-GYNYYdkRfft6XptJBkUQscZsGxOW975Yk6RbgtGvq1nkEcklOw"  

  85. }

  86. ```

  87. 

  88. The `CLIENT_SECRET` is the unique secret code generated for this application. Please note that the secret will only be visible after you created/registered the application with Gitea and cannot be recovered. If you lose the secret you must regenerate the secret via the application's settings.

  89. 

  90. The `REDIRECT_URI` in the `access_token` request must match the `REDIRECT_URI` in the `authorize` request.

  91. 

  92. 3. Use the  `access_token` to make [API requests](https://docs.gitea.io/en-us/api-usage#oauth2) to access the user's resources.

No Description