2021-11-11 22:23:32 +00:00
---
title: Gitea
---
2022-06-15 19:31:34 +00:00
< span class = "badge badge--secondary" > Support level: Community< / span >
2021-11-11 22:23:32 +00:00
## What is Gitea
From https://gitea.io/
:::note
Gitea is a community managed lightweight code hosting solution written in Go. It is published under the MIT license.
:::
:::note
2022-02-06 14:17:52 +00:00
This is based on authentik 2021.10.3 and Gitea 1.16.0+rc1 installed using https://docs.gitea.io/en-us/install-from-binary/. Instructions may differ between versions.
2021-11-11 22:23:32 +00:00
:::
## Preparation
The following placeholders will be used:
2022-05-09 19:22:41 +00:00
- `authentik.company` is the FQDN of authentik.
- `gitea.company` is the FQDN of Gitea.
2021-11-11 22:23:32 +00:00
### Step 1
In authentik, create an _OAuth2/OpenID Provider_ (under _Resources/Providers_ ) with these settings:
:::note
Only settings that have been modified from default have been listed.
:::
**Protocol Settings**
2021-12-22 20:46:46 +00:00
2022-05-09 19:22:41 +00:00
- Name: Gitea
- Signing Key: Select any available key
2021-11-11 22:23:32 +00:00
:::note
2021-11-12 00:02:17 +00:00
Take note of the `Client ID` and `Client Secret` , you'll need to give them to Gitea in _Step 3_ .
2021-11-11 22:23:32 +00:00
:::
### Step 2
In authentik, create an application (under _Resources/Applications_ ) which uses this provider. Optionally apply access restrictions to the application using policy bindings.
:::note
Only settings that have been modified from default have been listed.
:::
2022-05-09 19:22:41 +00:00
- Name: Gitea
- Slug: gitea-slug
- Provider: Gitea
2021-11-11 22:23:32 +00:00
### Step 3
Navigate to the _Authentication Sources_ page at https://gitea.company/admin/auths and click `Add Authentication Source`
Change the following fields
2022-05-09 19:22:41 +00:00
- Authentication Name: authentik
- OAuth2 Provider: OpenID Connect
2022-05-20 14:47:39 +00:00
- Client ID (Key): Step 1
- Client Secret: Step 1
2022-06-03 17:40:09 +00:00
- Icon URL: https://goauthentik.io/img/icon.png
2022-05-09 19:22:41 +00:00
- OpenID Connect Auto Discovery URL: https://authentik.company/application/o/gitea-slug/.well-known/openid-configuration
- Additional Scopes: `email profile`
2021-11-11 22:23:32 +00:00
![](./gitea1.png)
2022-02-06 14:17:52 +00:00
`Add Authentication Source` and you should be done. Your Gitea login page should now have a `Sign in With` followed by the authentik logo which you can click on to sign-in to Gitea with Authentik creds.
2022-09-15 08:24:17 +00:00
## Helm Chart Configuration
authentik can be configured automatically in Gitea Kubernetes deployments via it's [Helm Chart ](https://gitea.com/gitea/helm-chart/ ).
:::note
This is based on authentik 2022.8.2, Gitea v17.2, and Gitea Helm Chart v6.0.1. Instructions may differ between versions.
:::
Add the following to the Gitea Helm Chart `values.yaml` file:
```yaml
gitea:
oauth:
- name: "authentik"
provider: "openidConnect"
key: "CLIENT_ID_FROM_AUTHENTIK" #Step 1
secret: "CLIENT_SECRET_FROM_AUTHENTIK" #Step 1
autoDiscoveryUrl: "https://authentik.company/application/o/gitea-slug/.well-known/openid-configuration"
iconUrl: "https://goauthentik.io/img/icon.png"
scopes: "email profile"
```
### Kubernetes Secret
Alternatively you can use a Kubernetes secret to set the `key` and `secret` values.
Create a Kubernetes secret with the following:
```yaml
apiVersion: v1
kind: Secret
metadata:
name: gitea-authentik-secret
type: Opaque
stringData:
key: "CLIENT_ID_FROM_AUTHENTIK" #Step 1
secret: "CLIENT_SECRET_FROM_AUTHENTIK" #Step 1
```
Add the following to the Gitea Helm Chart `values.yaml` file:
```yaml
gitea:
oauth:
- name: "authentik"
provider: "openidConnect"
existingSecret: gitea-authentik-secret
autoDiscoveryUrl: "https://authentik.company/application/o/gitea-slug/.well-known/openid-configuration"
iconUrl: "https://goauthentik.io/img/icon.png"
scopes: "email profile"
```