authentik/index.md at 01fcbb325b2a77892fd1199877e5dd761a9563b5

This repository has been archived on 2024-05-31. You can view files and clone it, but cannot push or open issues or pull requests.

2.2 KiB

Raw Blame History

title
Gitea

What is Gitea

From https://gitea.io/

:::note Gitea is a community managed lightweight code hosting solution written in Go. It is published under the MIT license. :::

:::note This is based on authentik 2021.10.3 and Gitea 1.15.6 installed using https://docs.gitea.io/en-us/install-from-binary/. Instructions may differ between versions. :::

Preparation

The following placeholders will be used:

authentik.company is the FQDN of authentik.
gitea.company is the FQDN of Gitea.

Step 1

In authentik, create an OAuth2/OpenID Provider (under Resources/Providers) with these settings:

:::note Only settings that have been modified from default have been listed. :::

Protocol Settings

Name: Gitea
RSA Key: Select any available key

:::note Take note of the Client ID and Client Secret, you'll need to give them to Gitea in Step 3. :::

Step 2

In authentik, create an application (under Resources/Applications) which uses this provider. Optionally apply access restrictions to the application using policy bindings.

:::note Only settings that have been modified from default have been listed. :::

Name: Gitea
Slug: gitea-slug
Provider: Gitea

Step 3

Navigate to the Authentication Sources page at https://gitea.company/admin/auths and click Add Authentication Source

Change the following fields

Authentication Name: authentik
OAuth2 Provider: OpenID Connect
Client ID (Key): Step 2
Client Secret: Step 2
Icon URL: https://raw.githubusercontent.com/goauthentik/authentik/master/web/icons/icon.png
OpenID Connect Auto Discovery URL: https://authentik.company/application/o/gitea-slug/.well-known/openid-configuration

Add Authentication Source

Next you should edit your Gitea's 'app.ini' to make Gitea request the proper OIDC Scope from authentik. (It'll by default only ask for the 'openid' scope which doesn't provide us with the relevant information.)

In your Gitea instance, navigate to your app.ini and make the following changes

If it doesn't exist yet, create a [oauth2_client] section
Set OPENID_CONNECT_SCOPES to email profile

Restart Gitea and you should be done!

2.2 KiB Raw Blame History