This repository has been archived on 2024-05-31. You can view files and clone it, but cannot push or open issues or pull requests.
authentik/website/integrations/services/gitea/index.md
Jens Langhammer 0181361efa website/integrations: use Signing Key instead of RSA Key
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-01-10 20:18:05 +01:00

2.2 KiB

title
Gitea

What is Gitea

From https://gitea.io/

:::note Gitea is a community managed lightweight code hosting solution written in Go. It is published under the MIT license. :::

:::note This is based on authentik 2021.10.3 and Gitea 1.15.6 installed using https://docs.gitea.io/en-us/install-from-binary/. Instructions may differ between versions. :::

Preparation

The following placeholders will be used:

  • authentik.company is the FQDN of authentik.
  • gitea.company is the FQDN of Gitea.

Step 1

In authentik, create an OAuth2/OpenID Provider (under Resources/Providers) with these settings:

:::note Only settings that have been modified from default have been listed. :::

Protocol Settings

  • Name: Gitea
  • Signing Key: Select any available key

:::note Take note of the Client ID and Client Secret, you'll need to give them to Gitea in Step 3. :::

Step 2

In authentik, create an application (under Resources/Applications) which uses this provider. Optionally apply access restrictions to the application using policy bindings.

:::note Only settings that have been modified from default have been listed. :::

  • Name: Gitea
  • Slug: gitea-slug
  • Provider: Gitea

Step 3

Navigate to the Authentication Sources page at https://gitea.company/admin/auths and click Add Authentication Source

Change the following fields

Add Authentication Source

Next you should edit your Gitea's 'app.ini' to make Gitea request the proper OIDC Scope from authentik. (It'll by default only ask for the 'openid' scope which doesn't provide us with the relevant information.)

In your Gitea instance, navigate to your app.ini and make the following changes

  • If it doesn't exist yet, create a [oauth2_client] section
  • Set OPENID_CONNECT_SCOPES to email profile

Restart Gitea and you should be done!