Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2.2 KiB
title |
---|
Gitea |
What is Gitea
From https://gitea.io/
:::note Gitea is a community managed lightweight code hosting solution written in Go. It is published under the MIT license. :::
:::note This is based on authentik 2021.10.3 and Gitea 1.15.6 installed using https://docs.gitea.io/en-us/install-from-binary/. Instructions may differ between versions. :::
Preparation
The following placeholders will be used:
authentik.company
is the FQDN of authentik.gitea.company
is the FQDN of Gitea.
Step 1
In authentik, create an OAuth2/OpenID Provider (under Resources/Providers) with these settings:
:::note Only settings that have been modified from default have been listed. :::
Protocol Settings
- Name: Gitea
- RSA Key: Select any available key
:::note
Take note of the Client ID
and Client Secret
, you'll need to give them to Gitea in Step 3.
:::
Step 2
In authentik, create an application (under Resources/Applications) which uses this provider. Optionally apply access restrictions to the application using policy bindings.
:::note Only settings that have been modified from default have been listed. :::
- Name: Gitea
- Slug: gitea-slug
- Provider: Gitea
Step 3
Navigate to the Authentication Sources page at https://gitea.company/admin/auths and click Add Authentication Source
Change the following fields
- Authentication Name: authentik
- OAuth2 Provider: OpenID Connect
- Client ID (Key): Step 2
- Client Secret: Step 2
- Icon URL: https://raw.githubusercontent.com/goauthentik/authentik/master/web/icons/icon.png
- OpenID Connect Auto Discovery URL: https://authentik.company/application/o/gitea-slug/.well-known/openid-configuration
Add Authentication Source
Next you should edit your Gitea's 'app.ini' to make Gitea request the proper OIDC Scope from authentik. (It'll by default only ask for the 'openid' scope which doesn't provide us with the relevant information.)
In your Gitea instance, navigate to your app.ini and make the following changes
- If it doesn't exist yet, create a
[oauth2_client]
section - Set
OPENID_CONNECT_SCOPES
toemail profile
Restart Gitea and you should be done!