How to add a sign-in with codeberg feature to my services #463

Open
opened 3 weeks ago by Bubu · 5 comments
Bubu commented 3 weeks ago

I run a weblate instance as well as a gitlab. Especially the weblate is actually used by a couple of projects hosted on codeberg.org. The gitlab obviously not but I use it for my personal projects and I'd like to reduce contributor friction as well as promote codeberg.

Both weblate and gitlab support social login via several services, In particular I have enabled gitlab.com and github as login providers. I'd like to add codeberg.org to that list.

I think it's possible to use gitea as an indentity provider?

Has anyone ever done this? Are there any docs on this available?

I run a [weblate instance](https://weblate.bubu1.eu) as well as a [gitlab](https://git.bubu1.eu). Especially the weblate is actually used by a couple of projects hosted on codeberg.org. The gitlab obviously not but I use it for my personal projects and I'd like to reduce contributor friction as well as promote codeberg. Both weblate and gitlab support social login via several services, In particular I have enabled gitlab.com and github as login providers. I'd like to add codeberg.org to that list. I think it's possible to use gitea as an indentity provider? Has anyone ever done this? Are there any docs on this available?
Collaborator

Have a look at https://docs.gitea.io/en-us/oauth2-provider/, I think this is what you are looking for (at least this should allow Gitea to Gitea login), and chat with @6543 who used this to allow sign-in to https://code.obermui.de.

I wonder if it's possible to allow sign-in without granting access to all account data ...

Have a look at https://docs.gitea.io/en-us/oauth2-provider/, I think this is what you are looking for (at least this should allow Gitea to Gitea login), and chat with @6543 who used this to allow sign-in to https://code.obermui.de. I wonder if it's possible to allow sign-in without granting access to all account data ...
fnetX added the
docs
question
labels 3 weeks ago
Poster

I wonder if it's possible to allow sign-in without granting access to all account data ...

Not yet, this is tracked here: https://github.com/go-gitea/gitea/issues/4300 (and yes, this is very much needed for a "login with codeberg" feature to make any sense from a security standpoint.)

> I wonder if it's possible to allow sign-in without granting access to all account data ... Not yet, this is tracked here: https://github.com/go-gitea/gitea/issues/4300 (and yes, this is very much needed for a "login with codeberg" feature to make any sense from a security standpoint.)
Poster

When I try to create a new ouath app under https://codeberg.org/user/settings/applications I only get a 500 error. Unfortunately that's not very helpful in figuring out what I'm doing wrong :(.

This is what I'm trying to input there:
image

Aaaand now it randomly stated working.

When I try to create a new ouath app under https://codeberg.org/user/settings/applications I only get a 500 error. Unfortunately that's not very helpful in figuring out what I'm doing wrong :(. This is what I'm trying to input there: ![image](/attachments/8623f8eb-d389-4296-a1d9-658922bb1aba) ### Aaaand now it randomly stated working.
Poster

Some updates:

I tried condiguring the gitlab side of this, interestingly best documented in the Synapse docs here: https://github.com/matrix-org/synapse/blob/develop/docs/openid.md#gitea

Gitlab throws a weird 500 error upon calling the callback, let's see what they say:
https://gitlab.com/gitlab-org/gitlab/-/issues/332738

For weblate it seems that setting some config options is not enough, you have to implement a custom backend for Python Social-Auth-Core I didn't get around to this yet.

Some updates: I tried condiguring the gitlab side of this, interestingly best documented in the *Synapse* docs here: https://github.com/matrix-org/synapse/blob/develop/docs/openid.md#gitea Gitlab throws a weird 500 error upon calling the callback, let's see what they say: https://gitlab.com/gitlab-org/gitlab/-/issues/332738 For weblate it seems that setting some config options is not enough, you have to implement a custom backend for [Python Social-Auth-Core](https://github.com/python-social-auth/social-core#python-social-auth---core) I didn't get around to this yet.
Poster

MR for social-core: https://github.com/python-social-auth/social-core/pull/595

Weblate feature request/question to make it easier to add the codeberg name/logo: https://github.com/WeblateOrg/weblate/issues/6163

MR for social-core: https://github.com/python-social-auth/social-core/pull/595 Weblate feature request/question to make it easier to add the codeberg name/logo: https://github.com/WeblateOrg/weblate/issues/6163
Sign in to join this conversation.
No Milestone
No Assignees
2 Participants
Notifications
Due Date

No due date set.

Dependencies

This issue currently doesn't have any dependencies.

Loading…
There is no content yet.