Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add skip secondary authorization option for public oauth2 clients #31454

Merged
merged 10 commits into from
Jul 19, 2024
Merged

add skip secondary authorization option for public oauth2 clients #31454

merged 10 commits into from
Jul 19, 2024

Conversation

denyskon
Copy link
Member

Followup to #30790

Add an option to allow skipping the manual authorization on every request for public clients.

As this measure is not a hard requirement by the OAuth2 spec and all the major competitors of Gitea not implementing it, make it opt-out to allow for consistent user experience and simplified workflow for users who need it.

@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Jun 21, 2024
@pull-request-size pull-request-size bot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label Jun 21, 2024
@github-actions github-actions bot added modifies/translation modifies/api This PR adds API routes or modifies them modifies/go Pull requests that update Go code modifies/templates This PR modifies the template files modifies/migrations modifies/js labels Jun 21, 2024
@denyskon denyskon added this to the 1.23.0 milestone Jun 21, 2024
@denyskon denyskon added type/enhancement An improvement of existing functionality topic/api Concerns mainly the API labels Jun 21, 2024
@denyskon
Copy link
Member Author

(easier to review with disabled whitespace changes :)

delvh
delvh reviewed Jun 28, 2024
View reviewed changes
web_src/js/features/oauth2-settings.js Outdated Show resolved Hide resolved
models/migrations/v1_23/v300.go Outdated Show resolved Hide resolved
routers/web/auth/oauth.go Show resolved Hide resolved
@denyskon denyskon requested a review from delvh June 28, 2024 21:38
delvh
delvh approved these changes Jun 28, 2024
View reviewed changes
Copy link
Member

@delvh delvh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think I'm able to test this, so here's my approval.

@GiteaBot GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Jun 28, 2024
@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Jul 19, 2024
@denyskon denyskon added the reviewed/wait-merge This pull request is part of the merge queue. It will be merged soon. label Jul 19, 2024
@denyskon denyskon removed the reviewed/wait-merge This pull request is part of the merge queue. It will be merged soon. label Jul 19, 2024
@denyskon denyskon added the reviewed/wait-merge This pull request is part of the merge queue. It will be merged soon. label Jul 19, 2024
@techknowlogick techknowlogick merged commit a8d0c87 into go-gitea:main Jul 19, 2024
26 checks passed
@GiteaBot GiteaBot removed the reviewed/wait-merge This pull request is part of the merge queue. It will be merged soon. label Jul 19, 2024
@denyskon denyskon deleted the feat/oauth2-skip-secondary-auth branch July 20, 2024 03:38
zjjhot added a commit to zjjhot/gitea that referenced this pull request Jul 20, 2024
@zjjhot
Merge remote-tracking branch 'giteaofficial/main'
7bb635e 
* giteaofficial/main:
  fix redis dep (go-gitea#31662)
  add skip secondary authorization option for public oauth2 clients (go-gitea#31454)
  Fix a branch divergence cache bug (go-gitea#31659)
silverwind added a commit to techknowlogick/gitea that referenced this pull request Jul 23, 2024
@silverwind
Merge remote-tracking branch 'origin/main' into nolyfill
48fdc78 
* origin/main: (59 commits)
  fix OIDC introspection authentication (go-gitea#31632)
  Enable direnv (go-gitea#31672)
  [skip ci] Updated translations via Crowdin
  [skip ci] Updated translations via Crowdin
  fix redis dep (go-gitea#31662)
  add skip secondary authorization option for public oauth2 clients (go-gitea#31454)
  Fix a branch divergence cache bug (go-gitea#31659)
  [skip ci] Updated translations via Crowdin
  Remove unneccessary uses of `word-break: break-all` (go-gitea#31637)
  [skip ci] Updated translations via Crowdin
  Allow searching issues by ID (go-gitea#31479)
  allow synchronizing user status from OAuth2 login providers (go-gitea#31572)
  Enable `no-jquery/no-class-state` (go-gitea#31639)
  Added default sorting milestones by name (go-gitea#27084)
  Code editor theme enhancements (go-gitea#31629)
  Add option to change mail from user display name (go-gitea#31528)
  Upgrade xorm to v1.3.9 and improve some migrations Sync (go-gitea#29899)
  Issue Templates: add option to have dropdown printed list (go-gitea#31577)
  Fix update flake (go-gitea#31626)
  [skip ci] Updated translations via Crowdin
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@techknowlogick techknowlogick techknowlogick approved these changes

@delvh delvh delvh approved these changes

Assignees
No one assigned
Labels
lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. modifies/api This PR adds API routes or modifies them modifies/go Pull requests that update Go code modifies/migrations modifies/templates This PR modifies the template files modifies/translation size/L Denotes a PR that changes 100-499 lines, ignoring generated files. topic/api Concerns mainly the API type/enhancement An improvement of existing functionality
Projects
None yet
Milestone
1.23.0
Development

Successfully merging this pull request may close these issues.
4 participants
@denyskon @techknowlogick @delvh @GiteaBot