Description
Feature Description
Feature Request Summary
As a Gitea administrator, I would like to configure a system-wide OAuth2 provider via app.ini so that I can configure Gitea at deployment time to be a simple IdP for a small number of other applications.
Feature Request in a bit more detail
Currently, Gitea has the capability of being a simple OAuth2 provider (https://docs.gitea.io/en-us/oauth2-provider/, #14139). This works very nicely to set up a collaboration platform (e.g. Gitea + Matrix) for a small team/organisation.
However, in order for this to work, Gitea needs to be deployed and then some user needs to set up an OAuth2 application in their user settings, which generates a Client ID and Client Secret for another application that will use Gitea for login.
This makes automating the deployment of Gitea with other applications quite complicated as the deployment needs to be sequenced with various CLI / API calls to Gitea -- e.g. deploy Gitea, then create a Gitea user via CLI or API, then add an OAuth2 application to the user's account via API, receive Client ID and Client Secret, pass these to the next application deployment, then deploy the next application.
Much easier would be to configure a system-wide OAuth2 provider via app.ini with a pre-defined Client ID and Client Secret as parameters, for example:
[oauth2]
ENABLE = true
...
GLOBAL_OAUTH2_NAME = "<Some name>"
GLOBAL_OAUTH2_REDIRECT_URL = "<Callback URL>"
GLOBAL_OAUTH2_CLIENT_ID = "<some client ID>"
GLOBAL_OAUTH2_CLIENT_SECRET = "<some client secret>"
What the Feature Request is not requesting
The Feature Request is not asking for more IdP, IAM or SSO functionality beyond that which is already implemented. It is not the intention for Gitea to turn into something like Keycloak.
Screenshots
No response