Gitea Oauth not working on Linux

[ghost]

Version

2.4.1

Operating system

Linux

OS version or distribution

Ubuntu 22.04 fresh install

Git hosting provider(s)

Other - please describe below

Other hosting provider

Gitea

(Azure DevOps only) What format is your remote URL?

None

Can you access the remote repository directly in the browser?

Yes, I can access the repository

Expected behavior

Prompt for loging

Actual behavior

Enter basic credentials for 'https://....'

Logs

03:35:08.053205 git.c:455               trace: built-in: git credential-cache get
03:35:08.055785 .../HostProvider.cs:131 trace: [GetCredentialAsync] No existing credentials found.
03:35:08.055797 .../HostProvider.cs:134 trace: [GetCredentialAsync] Creating new credential...
03:35:08.057616 ...ricOAuthConfig.cs:38 trace: [TryGet] Invalid OAuth configuration - missing/invalid authorize endpoint: 
03:35:08.057831 ...cHostProvider.cs:104 trace: [GenerateCredentialAsync] Skipping check for Windows Integrated Authentication on Linux.
03:35:08.057842 ...cHostProvider.cs:113 trace: [GenerateCredentialAsync] Prompting for basic credentials...

[ghost]

similar to #1408

[bohni]

Maybe this helps: #1062 as mentioned here: #145 (comment)

[ghost]

I thought #1426 already support this.
My gitea site works with GCM out of the box without any configuration on windows .

[bohni]

Ah, ok.

I'm running it on a sub path "https://example.com/git" and the URL that opens is https://example.com/login/oauth/authorize?..." - So I had to use the mentioned config... (I'm actual on windows, not Linux)

[ghost]

@bohni Could you show your conig?

[bohni]

My -working - config ist

[credential "https://example.org"]
	useHttpPath = false
	provider = generic
	oauthClientId = e90ee53c-94e2-48ac-9358-a874fb9e0662
	oauthAuthorizeEndpoint = /git/login/oauth/authorize
	oauthTokenEndpoint = /git/login/oauth/access_token

When I remove this section, the URL that opens in the Browser is

https://example.org/login/oauth/authorize?response_type=code&client_id=e90ee53c-94e2-48ac-9358-a874fb9e0662&state=eacb7d86074a4e5397b1855465b78d41&code_challenge_method=S256&code_challenge=r9nb-3HlHYUfMTm2QYItdmXnbO828rRGyF8ktI_w8p4&redirect_uri=http%3a%2f%2f127.0.0.1%3a55150%2f

This URL is missing the required subpath /git

Edit 2024-03-14: I'm running Gitea behind Apache httpd: see Apache HTTPD with a sub-path

[SagePtr]

03:35:08.057616 ...ricOAuthConfig.cs:38 trace: [TryGet] Invalid OAuth configuration - missing/invalid authorize endpoint:

If your git version is older than 2.41.0, it won't pass the WWW-Authenticate header to the credential helper and therefore won't autodetect Gitea. Either configure endpoints manually or update git executable.

[becm]

@bohni there might be a hint in the Remarks section on the respective URI constructor.
Supplying a String with a leading / will replace any relative part of the URI.

Seems the well-known paths need a respective touch-up.
And it has to be checked if the remote URI is actual referencing the root level.

[becm]

A solution will require the following steps:

• Git must be configured to pass the full HTTP path (see default Azure repo settings)
• An extraction step for the base URI (<proto>://<host>[/<sub>]/<owner>/<repo>) MUST be added
  New base URI must be used in:
  • Credential store identifier for access token
  • Credential store identifier for refresh tokens (ideally use return of GetServiceName here as well)
  • Base location for token endpoints
• The well-known Gitea endpoints MUST NOT use relative notation