Closed
Description
Description
Many users reported this problem: when they try to use OAuth2 as auth source, they see 500 errors, and an unclear error message in log:
/auth/oauth.go:920:SignInOAuthCallback() [E] [642b21e7-2] UserSignIn: oauth2: server response missing access_token
The problem is that:
- If the user double-click and copy the secret from GitHub app page, there will be an extra space in the Client Secret field.
- The incorrect Client Secret makes the auth failed. GitHub returns clear message
- However, the goth package doesn't respect the error message, it only returns an error "server response missing access_token"
- If the callback URL is incorrect, some 500 error might also happen.
To fix the problem:
- Trim spaces.
- Fix goth package, make it respect the returned error message.
- Make Gitea show more details if goth returns unclear messages, at least it helps users.