Skip to content

Incorrect OAuth2 ID/Secret leads 500 / incorrect error message #23936

Closed
@wxiaoguang

Description

@wxiaoguang

Description

Many users reported this problem: when they try to use OAuth2 as auth source, they see 500 errors, and an unclear error message in log:

/auth/oauth.go:920:SignInOAuthCallback() [E] [642b21e7-2] UserSignIn: oauth2: server response missing access_token

The problem is that:

  1. If the user double-click and copy the secret from GitHub app page, there will be an extra space in the Client Secret field.
  2. The incorrect Client Secret makes the auth failed. GitHub returns clear message
  3. However, the goth package doesn't respect the error message, it only returns an error "server response missing access_token"
  4. If the callback URL is incorrect, some 500 error might also happen.

To fix the problem:

  1. Trim spaces.
  2. Fix goth package, make it respect the returned error message.
  3. Make Gitea show more details if goth returns unclear messages, at least it helps users.

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions