Configure oauth2_client from env

[3isenHeiM]

Description

I'm provisioning an OAuth2 (authentik) client using env variables in the docker compose file.

Here is the complete env variables I'm passing to the container :

 - GITEA__ENABLE_AUTO_REGISTRATION=true
 - GITEA__SECURITY__INSTALL_LOCK=true
- GITEA__openid__ENABLE_OPENID_SIGNIN=false
- GITEA__openid__ENABLE_OPENID_SIGNUP=false
- GITEA__service__ALLOW_ONLY_EXTERNAL_REGISTRATION=true
- GITEA__oauth2_client__ENABLE=true
- GITEA__oauth2_client__ENABLE_AUTO_REGISTRATION=true
- GITEA__oauth2_client__REGISTER_EMAIL_CONFIRM=false
- GITEA__oauth2_client__PROVIDER_NAME=Authentik
- GITEA__oauth2_client__CLIENT_ID=<REDACTED>
- GITEA__oauth2_client__CLIENT_SECRET=<REDACTED>
- GITEA__oauth2_client__ISSUER_URL=https://auth.tld/application/o/gitea
- GITEA__oauth2_client__AUTO_DISCOVER_URL=https://auth.tld/application/o/gitea/.well-known/openid-configuration
- GITEA__oauth2_client__USE_ADMIN_GROUP=true
- GITEA__oauth2_client__OPENID_CONNECT_SCOPES=profile,email
- GITEA__oauth2_client__ACCOUNT_LINKING=auto
- GITEA__oauth2_client__USERNAME=preferred_username

These variable correclty populates the app.ini.

However I don't see the "Sign it with Oauth" button on the homepage.

What do I miss in my configuration ?

Thanks

Gitea Version

1.22.1

Can you reproduce the bug on the Gitea demo site?

Yes

Log Gist

No response

Screenshots

Git Version

No response

Operating System

No response

How are you running Gitea?

docker-compose

Database

MySQL/MariaDB

[yp05327]

You should add Authentication Source in admin panel or using command line.
But it seems that we have no oauth2 provider for authentik.

ps: it is read/save in DB, not from the settings file (env)

[3isenHeiM]

So no way to define this in a headless way ? Is env-to-ini not working ?

I could do it by modifying the docker file to add it via CLI though...

Anyway, authentik is just a standard OpenID provider, it should work ;)

[yp05327]

So no way to define this in a headless way ? Is env-to-ini not working ?

Actually, I can not found some settings like PROVIDER_NAME, ISSUER_URL.... in oauth2_client
Where did you find them?

The usable settings are here: https://github.com/go-gitea/gitea/blob/main/custom/conf/app.example.ini#L1552

I could do it by modifying the docker file to add it via CLI though

If you only want to add the oauth2 source, it will only work on the existing instance. as DB needs init first.
So for a new one, you should init the instance first, and of cause, this can be done by CLI.

Anyway, authentik is just a standard OpenID provider, it should work ;)

I think so. But maybe you need more settings in app.ini.
I didn't try it, maybe others can give you more advices.

[3isenHeiM]

I don't recall where I found them.

Anyway, I ended up writing a python script to run the command afterwards.

For others having the same issue, here is the snippet:

#!/usr/bin/env python3

import docker
import time

# Get container by name
def find_container_by_name(client, container_name):
    # List all containers (including stopped ones)
    containers = client.containers.list(all=True)
    
    # Find container by name
    for container in containers:
        if container_name in container.name:
            return container
    return None

# Run command in container
def run_command(container, command):
    # Wait until the container is running
    while container.status != "running":
        print(f"Waiting for container '{container_name}' to be ready...")
        time.sleep(2)
        container.reload()  # Refresh container status
    
    print(f"Container '{container_name}' is running.")
    
    # Run the command inside the container
    exec_result = container.exec_run(command)
    print(f"Command output: {exec_result.output.decode('utf-8')}")



# Run the command to configure the OAUTH inside Gitea. 
# This can only be done via a CLI inside the container.
# Initialize Docker client
client = docker.from_env()

# Find container by name
container_name = "gitea-server"
gitea_container = find_container_by_name(client, container_name)
if gitea_container is None:
    print(f"Container '{container_name}' not found!")
    exit

command = """
su -c "gitea admin auth add-oauth --name Authentik \
--provider openidConnect --key """ + client_id + """ \
--secret """ + client_secret + """ \
--auto-discover-url """ + autodiscover_url + """ \
--icon-url """ + icon_url + """ \
--scopes profile,email" git
"""

run_command(gitea_container, command)

Maybe it could be good to have the feature to provide the DB from the config file, to allow for a headless configuration of the service with env variables.