Disable password registration entirely , use only oauth

Hi there -

Evaluating gitea, the first thing that stands out is that the oauth flow is not very intuitive. I added a github provider, came in as a new user, authorize the app, great - then it takes me right to a registration page where I have to enter a username all over again and make up a password - which I will never use, because I log in via github!

Example, just on this very Discourse forum, I just created a new account via github oauth. After coming back from github, Discourse gives me a popup, with my user name and real name already filled in, no password field that I will never use anyway, and a green button, “sign up!”. Two clicks and I’m in. I don’t need to enter a new password because I selected to log in via github, a password would be useless.

I understand that in giteas case, when I register with github, I’m actually getting both kinds of auth at the same time, username/password as well as github oauth. But I don’t want users to have username/password as an option at all. I don’t want users entering a captcha, I don’t want spammers coming in, and I don’t want passwords in my database and users who can’t log in to deal with - github should be the only auth possible. I run a Gerrit server in just this same way, users can only get in through a simple github oauth and that’s it.

any interest in this being an option?

well good news is, I can make this happen just with custom templates. In the link_to_account section, I remove the login control, and for the “registration” control I turn the password fields into hidden windows and populate them with a randomly generated key client-side. that pretty much gives me the flow I want. besides that I remove the regular login controls and it’s good to go.

This also bugged me.

What really helped me to understand the login/linked account thing, was this comment.

Authentication source can be LOCAL / LDAP / SMTP / PAM only. OAuth2 can only be used to link accounts, this means local users can login with their OAuth2 password, but still have a (potentially different) local password and username and email.

Could you tell me how you did this?