Gitea REST API with OpenID Connect Token


We added an OpenID Connect (OAuth2) Authentication Source to our gitea instance and are wondering if it is possible to use the REST API with tokens generated by this external auth source?

If we try to do this using the “Authentication” header with value “token {token_value}” we get status 401 - Unauthorized (we also tried “bearer {token_value}”).

Any help or feedback is much appreciated,
Thank you!

I believe the API only works with API tokens or Gitea’s OAuth provider tokens. There is an issue on GitHub proposing the addition of using external authentication/authorization sources Provide a way to access Gitea API through external authentication source · Issue #23382 · go-gitea/gitea · GitHub but it was just created a few days ago.

A workaround I can think of is to make something like a “Gitea token generator” app that runs the user through Gitea’s OAuth2 provider workflow (which will send them to OpenID Connect before granting the token) and then shows the resulting token to them. See API Auth w/ OAuth2 Provider and OAuth2 Provider docs for more info.

1 Like

Thank you very much for the information Jake! I was already afraid that it currently is not possible… We will see if we can do something like the workaround you propsed. We will also monitor the issue you linked.