I’ve configured Gitea 1.22.3 with authentication against Nextcloud OAuth2. Using “OpenID Connect” provider and the autodiscovery URL works (I’m using the extended OIDC Identity Provider app), Nextcloud provider with Auth/Token/Profile URL as well.
So Nextcloud SSO mostly works, except for administrator privileges:
“Additional Scopes” is set to “email profile groups”, and “Claim name providing group names” to “groups”. As soon as I configure “Group Claim value for administrator users”, a users administrator flag will be cleared on his next login.
I cranked up logging to Trace, but didn’t get much more information beyond “Session Authorization: Found user xxx”, “Session Authorization: Logged in user xxx”.
What am I missing?
New information: the connector has even more problems. When I first logged on using SSO, I was asked to password-confirm the assignment to my existing user. Now, a collegue tried the same: he wasn’t as for user-assignment, but was logged in with my account.