OAuth OpenID without using local user

Hello everyone,

I’ve been trying to use OAuth (with OpenID Connection) to use our Azure Active Directory in Gitea as an Authentication source.

What I see is that it is required to create a local user (with a password) and then, through the mail, the user is attached to an OAuth session. I’ve made a test and after the OAuth, when I return to Gitea, it forces me to register an user with that email.

Is it possible to force everyone to use only OAuth? I don’t want that local login, because we cannot ensure that our internal policies are applied.

We tried with an O365 Admin user and that works. Now I’m trying with another user and I’m receiving this log

oauth2: cannot fetch token: 400 Bad Request

the log is also attached with this AAD error: AADSTS900144

Thank you so much,