-
-
Notifications
You must be signed in to change notification settings - Fork 5.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Gitea asks for local user password even when connected through OpenID #3521
Comments
@arrfab I'm using gitea in my server and am planning to switch to OpenID. Is this still happening? |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs during the next 2 weeks. Thank you for your contributions. |
I think this is designed. External user have to binding to a local user. |
@lunny except that such user doesn't know his "local password" and so can't even change it (as he was automatically registered through OpenID - see bug description) |
There should be an issue already filed about managing password-less
accounts. If I'm not wrong the only way out from OpenID when asked
for a password would be to use the "reset password" and rely on email
to get a chance to use a new password (but things could have been
changed since I last looked at this).
Try to find that "password less accounts" ticket as some design is
really useful to handle that.
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs during the next 2 weeks. Thank you for your contributions. |
A random password could be set when an external user login and user could change it when he need. |
This is what my initial implementation of the OpenID-2.0 authentication did. Was it changed recently ? |
This is the issue I was talking about: #1036 |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs during the next 2 weeks. Thank you for your contributions. |
Please don't close this important issue. |
[x]
):Description
When registered and connected through OpenID, a user even with admin rights has to confirm some operations with his "local" password.
Problem is that $user doesn't know his local password, as he was authenticated/validated/registered through OpenID
There is no even possibility for the user to change his "local" password, as it asks for the actual one (that $user doesn't know, as auto-registered through openid)
It seems the only solution would be for $user to ask a reset of his "local" gitea password , but that defeats completely the SSO goal
...
The text was updated successfully, but these errors were encountered: