Gitea asks for local user password even when connected through OpenID

[arrfab]

• Gitea version (or commit ref): 1.3.2
• Git version:
• Operating system: CentOS 7
• Database (use [x]):
  • PostgreSQL
  • MySQL
  • MSSQL
  • SQLite
• Can you reproduce the bug at https://try.gitea.io:
  • Yes (provide example URL)
  • No
  • Not relevant
• Log gist:

Description

When registered and connected through OpenID, a user even with admin rights has to confirm some operations with his "local" password.
Problem is that $user doesn't know his local password, as he was authenticated/validated/registered through OpenID
There is no even possibility for the user to change his "local" password, as it asks for the actual one (that $user doesn't know, as auto-registered through openid)
It seems the only solution would be for $user to ask a reset of his "local" gitea password , but that defeats completely the SSO goal
...

[rakshith-ravi]

@arrfab I'm using gitea in my server and am planning to switch to OpenID. Is this still happening?

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs during the next 2 weeks. Thank you for your contributions.

[lunny]

I think this is designed. External user have to binding to a local user.

[arrfab]

@lunny except that such user doesn't know his "local password" and so can't even change it (as he was automatically registered through OpenID - see bug description)

[strk]

There should be an issue already filed about managing password-less accounts. If I'm not wrong the only way out from OpenID when asked for a password would be to use the "reset password" and rely on email to get a chance to use a new password (but things could have been changed since I last looked at this). Try to find that "password less accounts" ticket as some design is really useful to handle that.

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs during the next 2 weeks. Thank you for your contributions.

[lunny]

A random password could be set when an external user login and user could change it when he need.

[strk]

A random password could be set when an external user login and user could change it when he need.

This is what my initial implementation of the OpenID-2.0 authentication did. Was it changed recently ?

[strk]

This is the issue I was talking about: #1036
The discussion should happen there

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs during the next 2 weeks. Thank you for your contributions.

[MartinX3]

Please don't close this important issue.