liberapay.com icon indicating copy to clipboard operation
liberapay.com copied to clipboard

Published 20 hours ago verified publisher icon liberapay

Add Gitea as an elsewhere platform

Open jorgesumle opened this issue 6 years ago • 7 comments

Gitea is free software like GitLab, so maybe we can use the same approach for issue #661

jorgesumle avatar Jan 21 '18 18:01 jorgesumle

  • gitea.com
  • Codeberg.org ...

6543 avatar Jan 08 '20 13:01 6543

From https://docs.gitea.io/en-us/oauth2-provider/:

To use the Authorization Code Grant as a third party application it is required to register a new application via the “Settings” (/user/settings/applications) section of the settings.

Currently Gitea does not support scopes (see #4300) and all third party applications will be granted access to all resources of the user and his/her organizations.

So, we can't automatically create OAuth credentials for Liberapay, and users would have to agree to give Liberapay write access. In other words, Gitea doesn't provide what we need for a good integration.

Changaco avatar Feb 17 '20 10:02 Changaco

@Changaco

dont think so: only one user (best would be a admin of librepay) has to create an OAuth app in his user settings for the Oauth credentials

and now every user can use this OAuth source

6543 avatar Feb 18 '20 14:02 6543

Currently Gitea does not support scopes (see #4300) and all third party applications will be granted access to all resources of the user and his/her organizations.

We want to have minimum scope we can have (which is basically read only access to basic information), and since we are not going to write anything, we probably should not have write access - so nothing can be done with the credentials if some really bad things (tm) happens and our DB is compromised.

revi avatar Feb 19 '20 16:02 revi

From https://docs.gitea.io/en-us/oauth2-provider/:

To use the Authorization Code Grant as a third party application it is required to register a new application via the “Settings” (/user/settings/applications) section of the settings. Currently Gitea does not support scopes (see #4300) and all third party applications will be granted access to all resources of the user and his/her organizations.

So, we can't automatically create OAuth credentials for Liberapay, and users would have to agree to give Liberapay write access. In other words, Gitea doesn't provide what we need for a good integration.

I'm not certain if I have much to add to this conversation.

But it is possible for Liberapay to ask users to remove the application OAuth keys after they have verified an account.

Gitea and NotABug and many other platforms also utilize Libravatar and allow users to include domains and other information which might be able to be used to verify them.

ncorder avatar Nov 04 '21 01:11 ncorder

Any possibility to have pulling repositories from any gitea instance?

Akselmo avatar Jan 23 '23 18:01 Akselmo

Also stopping by to mention that we've merged https://github.com/go-gitea/gitea/pull/20908 which allows for scoped tokens, which should address some of the other concerns here.

jolheiser avatar Jan 24 '23 18:01 jolheiser