When Gitea acts as OAuth2 provider login fails

[quartje]

Description

I have configured an "Authorized OAuth2 Application"
My application redirects me to the OAuth2 authorize URL: /login/oauth/authorize?
This will then redirect me to the login page at /user/login
After I enter my credentails I am redirected back to the authorize URL.
The authorize URL will then redirect me back to the login page.

If I am already logged in to the Gitea web interface, and I do have a valid session it works as expected: The first authorize request redirects me back to my application with the code needed for the code flow.

I can reproduce this issue on the Gitea demo site

Gitea Version

1.21.2

Can you reproduce the bug on the Gitea demo site?

Yes

Log Gist

https://gist.github.com/quartje/ea9b6575e17a74f34a9189d0cab81aeb

Screenshots

No response

Git Version

No response

Operating System

Kubernetes

How are you running Gitea?

I use the Helm charts to run gitea in Kubernetes

Database

MySQL/MariaDB

[miqsoft]

I had the same issue.
For me the solution was to make sure that the redirect_uri within the query parameters is url safe.

[Zettat123]

I cannot reproduce this bug. Are there any errors on the client side?

[wxiaoguang]

I think this problem has been fixed by:

-> Use strict protocol check when redirect #29642

---

The 1.21 nightly (pre-1.21.8) is ready, it is a stable release and will become 1.21.8 soon. Please take a try, if the problem is still not resolved, please help to provide more details. Thank you!

Get 1.21 nightly:

• Docker: https://hub.docker.com/r/gitea/gitea/tags?page=1&name=nightly
• Binary: https://dl.gitea.com/gitea/1.21/

---

I think this issue could be closed. If there is any new problem, feel free to report 🙏

And sorry for the inconvenience caused by the bug.