Skip to content

OIDC provider #33945

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 31 commits into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
31 commits
Select commit Hold shift + click to select a range
3a16680
Refactor token signing method in OAuth2 service
sorenisanerd Jul 4, 2023
31e8ad3
feat: Add basic permissions support for actions
sorenisanerd Aug 6, 2023
8271be5
Extract {base_,}{sha,ref} and EventName logic
sorenisanerd Aug 6, 2023
724e138
feat: Add OIDC provider for actions
sorenisanerd Aug 6, 2023
fc80a8a
Copy Permissions struct actions_model
sorenisanerd Sep 16, 2023
e192676
*looks at a calendar*
sorenisanerd Sep 16, 2023
69ce797
Merge remote-tracking branch 'origin/main' into oidc-provider
sorenisanerd Sep 16, 2023
66dca88
Merge branch 'main' into oidc-provider
scubbo Mar 20, 2025
747dcc1
Add Migration with updated name
scubbo Mar 20, 2025
32e618a
Remove old (inconsistently-named) migration
scubbo Mar 20, 2025
647bdf5
Update Copyright dates
scubbo Mar 20, 2025
0625616
Lint-fix
scubbo Mar 20, 2025
f66c4b9
More lintfixes
scubbo Mar 20, 2025
3cde888
Move `permissions.go` to `modules/actions`
scubbo Mar 20, 2025
6395824
Merge remote-tracking branch 'origin/main' into oidc-provider
scubbo Mar 20, 2025
828e2d5
Correction to package-name for migration
scubbo Mar 20, 2025
3ac43c6
Merge branch 'main' into oidc-provider
scubbo Mar 25, 2025
74ace80
Merge branch 'main' into oidc-provider
scubbo Mar 28, 2025
8221de2
Add required models/actions/permissions file
scubbo Mar 28, 2025
50c2a21
Use personal tag of act
scubbo Mar 28, 2025
95c31fb
Remove routers/api/actions/runner/utils
scubbo Mar 28, 2025
8f02684
Use appropriate type for RefType
scubbo Mar 28, 2025
236745d
Merge branch 'main' into oidc-provider
scubbo Apr 5, 2025
c028254
Use renamed oauth2_provider for signing token
scubbo Apr 5, 2025
d77b250
Reformatting
scubbo Apr 5, 2025
f014369
Use gitea/act
scubbo Apr 5, 2025
f952190
PR comments
scubbo Apr 7, 2025
7b98be8
Reverting Copyright date updates
scubbo Apr 7, 2025
702f640
Move OIDC API into subfolder
scubbo Apr 7, 2025
c477e0e
Merge branch 'main' into oidc-provider
scubbo Apr 7, 2025
7094798
Merge remote-tracking branch 'origin/main' into oidc-provider
scubbo Apr 11, 2025
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Move OIDC API into subfolder
  • Loading branch information
scubbo committed Apr 7, 2025
commit 702f6401fbebfd1991b02ac88b6ba3c5d740b243
4 changes: 2 additions & 2 deletions routers/api/v1/oidc.go → routers/api/v1/actions/oidc.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
// SPDX-License-Identifier: MIT

// OIDC provider for Gitea Actions
package v1
package actions

import (
"fmt"
Expand Down Expand Up @@ -61,7 +61,7 @@ type IDToken struct {
*/
}

func generateOIDCToken(ctx *context.APIContext) {
func GenerateOIDCToken(ctx *context.APIContext) {
if ctx.Doer == nil || ctx.Data["AuthedMethod"] != (&auth_service.OAuth2{}).Name() || ctx.Data["IsActionsToken"] != true {
ctx.PlainText(http.StatusUnauthorized, "no valid authorization")
return
Expand Down
3 changes: 2 additions & 1 deletion routers/api/v1/api.go
Original file line number Diff line number Diff line change
Expand Up @@ -82,6 +82,7 @@ import (
"code.gitea.io/gitea/modules/setting"
api "code.gitea.io/gitea/modules/structs"
"code.gitea.io/gitea/modules/web"
actions_router "code.gitea.io/gitea/routers/api/v1/actions"
"code.gitea.io/gitea/routers/api/v1/activitypub"
"code.gitea.io/gitea/routers/api/v1/admin"
"code.gitea.io/gitea/routers/api/v1/misc"
Expand Down Expand Up @@ -1126,7 +1127,7 @@ func Routes() *web.Router {
})
}, tokenRequiresScopes(auth_model.AccessTokenScopeCategoryUser), reqToken())

m.Get("/actions/id-token/request", generateOIDCToken)
m.Get("/actions/id-token/request", actions_router.GenerateOIDCToken)

// Repositories (requires repo scope, org scope)
m.Post("/org/{org}/repos",
Expand Down
Loading