forgejo: re-enable ENABLE_AUTO_REGISTRATION for zero-click GitHub sign-up
All checks were successful
ci/woodpecker/push/default Pipeline was successful
All checks were successful
ci/woodpecker/push/default Pipeline was successful
Per Viktor: GitHub sign-up must work zero-click (account created on first login, no form). This global [oauth2_client] setting enables it. It conflicts with Authentik (preferred_username is an email → invalid Forgejo username → 500 on auto-create), and Viktor's Forgejo email (me@viktorbarzin.me) doesn't match his Authentik email (vbarzin@gmail.com) so account-linking can't bridge it — so the Authentik OAuth2 source is DISABLED (login_source.is_active=0; DB-managed, out-of-band) per his directive. Forgejo sign-in is now GitHub + native login. Committed via API to land on origin without pushing a concurrent agent's unpushed local commit. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
parent
ef530b7d38
commit
7d99203fc6
1 changed files with 11 additions and 0 deletions
|
|
@ -280,6 +280,17 @@ resource "kubernetes_deployment" "forgejo" {
|
|||
}
|
||||
}
|
||||
}
|
||||
# Zero-click sign-up for GitHub (OAuth2): auto-create the local
|
||||
# account on first login (GitHub's username claim is valid). This is a
|
||||
# GLOBAL [oauth2_client] setting, so the Authentik OAuth2 source is kept
|
||||
# DISABLED (login_source.is_active=0, set out-of-band — sources are
|
||||
# DB-managed, not TF): Authentik's preferred_username is the user's email,
|
||||
# an invalid Forgejo username that 500'd auto-create. Re-enable Authentik
|
||||
# only after fixing its username claim. docs/runbooks/forgejo-open-signups.md
|
||||
env {
|
||||
name = "FORGEJO__oauth2_client__ENABLE_AUTO_REGISTRATION"
|
||||
value = "true"
|
||||
}
|
||||
volume_mount {
|
||||
name = "data"
|
||||
mount_path = "/data"
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue