git-ecosystem
Universal Gitea OAuth configuration uses wrong endpoints if gitea uses a subfolder
Version
2.5.0+d34930736e131ad80e5690e5634ced1808aff3e2
Operating system
Windows
OS version or distribution
Windows 11 23h2
Git hosting provider(s)
Other - please describe below
Other hosting provider
Gitea selfhosted instance
(Azure DevOps only) What format is your remote URL?
None
Can you access the remote repository directly in the browser?
Yes, I can access the repository
Expected behavior
Gitea is hosted on https://example.com/git/
Trying to clone a Repository (e.g. git clone https//examle.com/git/test/test.git) should send the user to https://example.com/git/login/oauth/authorize and get the token from https://example.com/git/login/oauth/access_token
Actual behavior
The authorization endpoint used is https://example.com/login/oauth/authorize and get the token from https://example.com/login/oauth/access_token (notice the missing /git/ directory in the url)
Logs
14:23:56.073236 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/bin
14:23:56.073236 git.c:465 trace: built-in: git clone https://example.com/git/test/test
Cloning into 'test'...
14:23:56.088884 run-command.c:657 trace: run_command: git remote-https origin https://example.com/git/test/test
14:23:56.120040 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:56.120040 git.c:750 trace: exec: git-remote-https origin https://example.com/git/test/test
14:23:56.120040 run-command.c:657 trace: run_command: git-remote-https origin https://example.com/git/test/test
14:23:56.167184 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:56.542051 run-command.c:657 trace: run_command: 'git credential-manager get'
14:23:56.589476 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:56.589476 git.c:750 trace: exec: git-credential-manager get
14:23:56.589476 run-command.c:657 trace: run_command: git-credential-manager get
14:23:56.714049 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:56.714049 git.c:465 trace: built-in: git config --null --list
14:23:56.776372 ...\Application.cs:106 trace: [RunInternalAsync] Version: 2.5.0.0
14:23:56.776372 ...\Application.cs:107 trace: [RunInternalAsync] Runtime: .NET Framework 4.8.9241.0
14:23:56.776372 ...\Application.cs:108 trace: [RunInternalAsync] Platform: Windows (x86-64)
14:23:56.776372 ...\Application.cs:109 trace: [RunInternalAsync] OSVersion: 10.0 (build 22631)
14:23:56.776372 ...\Application.cs:110 trace: [RunInternalAsync] AppPath: C:\Program Files\Git\mingw64\bin\git-credential-manager.exe
14:23:56.776372 ...\Application.cs:111 trace: [RunInternalAsync] InstallDir: C:\Program Files\Git\mingw64\bin\
14:23:56.776372 ...\Application.cs:112 trace: [RunInternalAsync] Arguments: get
14:23:56.839182 ...GitCommandBase.cs:32 trace: [ExecuteAsync] Start 'get' command...
14:23:56.839182 ...GitCommandBase.cs:46 trace: [ExecuteAsync] Detecting host provider for input:
14:23:56.839182 ...GitCommandBase.cs:47 trace: [ExecuteAsync] protocol=https
14:23:56.839182 ...GitCommandBase.cs:47 trace: [ExecuteAsync] host=example.com
14:23:56.839182 ...GitCommandBase.cs:47 trace: [ExecuteAsync] wwwauth=Basic realm="Gitea"
14:23:56.854704 ...viderRegistry.cs:149 trace: [GetProviderAsync] Performing auto-detection of host provider.
14:23:56.854704 ...viderRegistry.cs:162 trace: [GetProviderAsync] Auto-detect probe timeout is 2 ms.
14:23:56.854704 ...viderRegistry.cs:170 trace: [GetProviderAsync] Checking against 4 host providers registered with priority 'Normal'.
14:23:56.854704 ...viderRegistry.cs:185 trace: [GetProviderAsync] Querying remote URL for host provider auto-detection.
14:23:56.854704 ...pClientFactory.cs:60 trace: [CreateClient] Creating new HTTP client instance...
14:23:56.870342 ...pClientFactory.cs:80 trace: [CreateClient] Git's SSL/TLS backend is: OpenSsl
14:23:56.885848 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:56.885848 git.c:465 trace: built-in: git version
14:23:56.901480 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:56.901480 git.c:465 trace: built-in: git config --null --type=path http.https://example.com.sslCAInfo
14:23:56.916985 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:56.916985 git.c:465 trace: built-in: git config --null --type=path http.example.com.sslCAInfo
14:23:56.932617 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:56.932617 git.c:465 trace: built-in: git config --null --type=path http.https://cp-austria.at.sslCAInfo
14:23:56.948129 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:56.948129 git.c:465 trace: built-in: git config --null --type=path http.cp-austria.at.sslCAInfo
14:23:56.948129 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:56.963769 git.c:465 trace: built-in: git config --null --type=path http.sslCAInfo
14:23:56.963769 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:56.979786 git.c:465 trace: built-in: git config --null --type=path http.https://example.com.sslCAInfo
14:23:56.979786 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:56.979786 git.c:465 trace: built-in: git config --null --type=path http.example.com.sslCAInfo
14:23:56.995424 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:56.995424 git.c:465 trace: built-in: git config --null --type=path http.https://cp-austria.at.sslCAInfo
14:23:57.010930 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:57.010930 git.c:465 trace: built-in: git config --null --type=path http.cp-austria.at.sslCAInfo
14:23:57.026561 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:57.026561 git.c:465 trace: built-in: git config --null --type=path http.sslCAInfo
14:23:57.026561 ...ClientFactory.cs:113 trace: [CreateClient] Custom certificate verification has been enabled with certificate bundle at C:/Program Files/Git/mingw64/etc/ssl/certs/ca-bundle.crt
14:23:57.042069 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:57.042069 git.c:465 trace: built-in: git config --null --type=path http.https://example.com.cookieFile
14:23:57.042069 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:57.057701 git.c:465 trace: built-in: git config --null --type=path http.example.com.cookieFile
14:23:57.057701 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:57.073207 git.c:465 trace: built-in: git config --null --type=path http.https://cp-austria.at.cookieFile
14:23:57.073207 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:57.073207 git.c:465 trace: built-in: git config --null --type=path http.cp-austria.at.cookieFile
14:23:57.088844 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:57.088844 git.c:465 trace: built-in: git config --null --type=path http.cookieFile
14:23:57.339163 ...etHostProvider.cs:76 trace: [IsSupported] Host isn't supported as Bitbucket
14:23:57.339163 ...viderRegistry.cs:170 trace: [GetProviderAsync] Checking against 1 host providers registered with priority 'Low'.
14:23:57.339163 ...viderRegistry.cs:238 trace: [GetProviderAsync] Remembering host provider for 'https://example.com/' as 'generic'...
14:23:57.339163 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:57.354669 git.c:465 trace: built-in: git config --global credential.https://example.com.provider generic
14:23:57.354669 ...GitCommandBase.cs:49 trace: [ExecuteAsync] Host provider 'Generic' was selected.
14:23:57.354669 ...\HostProvider.cs:126 trace: [GetCredentialAsync] Looking for existing credential in store with service=https://example.com account=...
14:23:57.354669 ...\HostProvider.cs:131 trace: [GetCredentialAsync] No existing credentials found.
14:23:57.354669 ...\HostProvider.cs:134 trace: [GetCredentialAsync] Creating new credential...
14:23:57.354669 ...ricOAuthConfig.cs:19 trace: [TryGet] Using universal Gitea OAuth configuration
14:23:57.354669 ...icHostProvider.cs:68 trace: [GenerateCredentialAsync] Found generic OAuth configuration for 'https://example.com/':
14:23:57.354669 ...icHostProvider.cs:69 trace: [GenerateCredentialAsync] AuthzEndpoint = https://example.com/login/oauth/authorize
14:23:57.354669 ...icHostProvider.cs:70 trace: [GenerateCredentialAsync] TokenEndpoint = https://example.com/login/oauth/access_token
14:23:57.354669 ...icHostProvider.cs:71 trace: [GenerateCredentialAsync] DeviceEndpoint =
14:23:57.354669 ...icHostProvider.cs:72 trace: [GenerateCredentialAsync] ClientId = e90ee53c-94e2-48ac-9358-a874fb9e0662
14:23:57.354669 ...icHostProvider.cs:73 trace: [GenerateCredentialAsync] ClientSecret =
14:23:57.354669 ...icHostProvider.cs:74 trace: [GenerateCredentialAsync] RedirectUri = http://127.0.0.1/
14:23:57.354669 ...icHostProvider.cs:75 trace: [GenerateCredentialAsync] Scopes = []
14:23:57.354669 ...icHostProvider.cs:76 trace: [GenerateCredentialAsync] UseAuthHeader = True
14:23:57.354669 ...icHostProvider.cs:77 trace: [GenerateCredentialAsync] DefaultUserName = OAUTH_USER
14:23:57.370311 ...pClientFactory.cs:60 trace: [CreateClient] Creating new HTTP client instance...
14:23:57.370311 ...pClientFactory.cs:80 trace: [CreateClient] Git's SSL/TLS backend is: OpenSsl
14:23:57.370311 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:57.370311 git.c:465 trace: built-in: git config --null --type=path http.https://example.com.sslCAInfo
14:23:57.385824 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:57.385824 git.c:465 trace: built-in: git config --null --type=path http.example.com.sslCAInfo
14:23:57.401456 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:57.401456 git.c:465 trace: built-in: git config --null --type=path http.https://cp-austria.at.sslCAInfo
14:23:57.401456 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:57.416962 git.c:465 trace: built-in: git config --null --type=path http.cp-austria.at.sslCAInfo
14:23:57.416962 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:57.432595 git.c:465 trace: built-in: git config --null --type=path http.sslCAInfo
14:23:57.432595 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:57.448106 git.c:465 trace: built-in: git config --null --type=path http.https://example.com.sslCAInfo
14:23:57.448106 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:57.463750 git.c:465 trace: built-in: git config --null --type=path http.example.com.sslCAInfo
14:23:57.463750 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:57.463750 git.c:465 trace: built-in: git config --null --type=path http.https://cp-austria.at.sslCAInfo
14:23:57.479756 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:57.479756 git.c:465 trace: built-in: git config --null --type=path http.cp-austria.at.sslCAInfo
14:23:57.495389 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:57.495389 git.c:465 trace: built-in: git config --null --type=path http.sslCAInfo
14:23:57.495389 ...ClientFactory.cs:113 trace: [CreateClient] Custom certificate verification has been enabled with certificate bundle at C:/Program Files/Git/mingw64/etc/ssl/certs/ca-bundle.crt
14:23:57.510898 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:57.510898 git.c:465 trace: built-in: git config --null --type=path http.https://example.com.cookieFile
14:23:57.526531 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:57.526531 git.c:465 trace: built-in: git config --null --type=path http.example.com.cookieFile
14:23:57.526531 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:57.542038 git.c:465 trace: built-in: git config --null --type=path http.https://cp-austria.at.cookieFile
14:23:57.542038 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:57.557680 git.c:465 trace: built-in: git config --null --type=path http.cp-austria.at.cookieFile
14:23:57.557680 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:57.573203 git.c:465 trace: built-in: git config --null --type=path http.cookieFile
Gitea publishes a .well-known/openid-configuration on https://example.com/git/.well-known/openid-configuration Maybe this could be used to get the correct endpoints.
I thing it would be also fine to require that .well-known/openid-configuration is published at https://example.com/.well-known/openid-configuration (No additional directory). It would be up to the server administrator to copy the openid-configuration to the correct location.
14:23:56.073236 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/bin
14:23:56.073236 git.c:465 trace: built-in: git clone https://example.com/git/test/test
Cloning into 'test'...
14:23:56.088884 run-command.c:657 trace: run_command: git remote-https origin https://example.com/git/test/test
14:23:56.120040 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:56.120040 git.c:750 trace: exec: git-remote-https origin https://example.com/git/test/test
14:23:56.120040 run-command.c:657 trace: run_command: git-remote-https origin https://example.com/git/test/test
14:23:56.167184 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:56.542051 run-command.c:657 trace: run_command: 'git credential-manager get'
14:23:56.589476 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:56.589476 git.c:750 trace: exec: git-credential-manager get
14:23:56.589476 run-command.c:657 trace: run_command: git-credential-manager get
14:23:56.714049 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:56.714049 git.c:465 trace: built-in: git config --null --list
14:23:56.776372 ...\Application.cs:106 trace: [RunInternalAsync] Version: 2.5.0.0
14:23:56.776372 ...\Application.cs:107 trace: [RunInternalAsync] Runtime: .NET Framework 4.8.9241.0
14:23:56.776372 ...\Application.cs:108 trace: [RunInternalAsync] Platform: Windows (x86-64)
14:23:56.776372 ...\Application.cs:109 trace: [RunInternalAsync] OSVersion: 10.0 (build 22631)
14:23:56.776372 ...\Application.cs:110 trace: [RunInternalAsync] AppPath: C:\Program Files\Git\mingw64\bin\git-credential-manager.exe
14:23:56.776372 ...\Application.cs:111 trace: [RunInternalAsync] InstallDir: C:\Program Files\Git\mingw64\bin
14:23:56.776372 ...\Application.cs:112 trace: [RunInternalAsync] Arguments: get
14:23:56.839182 ...GitCommandBase.cs:32 trace: [ExecuteAsync] Start 'get' command...
14:23:56.839182 ...GitCommandBase.cs:46 trace: [ExecuteAsync] Detecting host provider for input:
14:23:56.839182 ...GitCommandBase.cs:47 trace: [ExecuteAsync] protocol=https
14:23:56.839182 ...GitCommandBase.cs:47 trace: [ExecuteAsync] host=example.com
14:23:56.839182 ...GitCommandBase.cs:47 trace: [ExecuteAsync] wwwauth=Basic realm="Gitea"
14:23:56.854704 ...viderRegistry.cs:149 trace: [GetProviderAsync] Performing auto-detection of host provider.
14:23:56.854704 ...viderRegistry.cs:162 trace: [GetProviderAsync] Auto-detect probe timeout is 2 ms.
14:23:56.854704 ...viderRegistry.cs:170 trace: [GetProviderAsync] Checking against 4 host providers registered with priority 'Normal'.
14:23:56.854704 ...viderRegistry.cs:185 trace: [GetProviderAsync] Querying remote URL for host provider auto-detection.
14:23:56.854704 ...pClientFactory.cs:60 trace: [CreateClient] Creating new HTTP client instance...
14:23:56.870342 ...pClientFactory.cs:80 trace: [CreateClient] Git's SSL/TLS backend is: OpenSsl
14:23:56.885848 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:56.885848 git.c:465 trace: built-in: git version
14:23:56.901480 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:56.901480 git.c:465 trace: built-in: git config --null --type=path http.https://example.com.sslCAInfo
14:23:56.916985 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:56.916985 git.c:465 trace: built-in: git config --null --type=path http.example.com.sslCAInfo
14:23:56.932617 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:56.932617 git.c:465 trace: built-in: git config --null --type=path http.https://cp-austria.at.sslCAInfo
14:23:56.948129 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:56.948129 git.c:465 trace: built-in: git config --null --type=path http.cp-austria.at.sslCAInfo
14:23:56.948129 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:56.963769 git.c:465 trace: built-in: git config --null --type=path http.sslCAInfo
14:23:56.963769 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:56.979786 git.c:465 trace: built-in: git config --null --type=path http.https://example.com.sslCAInfo
14:23:56.979786 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:56.979786 git.c:465 trace: built-in: git config --null --type=path http.example.com.sslCAInfo
14:23:56.995424 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:56.995424 git.c:465 trace: built-in: git config --null --type=path http.https://cp-austria.at.sslCAInfo
14:23:57.010930 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:57.010930 git.c:465 trace: built-in: git config --null --type=path http.cp-austria.at.sslCAInfo
14:23:57.026561 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:57.026561 git.c:465 trace: built-in: git config --null --type=path http.sslCAInfo
14:23:57.026561 ...ClientFactory.cs:113 trace: [CreateClient] Custom certificate verification has been enabled with certificate bundle at C:/Program Files/Git/mingw64/etc/ssl/certs/ca-bundle.crt
14:23:57.042069 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:57.042069 git.c:465 trace: built-in: git config --null --type=path http.https://example.com.cookieFile
14:23:57.042069 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:57.057701 git.c:465 trace: built-in: git config --null --type=path http.example.com.cookieFile
14:23:57.057701 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:57.073207 git.c:465 trace: built-in: git config --null --type=path http.https://cp-austria.at.cookieFile
14:23:57.073207 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:57.073207 git.c:465 trace: built-in: git config --null --type=path http.cp-austria.at.cookieFile
14:23:57.088844 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:57.088844 git.c:465 trace: built-in: git config --null --type=path http.cookieFile
14:23:57.339163 ...etHostProvider.cs:76 trace: [IsSupported] Host isn't supported as Bitbucket
14:23:57.339163 ...viderRegistry.cs:170 trace: [GetProviderAsync] Checking against 1 host providers registered with priority 'Low'.
14:23:57.339163 ...viderRegistry.cs:238 trace: [GetProviderAsync] Remembering host provider for 'https://example.com/' as 'generic'...
14:23:57.339163 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:57.354669 git.c:465 trace: built-in: git config --global credential.https://example.com.provider generic
14:23:57.354669 ...GitCommandBase.cs:49 trace: [ExecuteAsync] Host provider 'Generic' was selected.
14:23:57.354669 ...\HostProvider.cs:126 trace: [GetCredentialAsync] Looking for existing credential in store with service=https://example.com account=...
14:23:57.354669 ...\HostProvider.cs:131 trace: [GetCredentialAsync] No existing credentials found.
14:23:57.354669 ...\HostProvider.cs:134 trace: [GetCredentialAsync] Creating new credential...
14:23:57.354669 ...ricOAuthConfig.cs:19 trace: [TryGet] Using universal Gitea OAuth configuration
14:23:57.354669 ...icHostProvider.cs:68 trace: [GenerateCredentialAsync] Found generic OAuth configuration for 'https://example.com/':
14:23:57.354669 ...icHostProvider.cs:69 trace: [GenerateCredentialAsync] AuthzEndpoint = https://example.com/login/oauth/authorize
14:23:57.354669 ...icHostProvider.cs:70 trace: [GenerateCredentialAsync] TokenEndpoint = https://example.com/login/oauth/access_token
14:23:57.354669 ...icHostProvider.cs:71 trace: [GenerateCredentialAsync] DeviceEndpoint =
14:23:57.354669 ...icHostProvider.cs:72 trace: [GenerateCredentialAsync] ClientId = e90ee53c-94e2-48ac-9358-a874fb9e0662
14:23:57.354669 ...icHostProvider.cs:73 trace: [GenerateCredentialAsync] ClientSecret =
14:23:57.354669 ...icHostProvider.cs:74 trace: [GenerateCredentialAsync] RedirectUri = http://127.0.0.1/
14:23:57.354669 ...icHostProvider.cs:75 trace: [GenerateCredentialAsync] Scopes = []
14:23:57.354669 ...icHostProvider.cs:76 trace: [GenerateCredentialAsync] UseAuthHeader = True
14:23:57.354669 ...icHostProvider.cs:77 trace: [GenerateCredentialAsync] DefaultUserName = OAUTH_USER
14:23:57.370311 ...pClientFactory.cs:60 trace: [CreateClient] Creating new HTTP client instance...
14:23:57.370311 ...pClientFactory.cs:80 trace: [CreateClient] Git's SSL/TLS backend is: OpenSsl
14:23:57.370311 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:57.370311 git.c:465 trace: built-in: git config --null --type=path http.https://example.com.sslCAInfo
14:23:57.385824 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:57.385824 git.c:465 trace: built-in: git config --null --type=path http.example.com.sslCAInfo
14:23:57.401456 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:57.401456 git.c:465 trace: built-in: git config --null --type=path http.https://cp-austria.at.sslCAInfo
14:23:57.401456 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:57.416962 git.c:465 trace: built-in: git config --null --type=path http.cp-austria.at.sslCAInfo
14:23:57.416962 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:57.432595 git.c:465 trace: built-in: git config --null --type=path http.sslCAInfo
14:23:57.432595 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:57.448106 git.c:465 trace: built-in: git config --null --type=path http.https://example.com.sslCAInfo
14:23:57.448106 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:57.463750 git.c:465 trace: built-in: git config --null --type=path http.example.com.sslCAInfo
14:23:57.463750 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:57.463750 git.c:465 trace: built-in: git config --null --type=path http.https://cp-austria.at.sslCAInfo
14:23:57.479756 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:57.479756 git.c:465 trace: built-in: git config --null --type=path http.cp-austria.at.sslCAInfo
14:23:57.495389 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:57.495389 git.c:465 trace: built-in: git config --null --type=path http.sslCAInfo
14:23:57.495389 ...ClientFactory.cs:113 trace: [CreateClient] Custom certificate verification has been enabled with certificate bundle at C:/Program Files/Git/mingw64/etc/ssl/certs/ca-bundle.crt
14:23:57.510898 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:57.510898 git.c:465 trace: built-in: git config --null --type=path http.https://example.com.cookieFile
14:23:57.526531 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:57.526531 git.c:465 trace: built-in: git config --null --type=path http.example.com.cookieFile
14:23:57.526531 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:57.542038 git.c:465 trace: built-in: git config --null --type=path http.https://cp-austria.at.cookieFile
14:23:57.542038 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:57.557680 git.c:465 trace: built-in: git config --null --type=path http.cp-austria.at.cookieFile
14:23:57.557680 exec-cmd.c:243 trace: resolved executable dir: C:/Program Files/Git/mingw64/libexec/git-core
14:23:57.573203 git.c:465 trace: built-in: git config --null --type=path http.cookieFile
It seems the concatenation of the Gitea endpoints is wrongly treated as server-absolute.
Another long standing issue is the hasty hack in the default GCM OAUTH code path. Approach can fail because
- The Git/GCM auth scheme is NOT equipped to correctly handle expired tokens
- OAUTH is just considered to be available (can fail in different ways, depending on Gitea version).
You may be able to override the setting and use the correct endpoint:
git config credential.oauthAuthorizeEndpoint <url>
Better mitigation (at the moment): Drop OAUTH and use a fixed (and restricted) application token.
