Skip to content

Refuse well-known OpenID enpoint if OAuth2 is disabled #36345

Closed
Closed
Refuse well-known OpenID enpoint if OAuth2 is disabled#36345
Labels
issue/needs-feedbackFor bugs, we need more details. For features, the feature must be described in more detail
@becm

Description

@becm
becm
opened on Jan 10, 2026

Feature Description

In the long term, it may be advisable to suppress

/.well-known/openid-configuration

in Gitea as well so this can be used as a more generic trigger if OAuth should be attempted.

The current workaround is to confuse the detection of the current approach in a very specific client.

Screenshots

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    issue/needs-feedbackFor bugs, we need more details. For features, the feature must be described in more detail

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions