Disabling openid provider on startup is confusing when provider is still working #15025
Comments
noerw
added
type/proposal
|
Supporting that, at least make it configurable whether it should automatically be disabled. Or, even better: Retry, until the authentication source is up again. Right now, it is just confusing users. |
|
If we don't disable it the system fatals. What you're basically asking for is a temporarily disabled status? |
|
I mean you can always go into system admin and reenable it. |
|
This is not a binary issue, there are ways between "I must disable the authentication source" and "I must use log.Fatal". In example, why not put the authentication source in a retry list and have a thread periodically check whether it is available again? |
|
Self-healing providers could have a blip in their uptime at the same time as Gitea starts due to timing differences in startup, especially when deployed on the same Kubernetes cluster, but that shouldn't prevent providers from being used later if they are available Could a new task in |
[x]):Description
While upgrading to 1.13.4, my keycloak openid provider was temporarily down. I had this openid provider enabled and working before the upgrade. After upgrading, the openid login button was gone. Looking back at the changelog, it seems in 1.13.3, a change was implemented to disable openid providers that were not reachable and avoid failing startup. That is a good change imho but disabling them leads to the case where your openid login is gone away but it should not be. Is it possible to not fail and not disable them? A retry window in place before disabling? I am not sure what is best but having the provider disabled is not ideal.
Refs: #14802
The text was updated successfully, but these errors were encountered: