Add Gitea as an elsewhere platform

[jorgesumle]

Gitea is free software like GitLab, so maybe we can use the same approach for issue #661

[6543]

• gitea.com
• Codeberg.org
  ...

[Changaco]

From https://docs.gitea.io/en-us/oauth2-provider/:

To use the Authorization Code Grant as a third party application it is required to register a new application via the “Settings” (/user/settings/applications) section of the settings.

Currently Gitea does not support scopes (see #4300) and all third party applications will be granted access to all resources of the user and his/her organizations.

So, we can't automatically create OAuth credentials for Liberapay, and users would have to agree to give Liberapay write access. In other words, Gitea doesn't provide what we need for a good integration.

[6543]

@Changaco

dont think so: only one user (best would be a admin of librepay) has to create an OAuth app in his user settings for the Oauth credentials

and now every user can use this OAuth source

[revi]

Currently Gitea does not support scopes (see #4300) and all third party applications will be granted access to all resources of the user and his/her organizations.

We want to have minimum scope we can have (which is basically read only access to basic information), and since we are not going to write anything, we probably should not have write access - so nothing can be done with the credentials if some really bad things (tm) happens and our DB is compromised.

[ncorder]

From https://docs.gitea.io/en-us/oauth2-provider/:

To use the Authorization Code Grant as a third party application it is required to register a new application via the “Settings” (/user/settings/applications) section of the settings.
Currently Gitea does not support scopes (see #4300) and all third party applications will be granted access to all resources of the user and his/her organizations.

So, we can't automatically create OAuth credentials for Liberapay, and users would have to agree to give Liberapay write access. In other words, Gitea doesn't provide what we need for a good integration.

I'm not certain if I have much to add to this conversation.

But it is possible for Liberapay to ask users to remove the application OAuth keys after they have verified an account.

Gitea and NotABug and many other platforms also utilize Libravatar and allow users to include domains and other information which might be able to be used to verify them.

[Akselmo]

Any possibility to have pulling repositories from any gitea instance?

[jolheiser]

Also stopping by to mention that we've merged go-gitea/gitea#20908 which allows for scoped tokens, which should address some of the other concerns here.