Hi there -
Evaluating gitea, the first thing that stands out is that the oauth flow is not very intuitive. I added a github provider, came in as a new user, authorize the app, great - then it takes me right to a registration page where I have to enter a username all over again and make up a password - which I will never use, because I log in via github!
Example, just on this very Discourse forum, I just created a new account via github oauth. After coming back from github, Discourse gives me a popup, with my user name and real name already filled in, no password field that I will never use anyway, and a green button, “sign up!”. Two clicks and I’m in. I don’t need to enter a new password because I selected to log in via github, a password would be useless.
I understand that in giteas case, when I register with github, I’m actually getting both kinds of auth at the same time, username/password as well as github oauth. But I don’t want users to have username/password as an option at all. I don’t want users entering a captcha, I don’t want spammers coming in, and I don’t want passwords in my database and users who can’t log in to deal with - github should be the only auth possible. I run a Gerrit server in just this same way, users can only get in through a simple github oauth and that’s it.
any interest in this being an option?