It would be great if the OAUTH guide provided an example of a REDIRECT_URI, in addition to describing all the other exceptional cases.
For example in the section on client typeS there is only one client type described.
And in the list of endpoints none of them are flagged at the REDIRECT_URI
I’m guessing that it is either
The guide you linked is for Gitea acting as the authentication provider (like how you can login to this site from GitHub, GitHub is the authentication provider). I think you may be misunderstanding its purpose.
The redirect URI in this case would be the application you are providing authentication for. So, if I made an app and wanted to login users with Gitea, I would do this:
- User clicks login button. My app redirects them to my Gitea instance to login:
- User logs in on my Gitea instance. Gitea asks them to authorize my application. User authorizes my application. Gitea redirects user to my application with the authentication data (in this case a code):
- In my application, I will verify that the code is legitimate and obtain an access token:
- Gitea will return an access token. I can now get data about the user to create their account, access their data, whatever.
I didn’t realize gitea could serve as IDP !!!
That’s so cool