diff options
| author | zeripath <art27@cantab.net> | 2020-04-22 23:47:23 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-04-23 00:47:23 +0200 |
| commit | e74c4e1be988f2815146338cbce8210e515a937e (patch) | |
| tree | f2b8ad4b2b117f648ffbba23a1aba207ae43a9cf /custom/conf | |
| parent | b51fd30522af31eaf22ab15a826f9ee18fd53969 (diff) | |
| download | gitea-e74c4e1be988f2815146338cbce8210e515a937e.tar.gz gitea-e74c4e1be988f2815146338cbce8210e515a937e.zip | |
Add option to increase provided OAuth2 token maximum size (#11180)
Some OAuth2 providers return quite large structured tokens >32767 bytes.
Gitea currently has a fixed maximum of 32767 bytes for these and
unfortunately due to the convoluted nature of the dependent libraries the
error returned is rather opaque.
Here we manage the error a little better - detecting the rather opaque
github.com/gorilla/securecookie.errEncodedValueTooLong and converting
it to a more readable error.
Further we provide a configurable option to increase the maximum size of
the provided OAuth2 tokens.
Fix #9907
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Diffstat (limited to 'custom/conf')
| -rw-r--r-- | custom/conf/app.ini.sample | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/custom/conf/app.ini.sample b/custom/conf/app.ini.sample index 414cd3f278..691a65cc53 100644 --- a/custom/conf/app.ini.sample +++ b/custom/conf/app.ini.sample @@ -916,6 +916,8 @@ REFRESH_TOKEN_EXPIRATION_TIME=730 INVALIDATE_REFRESH_TOKENS=false ; OAuth2 authentication secret for access and refresh tokens, change this to a unique string. JWT_SECRET=Bk0yK7Y9g_p56v86KaHqjSbxvNvu3SbKoOdOt2ZcXvU +; Maximum length of oauth2 token/cookie stored on server +MAX_TOKEN_LENGTH=32767 [i18n] LANGS = en-US,zh-CN,zh-HK,zh-TW,de-DE,fr-FR,nl-NL,lv-LV,ru-RU,uk-UA,ja-JP,es-ES,pt-BR,pl-PL,bg-BG,it-IT,fi-FI,tr-TR,cs-CZ,sr-SP,sv-SE,ko-KR |