Drone

Choice Of authentication methods

I have a drone server instance setup with gitea.
(Love the tool btw)

Since your update from 1.3.0 onward you have to use gitea as a oauth2 provider rather than username and password.

Because we have gitea tied into a LDAP/AD system users can log in and authenticate that way, more importantly that event and following actions can be audited.

ive been trying 1.6.0 and have to provide the oauth2 application under a user of some kind. but that means now the actions are not tied to who did what and when. Plus there is no authentication for the user logging in to the front door… unless im missing something?

Could it please have the option to be oauth2 or username and password? then it can use the providers authentication option ( gitea + ldap/ad)

I agree it is safe to use token and oauth to revoke but i can do that in ldap/ad to remove users. This already existed in 1.3.0, can it be brought back as an option so drone can tie into corporate systems?

unless there is some config you can point me at im missing?

Because we have gitea tied into a LDAP/AD system users can log in and authenticate that way

Drone redirects to Gitea for authentication. If you configured Gitea to use LDAP then the user will be required to authenticate with LDAP. So in this sense Drone uses LDAP by proxy.

ive been trying 1.6.0 and have to provide the oauth2 application under a user of some kind. but that means now the actions are not tied to who did what and when.

I think perhaps there is a misunderstand of how oauth2 works. When a user authenticates with Drone, they authorize Drone to access data and perform actions in Gitea on their behalf. All actions are therefore tied directly to the authenticated user, not the owner of the Application, and can therefore be audited accordingly.

Could it please have the option to be oauth2 or username and password? then it can use the providers authentication option

There are no plans since Github, Gitlab, Bitbucket and Atlassian Stash all use oauth2. This gives us an opportunity to standardize on a single authentication method. I am also told this is the preferred way to integrate with Gitea moving forward, and basic auth integrations may be removed (or may have already been removed).