Drone+Gitea: Unable to login to drone

hi everyone, another user with difficulties with hooking up drone to gitea via oauth2. Set up done as per: https://docs.drone.io/installation/providers/gitea/

After authorising drone via the consent screen on gitea, I now get a login failure in drone with no error message on the drone failure page.

https://droneci.domain.com:

2020-01-22_14-47-12_capture

Gitea logs look like this:

[Macaron] 2020-01-22 15:24:24: Started GET /login/oauth/authorize?client_id=<oauth2 client id>&redirect_uri=https%3A%2F%2Fdroneci.domain.com%2Flogin&response_type=code&state=3c04951aa42655d9 for <browser IP>
[Macaron] 2020-01-22 15:24:24: Completed GET /login/oauth/authorize?client_id=<oauth2 client id>&redirect_uri=https%3A%2F%2Fdroneci.domain.com%2Flogin&response_type=code&state=3c04951aa42655d9 302 Found in 65.788863ms
[Macaron] 2020-01-22 15:24:25: Started GET /login/oauth/access_token for 172.29.0.3
[Macaron] 2020-01-22 15:24:25: Completed GET /login/oauth/access_token 404 Not Found in 3.678051ms

Drone logs:

{"fields.time":"2020-01-22T15:24:24Z","latency":72361,"level":"debug","method":"GET","msg":"","remote":"172.29.0.1:50180","request":"/login","request-id":"1WkvyvdzFQrUkuu1YY01IlOMNpK","time":"2020-01-22T15:24:24Z"}
{"level":"debug","msg":"events: stream opened","request-id":"1Wkvyv6CiFXFtmiRewnkRDMZ9zt","time":"2020-01-22T15:24:24Z"}
{"level":"error","msg":"oauth: cannot exchange code: xycojr2z43z3R9AaCFsM1bTG4JLpeZ6wgpAwL_aaIL4=: : ","time":"2020-01-22T15:24:25Z"}
{"level":"debug","msg":"cannot authenticate user: : ","time":"2020-01-22T15:24:25Z"}
{"fields.time":"2020-01-22T15:24:25Z","latency":12547201,"level":"debug","method":"GET","msg":"","remote":"172.29.0.1:50184","request":"/login?code=xycojr2z43z3R9AaCFsM1bTG4JLpeZ6wgpAwL_aaIL4%3D\u0026state=3c04951aa42655d9","request-id":"1Wkvz2ybv3ayGlzBcOipIkUFKxJ","time":"2020-01-22T15:24:25Z"}
{"fields.time":"2020-01-22T15:24:25Z","latency":22504,"level":"debug","method":"GET","msg":"","remote":"172.29.0.1:50184","request":"/login/error?message=:","request-id":"1WkvyxbhEIFB7BYOaH6280SuxSA","time":"2020-01-22T15:24:25Z"}
{"level":"debug","msg":"api: authentication required","request-id":"1WkvyyIkUXk7DXk0Ul4nPBKZwcG","time":"2020-01-22T15:24:25Z"}
{"level":"debug","msg":"api: guest access","request-id":"1WkvyyIkUXk7DXk0Ul4nPBKZwcG","time":"2020-01-22T15:24:25Z"}
{"fields.time":"2020-01-22T15:24:25Z","latency":80199,"level":"debug","method":"GET","msg":"","remote":"172.29.0.1:50184","request":"/api/user","request-id":"1WkvyyIkUXk7DXk0Ul4nPBKZwcG","time":"2020-01-22T15:24:25Z"}
{"fields.time":"2020-01-22T15:24:25Z","latency":66744,"level":"debug","method":"GET","msg":"","remote":"172.29.0.1:50184","request":"/favicon.png","request-id":"1WkvyxmVmfoIo6YT3W02M8QSuN0","time":"2020-01-22T15:24:25Z"}
{"level":"debug","msg":"events: stream opened","request-id":"1Wkvz337jXGpfpCkNyCv8iPIzMY","time":"2020-01-22T15:24:25Z"}

Drone docker-compose file:

services:
  drone:
    image: drone/drone:1.6.4-linux-amd64
    environment:
      - DRONE_GITEA_CLIENT_ID=<oauth2 id>
      - DRONE_GITEA_CLIENT_SECRET=<oauth2 secret>
      - DRONE_GITEA_SERVER=http://code.domain.com
      - DRONE_RPC_SECRET=<RPC secret>
      - DRONE_SERVER_HOST=droneci.domain.com
      - DRONE_SERVER_PROTO=https
      - DRONE_LOGS_DEBUG=true
      - DRONE_GITEA_DEBUG=true
    volumes:
      - drone_data:/data
    ports:
      - "127.0.0.1:<%= @proxy_port_http %>:80"
    networks:
      droneci_default:

  runner:
    image: drone/drone-runner-docker:1.2.0
    environment:
      - DRONE_RPC_HOST=drone
      - DRONE_RPC_PROTO=http
      - DRONE_RPC_SECRET=<RPC secret>
      - DRONE_RUNNER_CAPACITY=2
      - DRONE_RUNNER_NAME=${HOSTNAME}
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    networks:
      droneci_default:

I have scoured github issues both on the drone and gitea sides, and found that this user had similar logs (but no proposed solution): https://github.com/go-gitea/gitea/issues/6939#issuecomment-529889691

It’s my understanding that the /login/oauth/access_token endpoint should receive POST requests and that, in this respect, returning 404 on a GET would be correct from Gitea.

Gitea 1.10.2 and drone 1.6.4 both via docker.

Drone does make a POST request when fetching the access token [1]. The most common root cause for receiving a GET is when the request is being redirected (usually from http to https) which changes the request type. Is your Gitea using https? If so you probably need to adjust your configuration accordingly:

-DRONE_GITEA_SERVER=http://code.domain.com
+DRONE_GITEA_SERVER=https://code.domain.com

[1] https://github.com/drone/go-login/blob/master/login/internal/oauth2/config.go#L106

Indeed, small details matter. Cheers!