Login via Gitea OAuth 2 times out

I’ve set up OAuth 2 login for Drone via Gitea. The initial redirect to consent works fine but after redirecting back to Drone’s callback the request to exchange the authorization code for an access token times out after sitting there for about 5 minutes.

The error log:

{"level":"error","msg":"oauth: cannot exchange code: xxxxxx: Post https://git.mydomain.tld/login/oauth/access_toke
n: dial tcp xxx.xxx.xxx.xxx:443: connect: connection timed out","time":"2019-06-21T18:16:28Z"}

Screenshot of the error:

the request to exchange the authorization code for an access token times out after sitting there for about 5 minutes.

This error indicates Drone is unable to establish a connection to your Gitea server. This points to a network or dns configuration issue. I recommend searching discourse for this error message, as you might find other threads that help you work through your host machine / docker configuration.

the initial redirect to consent works fine

Please note this redirect happens client side in your browser and does not prove network connectivity between Drone and Gitea. This issue comes up somewhat frequently, and this is a common misconception.

I exec’d into the Drone container and can curl google, so it’s not internet connectivity issues. I can also ping the domain associated with the Gitea instance but I cannot curl the Gitea instance.

Not sure what could be causing that. I run everything in docker behind a traefik proxy.

The error message, combined with the fact that you cannot curl Gitea (intranet) but you can curl Google (extranet) demonstrates a problem with the internal network configuration or DNS.

This unfortunately falls outside my area of expertise and the scope of support that I can provide. You might consider reaching out to the Traefik support team for further assistance. Or perhaps other Traefik users that subscribe to this mailing list can jump in with suggestions.

I just ran into this issue myself and was thoroughly flabbergasted. Turns out the problem was the firewall!

I ran sudo ufw allow 443 and the problem was fixed immediately. I clued in once I read “can ping but cannot curl” and then saw for myself that there was a timeout from curl.

2 Likes