Make OAuth2 issuer configurable (#35915) (#35916)

Backport #35915 by wxiaoguang
2025-11-11 00:12:25 +08:00
parent db876d8f17
commit 327f2207dc
4 changed files with 35 additions and 13 deletions
--- a/custom/conf/app.example.ini
+++ b/custom/conf/app.example.ini
@@ -567,6 +567,11 @@ ENABLED = true
 ;; Alternative location to specify OAuth2 authentication secret. You cannot specify both this and JWT_SECRET, and must pick one
 ;JWT_SECRET_URI = file:/etc/gitea/oauth2_jwt_secret
 ;;
+;; The "issuer" claim identifies the principal that issued the JWT.
+;; Gitea 1.25 makes it default to "ROOT_URL without the last slash" to follow the standard.
+;; If you have old logins from before 1.25, you may want to set it to the old (non-standard) value "ROOT_URL with the last slash".
+;JWT_CLAIM_ISSUER =
+;;
 ;; Lifetime of an OAuth2 access token in seconds
 ;ACCESS_TOKEN_EXPIRATION_TIME = 3600
 ;;