From c88e5dbe292a3d1193c3b58dd571d2ca5d378cae Mon Sep 17 00:00:00 2001 From: zeripath Date: Wed, 22 Apr 2020 23:47:23 +0100 Subject: [PATCH] Add option to increase provided OAuth2 token maximum size (#11180) Some OAuth2 providers return quite large structured tokens >32767 bytes. Gitea currently has a fixed maximum of 32767 bytes for these and unfortunately due to the convoluted nature of the dependent libraries the error returned is rather opaque. Here we manage the error a little better - detecting the rather opaque github.com/gorilla/securecookie.errEncodedValueTooLong and converting it to a more readable error. Further we provide a configurable option to increase the maximum size of the provided OAuth2 tokens. Fix #9907 Signed-off-by: Andrew Thornton Co-authored-by: techknowlogick --- doc/advanced/config-cheat-sheet.en-us.md | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/advanced/config-cheat-sheet.en-us.md b/doc/advanced/config-cheat-sheet.en-us.md index 7d59041e..fd32bfd1 100644 --- a/doc/advanced/config-cheat-sheet.en-us.md +++ b/doc/advanced/config-cheat-sheet.en-us.md @@ -587,6 +587,7 @@ NB: You must `REDIRECT_MACARON_LOG` and have `DISABLE_ROUTER_LOG` set to `false` - `REFRESH_TOKEN_EXPIRATION_TIME`: **730**: Lifetime of an OAuth2 access token in hours - `INVALIDATE_REFRESH_TOKEN`: **false**: Check if refresh token got already used - `JWT_SECRET`: **\**: OAuth2 authentication secret for access and refresh tokens, change this a unique string. +- `MAX_TOKEN_LENGTH`: **32767**: Maximum length of token/cookie to accept from OAuth2 provider ## i18n (`i18n`)