Concourse CI and Gitea OAuth


I am trying to setup concourse ci to authenticate via oauth2 and gitea.

I am working off of: and
I am close, but now getting from concourse:

Failed to authenticate: OAuth connector: failed to get token: oauth2: cannot fetch token: 400 Bad Request Response: {“error”:“unauthorized_client”,“error_description”:“client is not authorized”}

Is there any tools you like to use to troubleshoot?

Browser dev tools are the most important part- turn on persistence in the network tab, and you can trace what happens as your browser shuttles back and forth.

For this, double check your CONCOURSE_OAUTH_CLIENT_SECRET, and make sure gitea knows about it.

I double checked the client secret and that looks ok.

Started up devoloper tools. Now got this information:

Internal Server Error

Failed to return user’s identity.


  1. Request Method:
  2. Status Code:
    500 Internal Server Error
  3. Remote Address:
  4. Referrer Policy:

I wonder if I have this part wrong:

Its not real clear to me what needs to go there.

Looking at gitea, I don’t think they’ve implemented a user info URL, Concourse requires for OAuth. On their docs page they mention this-

Currently Gitea does not support scopes (see #4300) and all third party applications will be granted access to all resources of the user and his/her organizations.

which is probably the next step on the Gitea side that will make this work.