A lightweight sever to authenticate Static CMS/Decap with Gitea
Go to file
Denys Konovalov b7c0b2b9d6
Deprecation notice
2023-08-01 22:32:14 +02:00
.github fix typo 2023-05-07 10:49:48 +02:00
env docs simplifications 2023-05-07 11:26:20 +02:00
.gitignore v1.0.0 2023-02-05 14:34:48 +01:00
Dockerfile Bump Go version in Dockerfile 2023-05-07 10:47:04 +02:00
LICENSE credits 2023-01-15 22:37:10 +01:00
README.md Deprecation notice 2023-08-01 22:32:14 +02:00
docker-compose.yml docs simplifications 2023-05-07 11:26:20 +02:00
go.mod Bump github.com/sirupsen/logrus from 1.9.2 to 1.9.3 (#6) 2023-06-05 23:09:31 +02:00
go.sum Bump github.com/sirupsen/logrus from 1.9.2 to 1.9.3 (#6) 2023-06-05 23:09:31 +02:00
main.go v1.0.0 2023-02-05 14:34:48 +01:00

⚠️ As of August 2023, teabag has been deprecated in favour of the newly available PKCE authentication supported by Static CMS 3.0+ in combination with Gitea 1.20+. It won't receive any more updates.

teabag - Static CMS OAuth provider for Gitea

This is a lightweight Go server for handling OAuth flows with Gitea.


Manual deployment

Open the repo and build the service:

go build -o teabag .

Deploy the binary to your server.

Docker deployment

The official docker image is available under ghcr.io/denyskon/teabag:latest.

If you want to use docker compose, here is a suggested docker-compose.ymlfile.

version: '2'
    image: ghcr.io/denyskon/teabag
    restart: always
      - TEABAG_PORT=3000
      - TEABAG_SESSION_SECRET=super-secret
      - TEABAG_GITEA_BASE_URL=https://gitea.company.com
      - TEABAG_GITEA_AUTH_URI=login/oauth/authorize
      - TEABAG_GITEA_TOKEN_URI=login/oauth/access_token
      - TEABAG_GITEA_USER_URI=login/oauth/userinfo
      - TEABAG_CALLBACK_URI=https://oauth.example.com/callback
      - "3000:3000"

It is stronly recommended not to transfer credentials over http. Please use a reverse proxy infront of teabag.


The service needs some minimal configuration set before it can run. On the server or the location you are running the service, create a config file:

mkdir ./env
touch ./env/teabag.env
# OR
mkdir /etc/teabag
touch /etc/teabag/teabag.env

The config file is based on envfile. You can see a complete example in this repo at ./env/teabag.env.example

HOST=localhost # The hostname to bind to
PORT=3000 # The port to serve on
SESSION_SECRET=super-secret # Used with OAuth provider sessions

There are some required settings to connect to Gitea:

# OAuth key and Ssecret generated on Gitea
# URL of Gitea instance
# endpoint URIs (see https://docs.gitea.com/development/oauth2-provider/)
# callback URL, where users will be redirected after they authorise. Must contain the public URL of your teabag instance. This needs to match what was given when creating the OAuth application in Gitea.

You can also provide the config using environment variables. For that you need to prefix every variable with TEABAG_, e. g. TEABAG_HOST=


Fork of https://github.com/donskifarrell/scm-oauth-provider