Hiddenden/AegisGitea-MCP
3
0
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases Wiki Activity

Use GITEA_TOKEN as service PAT for API calls in OAuth mode
Some checks failed
docker / lint (push) Failing after 21s
Details
docker / test (push) Failing after 17s
Details
lint / lint (push) Failing after 22s
Details
test / test (push) Failing after 17s
Details
docker / docker-test (push) Has been skipped
Details
docker / docker-publish (push) Has been skipped
Details

Browse Source 
Gitea OIDC access_tokens only carry OIDC scopes and cannot call the
Gitea REST API. Fall back to GITEA_TOKEN (service PAT) for actual tool
execution when configured, while OIDC still handles user identity.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Latte
2026-03-04 17:06:28 +00:00
parent eada6d0f89
commit 71c993e4cd
1 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/aegis_gitea_mcp/server.py
View File

@@ -830,7 +830,12 @@ async def _execute_tool_call(
if not user_token:
raise HTTPException(status_code=401, detail="Missing authenticated user token context")
async with GiteaClient(token=user_token) as gitea:
# In OAuth mode, Gitea OIDC access_tokens can't call the Gitea REST API
# (they only carry OIDC scopes). If a service PAT is configured via
# GITEA_TOKEN, use that for API calls while OIDC handles identity/authz.
api_token = settings.gitea_token.strip() if settings.gitea_token.strip() else user_token
async with GiteaClient(token=api_token) as gitea:
result = await handler(gitea, arguments)
if settings.secret_detection_mode != "off":