[hero_proxy] Implement OAuth via Forge (Gitea) as auth provider #34

New issue

Open

opened 2026-04-29 07:10:24 +00:00 by mahmoud · 0 comments

mahmoud commented

2026-04-29 07:10:24 +00:00

Owner

Problem

hero_proxy currently has no authentication implemented. Passwords are
not desired. The preferred approach is OAuth using Forge (Gitea) as the
OAuth provider, so users log in with their existing Forge account.

Requirements

Integrate Forge (Gitea) as an OAuth2 provider in hero_proxy
On successful OAuth login, auto-create the user in the proxy's
user management system
Automatically inject users.<username> claim on login
Google OAuth should be a second option (same interface, different provider)
No password-based auth should be implemented

Acceptance Criteria

User can log in to hero_proxy via Forge OAuth
User is auto-created on first login
users.<username> claim is automatically injected
Session is maintained after login
Google OAuth can be added via same provider interface

## Problem hero_proxy currently has no authentication implemented. Passwords are not desired. The preferred approach is OAuth using Forge (Gitea) as the OAuth provider, so users log in with their existing Forge account. ## Requirements - Integrate Forge (Gitea) as an OAuth2 provider in hero_proxy - On successful OAuth login, auto-create the user in the proxy's user management system - Automatically inject `users.<username>` claim on login - Google OAuth should be a second option (same interface, different provider) - No password-based auth should be implemented ## Acceptance Criteria - [ ] User can log in to hero_proxy via Forge OAuth - [ ] User is auto-created on first login - [ ] `users.<username>` claim is automatically injected - [ ] Session is maintained after login - [ ] Google OAuth can be added via same provider interface