Drone + Gitea + NGINX = OAuth cannot exchange code

I have installed the official and latest Gitea- and Drone docker containers.

When I browse to “drone.mydomain dot com” I will be redirected to Gitea and asked to authorize the application. I authorize the request and Drone will be listed under the “Authorized OAuth2 Applications”.

After clicking on OK, I will be immediately redirected to “http://drone.mydomain dot com/login/error?message=%3A” and the error message displayed is:

" Login Failed. :".

Checking the docker-compose logs for Drone, gives me the error message:

drone | {“level”:“info”,“msg”:“main: internal scheduler enabled”,“time”:“2019-10-11T17:33:25Z”}
drone | {“interval”:“30m0s”,“level”:“info”,“msg”:“starting the cron scheduler”,“time”:“2019-10-11T17:33:25Z”}
drone | {“acme”:false,“host”:“drone.mydomain dot com”,“level”:“info”,“msg”:“starting the http server”,“port”:":80",“proto”:“http”,“time”:“2019-10-11T17:33:25Z”,“url”:“http://drone.mydomain dot com”}
drone | {“level”:“error”,“msg”:"oauth: cannot exchange code: w3L5-kfxe-28Qi_TYcLLL0wr-cndqAsaFBEQTbpfxfM=: : ",“time”:“2019-10-11T17:33:42Z”}
drone | {“level”:“error”,“msg”:"oauth: cannot exchange code: mMdGgiQQ1eqwhgbjbKoMTp4blXz09RyWiqzRmRgxrhk=: : ",“time”:“2019-10-11T17:35:33Z”}
drone | {“level”:“error”,“msg”:"oauth: cannot exchange code: D5dL458whxcsU5PnkeY2S3Hd1BJSb_aMoJ8XZPwTpAI=: : ",“time”:“2019-10-11T17:35:58Z”}

Checking the docker-compose logs for Gitea, tells me that the OAuth Token was created successfully, as does the Gitea instance since Drone is listed as an authorized application.

I have re-created both containers multiple times. What to do now?

So it looks like recently there was a change to how authentication is handled via Drone and Gitea. I had just updated my containers and ran into the same issue. Through a bit of debugging, the basic steps are:

Create a new OAuth Application with redirect to your DroneCI “https://droneserver.server/login” as redirect URL. Copy down the Client ID and Client Secret. Modify your Drone server instance to include the following environmental variables (https://github.com/drone/drone/edit/master/cmd/drone-server/config/config.go#L333). Only Client ID and Client Secret (beyond server) is necessary. Redeploy your Drone instance and attempt to login again. It should have you authorize via OAuth and accept the application and you will be good to go!