Login Failed. unauthorized_client: client is not authorized (docker-compose, nginx)

I am running the latest Gitea (1.13.2 - not in Docker) and Drone in docker, reverse proxied through nginx.

It results in this error: Login Failed. unauthorized_client: client is not authorized

sudo docker-compose logs
Attaching to drone
drone    | {"acme":false,"host":"drone....","level":"info","msg":"starting the http server","port":":80","proto":"https","time":"2021-03-04T04:47:12Z","url":"https://drone...."}
drone    | {"interval":"30m0s","level":"info","msg":"starting the cron scheduler","time":"2021-03-04T04:47:12Z"}
drone    | {"interval":"24h0m0s","level":"info","msg":"starting the zombie build reaper","time":"2021-03-04T04:47:12Z"}
drone    | {"level":"error","msg":"oauth: cannot exchange code: [...]: unauthorized_client: client is not authorized","time":"2021-03-04T04:47:39Z"}

Here is my docker-compose file:

version: '3'
        container_name: drone
        image: drone/drone:latest
            - /var/run/docker.sock:/var/run/docker.sock
            - /var/lib/drone:/data
        restart: always
            - DRONE_GITEA_SERVER=https://gitea....
            - DRONE_GIT_ALWAYS_AUTH=false
            - DRONE_SERVER_HOST=drone.....
            - DRONE_SERVER_PROTO=https
            - DRONE_TLS_AUTOCERT=false
            - DRONE_GITEA_CLIENT_ID=...-...-...-.......

And nginx:

server {
        server_name drone....;
        listen 443 ssl http2;

        location / {
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $remote_addr;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_redirect off;

                proxy_redirect off;
                proxy_http_version 1.1;
                proxy_buffering off;

                chunked_transfer_encoding off;

    ssl_certificate /etc/letsencrypt/live/drone..../fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/drone...../privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;


server {
        if ($host = drone....) {
                return 302 https://$host$request_uri;

Hi @earne , Thanks for reaching us! It looks like few secrete entries listed in the documentation Gitea | Drone is not present in the input you had shared.Can you add missing secretes and follow the steps listed in the documentation.

Let us know if you have any questions.

Harness support team

Hi, are you able to point out which entries I have missing?

DRONE_GITEA_CLIENT_SECRET and DRONE_RPC_SECRET are sourced from a .env file.

@earne the error “unauthorized_client: client is not authorized” comes from Gitea and indicates Gitea is rejecting your access token and / or secret. I recommend reaching out to the Gitea support forum and asking them for help triaging this error message. https://discourse.gitea.io/