Add api support for external authentication management

models/auth/source.go

@@ -235,13 +235,18 @@ func CreateSource(ctx context.Context, source *Source) error {
 	err = registerableSource.RegisterSource()
 	if err != nil {
 		// remove the AuthSource in case of errors while registering configuration
-		if _, err := db.GetEngine(ctx).ID(source.ID).Delete(new(Source)); err != nil {
+		if err := DeleteSource(ctx, source.ID); err != nil {
 			log.Error("CreateSource: Error while wrapOpenIDConnectInitializeError: %v", err)
 		}
 	}
 	return err
 }
 
+func DeleteSource(ctx context.Context, id int64) error {
+	_, err := db.GetEngine(ctx).ID(id).Delete(new(Source))
+	return err
+}
+
 type FindSourcesOptions struct {
 	db.ListOptions
 	IsActive  optional.Option[bool]

modules/structs/auth.go

@@ -0,0 +1,13 @@
+// Copyright 2025 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package structs
+
+type AuthSourceOption struct {
+	ID                 int64  `json:"id"`
+	AuthenticationName string `json:"authentication_name" binding:"Required"`
+	TypeName           string `json:"type_name"`
+
+	IsActive      bool `json:"is_active"`
+	IsSyncEnabled bool `json:"is_sync_enabled"`
+}

modules/structs/auth_oauth2.go

@@ -0,0 +1,50 @@
+// Copyright 2025 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package structs
+
+// CreateUserOption create user options
+type CreateAuthOauth2Option struct {
+	AuthenticationName       string `json:"authentication_name" binding:"Required"`
+	ProviderIconURL          string `json:"provider_icon_url"`
+	ProviderClientID         string `json:"provider_client_id" binding:"Required"`
+	ProviderClientSecret     string `json:"provider_client_secret" binding:"Required"`
+	ProviderAutoDiscoveryURL string `json:"provider_auto_discovery_url" binding:"Required"`
+
+	SkipLocal2FA       bool   `json:"skip_local_2fa"`
+	AdditionalScopes   string `json:"additional_scopes"`
+	RequiredClaimName  string `json:"required_claim_name"`
+	RequiredClaimValue string `json:"required_claim_value"`
+
+	ClaimNameProvidingGroupNameForSource string `json:"claim_name_providingGroupNameForSource"`
+	GroupClaimValueForAdministratorUsers string `json:"group_claim_value_for_administrator_users"`
+	GroupClaimValueForRestrictedUsers    string `json:"group_claim_value_for_restricted_users"`
+	MapClaimedGroupsToOrganizationTeams  string `json:"map_claimed_groups_to_organization_teams"`
+
+	RemoveUsersFromSyncronizedTeams bool `json:"RemoveUsersFromSyncronizedTeams"`
+	EnableUserSyncronization        bool `json:"EnableUserSyncronization"`
+	AuthenticationSourceIsActive    bool `json:"AuthenticationSourceIsActive"`
+}
+
+// EditUserOption edit user options
+type EditAuthOauth2Option struct {
+	AuthenticationName       string `json:"authentication_name" binding:"Required"`
+	ProviderIconURL          string `json:"provider_icon_url"`
+	ProviderClientID         string `json:"provider_client_id" binding:"Required"`
+	ProviderClientSecret     string `json:"provider_client_secret" binding:"Required"`
+	ProviderAutoDiscoveryURL string `json:"provider_auto_discovery_url" binding:"Required"`
+
+	SkipLocal2FA       bool   `json:"skip_local_2fa"`
+	AdditionalScopes   string `json:"additional_scopes"`
+	RequiredClaimName  string `json:"required_claim_name"`
+	RequiredClaimValue string `json:"required_claim_value"`
+
+	ClaimNameProvidingGroupNameForSource string `json:"claim_name_providingGroupNameForSource"`
+	GroupClaimValueForAdministratorUsers string `json:"group_claim_value_for_administrator_users"`
+	GroupClaimValueForRestrictedUsers    string `json:"group_claim_value_for_restricted_users"`
+	MapClaimedGroupsToOrganizationTeams  string `json:"map_claimed_groups_to_organization_teams"`
+
+	RemoveUsersFromSyncronizedTeams bool `json:"RemoveUsersFromSyncronizedTeams"`
+	EnableUserSyncronization        bool `json:"EnableUserSyncronization"`
+	AuthenticationSourceIsActive    bool `json:"AuthenticationSourceIsActive"`
+}

routers/api/v1/admin/auth.go

@@ -0,0 +1,59 @@
+// Copyright 2025 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package admin
+
+import (
+	"net/http"
+
+	auth_model "code.gitea.io/gitea/models/auth"
+	"code.gitea.io/gitea/models/db"
+	api "code.gitea.io/gitea/modules/structs"
+	"code.gitea.io/gitea/routers/api/v1/utils"
+	"code.gitea.io/gitea/services/context"
+	"code.gitea.io/gitea/services/convert"
+)
+
+// SearchAuth API for getting information of the configured authentication methods according the filter conditions
+func SearchAuth(ctx *context.APIContext) {
+	// swagger:operation GET /admin/identity-auth admin adminSearchAuth
+	// ---
+	// summary: Search authentication sources
+	// produces:
+	// - application/json
+	// parameters:
+	// - name: page
+	//   in: query
+	//   description: page number of results to return (1-based)
+	//   type: integer
+	// - name: limit
+	//   in: query
+	//   description: page size of results
+	//   type: integer
+	// responses:
+	//   "200":
+	//     description: "SearchResults of authentication sources"
+	//     schema:
+	//       type: array
+	//       items:
+	//         "$ref": "#/definitions/AuthOauth2Option"
+	//   "403":
+	//     "$ref": "#/responses/forbidden"
+
+	listOptions := utils.GetListOptions(ctx)
+
+	authSources, maxResults, err := db.FindAndCount[auth_model.Source](ctx, auth_model.FindSourcesOptions{})
+	if err != nil {
+		ctx.APIErrorInternal(err)
+		return
+	}
+
+	results := make([]*api.AuthSourceOption, len(authSources))
+	for i := range authSources {
+		results[i] = convert.ToOauthProvider(ctx, authSources[i])
+	}
+
+	ctx.SetLinkHeader(int(maxResults), listOptions.PageSize)
+	ctx.SetTotalCountHeader(maxResults)
+	ctx.JSON(http.StatusOK, &results)
+}