diff --git a/server/api/login.go b/server/api/login.go
index 060d53638..1a05ca3b5 100644
--- a/server/api/login.go
+++ b/server/api/login.go
@@ -210,6 +210,7 @@ func HandleAuth(c *gin.Context) {
 		// insert the user into the database
 		if err := _store.CreateUser(user); err != nil {
 			log.Error().Err(err).Msgf("cannot insert %s", user.Login)
+			log.Trace().Msgf("user was: %#v", user)
 			c.Redirect(http.StatusSeeOther, server.Config.Server.RootPath+"/login?error=internal_error")
 			return
 		}
diff --git a/server/forge/gitea/gitea.go b/server/forge/gitea/gitea.go
index 5e4e4dae2..0f3f5262b 100644
--- a/server/forge/gitea/gitea.go
+++ b/server/forge/gitea/gitea.go
@@ -120,16 +120,16 @@ func (c *Gitea) Login(ctx context.Context, req *forge_types.OAuthRequest) (*mode
 
 	token, err := config.Exchange(oauth2Ctx, req.Code)
 	if err != nil {
-		return nil, redirectURL, err
+		return nil, redirectURL, fmt.Errorf("oauth2 config exchange failed: %w", err)
 	}
 
 	client, err := c.newClientToken(ctx, token.AccessToken)
 	if err != nil {
-		return nil, redirectURL, err
+		return nil, redirectURL, fmt.Errorf("client creation with new access token failed: %w", err)
 	}
 	account, _, err := client.GetMyUserInfo()
 	if err != nil {
-		return nil, redirectURL, err
+		return nil, redirectURL, fmt.Errorf("fetching user info failed: %w", err)
 	}
 
 	return &model.User{
diff --git a/server/model/user.go b/server/model/user.go
index 7a7cbf366..fc6211074 100644
--- a/server/model/user.go
+++ b/server/model/user.go
@@ -34,14 +34,14 @@ type User struct {
 	// required: true
 	ID int64 `json:"id" xorm:"pk autoincr 'id'"`
 
-	ForgeID int64 `json:"forge_id,omitempty" xorm:"forge_id UNIQUE(forge)"`
+	ForgeID int64 `json:"forge_id,omitempty" xorm:"forge_id UNIQUE(forge_id) UNIQUE(forge_login)"`
 
-	ForgeRemoteID ForgeRemoteID `json:"forge_remote_id" xorm:"forge_remote_id UNIQUE(forge)"`
+	ForgeRemoteID ForgeRemoteID `json:"forge_remote_id" xorm:"forge_remote_id UNIQUE(forge_id)"`
 
 	// Login is the username for this user.
 	//
 	// required: true
-	Login string `json:"login"  xorm:"UNIQUE 'login'"`
+	Login string `json:"login"  xorm:"'login' UNIQUE(forge_login)"`
 
 	// AccessToken is the oauth2 access token.
 	AccessToken string `json:"-"  xorm:"TEXT 'access_token'"`