Skip to content

G
gitlab-ce
Commit 337033aa authored by Mike Jang's avatar Mike Jang
Browse files
Options

Update OAuth 2 integration page

parent 2c8beb6b
Show whitespace changes
Inline Side-by-side
Showing with 38 additions and 46 deletions
doc/administration/pages/source.md
View file @ 337033aa
...@@ -407,7 +407,7 @@ Pages access control is disabled by default. To enable it: ...@@ -407,7 +407,7 @@ Pages access control is disabled by default. To enable it:
``` ```
1. [Restart GitLab](../restart_gitlab.md#installations-from-source). 1. [Restart GitLab](../restart_gitlab.md#installations-from-source).
1. Create a new [system OAuth application](../../integration/oauth_provider.md#adding-an-application-through-the-profile). 1. Create a new [system OAuth application](../../integration/oauth_provider.md#add-an-application-through-the-profile).
This should be called `GitLab Pages` and have a `Redirect URL` of This should be called `GitLab Pages` and have a `Redirect URL` of
`https://projects.example.io/auth`. It does not need to be a "trusted" `https://projects.example.io/auth`. It does not need to be a "trusted"
application, but it does need the `api` scope. application, but it does need the `api` scope.
......
doc/integration/oauth_provider.md
View file @ 337033aa
--- ---
stage: Create stage: Manage
group: Ecosystem group: Access
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
--- ---
# GitLab as OAuth2 authentication service provider # GitLab as OAuth2 authentication service provider
This document is about using GitLab as an OAuth authentication service provider This document describes how you can use GitLab as an OAuth 2
to sign in to other services. authentication service provider.
If you want to use: If you want to use:
- The [OAuth2](https://oauth.net/2/) protocol to access GitLab resources on user's behalf, - The [OAuth2](https://oauth.net/2/) protocol to access GitLab resources on user's behalf,
see [OAuth2 provider](../api/oauth2.md) see [OAuth2 provider](../api/oauth2.md).
- Other OAuth authentication service providers to sign in to - Other OAuth 2 authentication service providers to sign in to
GitLab, see the [OAuth2 client documentation](omniauth.md). GitLab, see the [OAuth2 client documentation](omniauth.md).
- The related API, see [Applications API](../api/applications.md). - The related API, see [Applications API](../api/applications.md).
## Introduction to OAuth ## Introduction to OAuth
[OAuth](https://oauth.net/2/) provides to client applications a 'secure delegated access' to server [OAuth 2](https://oauth.net/2/) provides to client applications a 'secure delegated
resources on behalf of a resource owner. OAuth allows an authorization access' to server resources on behalf of a resource owner. OAuth 2 allows
server to issue access tokens to third-party clients with the approval of the authorization servers to issue access tokens to third-party clients with the approval
resource owner, or the end-user. of the resource owner or the end-user.
OAuth is mostly used as a Single Sign-On service (SSO), but you can find a OAuth 2 can be used:
lot of different uses for this functionality. For example, you can allow users
to sign in to your application with their GitLab.com account. You can also use GitLab.com
for authentication to your GitLab instance (see [GitLab OmniAuth](gitlab.md)).
The 'GitLab Importer' feature is also using the OAuth protocol to give access - To allow users to sign in to your application with their GitLab.com account.
- To set up GitLab.com for authentication to your GitLab instance.
(see [GitLab OmniAuth](gitlab.md)).
The 'GitLab Importer' feature also uses OAuth 2 to give access
to repositories without sharing user credentials to your GitLab.com account. to repositories without sharing user credentials to your GitLab.com account.
GitLab supports two ways of adding a new OAuth2 application to an instance. You GitLab supports two ways of adding a new OAuth 2 application to an instance:
can either add an application as a regular user or add it in the Admin Area.
What this means is that GitLab can actually have instance-wide and a user-wide
applications. There is no difference between them except for the different
permission levels they are set (user or administrator). The default callback URL is
`http://your-gitlab.example.com/users/auth/gitlab/callback`
## Adding an application through the profile - As a regular user, for applications owned by an individual.
- Through the Admin Area menu for instance-wide apps.
In order to add a new application via your profile, navigate to The only difference between these two methods is the [permission](../user/permissions.md)
**Profile Settings > Applications** and select **New Application**. levels. The default callback URL is `http://your-gitlab.example.com/users/auth/gitlab/callback`.
![New OAuth application](img/oauth_provider_user_wide_applications.png) ## Add an application through the profile
In the application form, enter a **Name** (arbitrary), and make sure to set up To add a new application via your profile, select your avatar in the top right, and then select
correctly the **Redirect URI** which is the URL where users are sent after **Settings > Applications**. You can then enter a **Name**, **Redirect URI** and
they authorize with GitLab. OAuth 2 scopes as defined in [Authorized Applications](#authorized-applications).
![New OAuth application form](img/oauth_provider_application_form.png) - The **Redirect URI** is the URL where users are sent after they authorize with GitLab.
When you click **Submit** you are provided with the application ID and When you select **Save application**, GitLab displays:
the application secret which you can then use with your application that
connects to GitLab.
![OAuth application ID and secret](img/oauth_provider_application_id_secret.png) - Application ID: OAuth 2 Client ID.
- Secret: OAuth 2 Client Secret.
## OAuth applications in the Admin Area ## OAuth applications in the Admin Area
To create an application that does not belong to a certain user, you can create To create an application for your GitLab instance, select
it from the Admin Area. **Admin Area > Applications > New application**.
![OAuth administrator applications](img/oauth_provider_admin_application.png)
You're also able to mark an application as _trusted_ when creating it through the Admin Area. By doing that, When creating an **Admin Area** application, you can mark it as _trusted_.
the user authorization step is automatically skipped for this application. The user authorization step is automatically skipped for this application.
## Authorized applications ## Authorized applications
Every application you authorized to use your GitLab credentials is shown Every application you authorize with your GitLab credentials is shown
in the **Authorized applications** section under **Profile Settings > Applications**. in the **Authorized applications** section under **Settings > Applications**.
![Authorized_applications](img/oauth_provider_authorized_application.png)
The GitLab OAuth applications support scopes, which allow various actions that any given The GitLab OAuth 2 applications support scopes, which allow various actions that any given
application can perform. The available scopes are depicted in the following table. application can perform. Available scopes are depicted in the following table.
| Scope | Description | | Scope | Description |
| ------------------ | ----------- | | ------------------ | ----------- |
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7