info:To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
info:To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
---
---
# Microsoft Azure OAuth2 OmniAuth Provider **(FREE)**
# Microsoft Azure OAuth 2.0 OmniAuth Provider **(FREE)**
NOTE:
NOTE:
Per Microsoft, this provider uses the [older Azure Active Directory v1.0 endpoint](https://docs.microsoft.com/en-us/azure/active-directory/azuread-dev/v1-protocols-oauth-code).
Per Microsoft, this provider uses the [older Azure Active Directory v1.0 endpoint](https://docs.microsoft.com/en-us/azure/active-directory/azuread-dev/v1-protocols-oauth-code).
Microsoft documentation suggests that you should use the [OpenID Connect protocol to use the v2 endpoints](../administration/auth/oidc.md#microsoft-azure) for new projects.
Microsoft documentation suggests that you should use the [OpenID Connect protocol to use the v2 endpoints](../administration/auth/oidc.md#microsoft-azure) for new projects.
To use v2 endpoints via OmniAuth, please follow [Microsoft Azure OAuth2 OmniAuth Provider v2 instructions](#microsoft-azure-oauth2-omniauth-provider-v2).
To use v2 endpoints via OmniAuth, please follow [Microsoft Azure OAuth 2.0 OmniAuth Provider v2 instructions](#microsoft-azure-oauth-20-omniauth-provider-v2).
To enable the Microsoft Azure OAuth2 OmniAuth provider, you must register your application with Azure. Azure generates a client ID and secret key for you to use.
To enable the Microsoft Azure OAuth 2.0 OmniAuth provider, you must register
your application with Azure. Azure generates a client ID and secret key for you
to use.
Sign in to the [Azure Portal](https://portal.azure.com), and follow the instructions in
Sign in to the [Azure Portal](https://portal.azure.com), and follow the
the [Microsoft Quickstart documentation](https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app).
instructions in the [Microsoft Quickstart documentation](https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app).
As you go through the Microsoft procedure, keep the following in mind:
As you go through the Microsoft procedure, keep the following in mind:
...
@@ -23,9 +25,9 @@ As you go through the Microsoft procedure, keep the following in mind:
...
@@ -23,9 +25,9 @@ As you go through the Microsoft procedure, keep the following in mind:
- The redirect URI requires the URL of the Azure OAuth callback of your GitLab
- The redirect URI requires the URL of the Azure OAuth callback of your GitLab
installation. For example, `https://gitlab.mycompany.com/users/auth/azure_oauth2/callback`.
installation. For example, `https://gitlab.mycompany.com/users/auth/azure_oauth2/callback`.
The type dropdown should be set to **Web**.
The type dropdown should be set to **Web**.
- The `client ID` and `client secret` are terms associated with OAuth 2. In some Microsoft documentation,
- The `client ID` and `client secret` are terms associated with OAuth 2.0. In some Microsoft documentation,
the terms may be listed as `Application ID` and `Application Secret`.
the terms may be listed as `Application ID` and `Application Secret`.
- If you need to generate a new client secret, follow the Microsoft documentation
- If you have to generate a new client secret, follow the Microsoft documentation
for [creating a new application secret](https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal#create-a-new-application-secret).
for [creating a new application secret](https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal#create-a-new-application-secret).
- Save the client ID and client secret for your new app, as the client secret is only
- Save the client ID and client secret for your new app, as the client secret is only
displayed one time.
displayed one time.
...
@@ -89,41 +91,46 @@ As you go through the Microsoft procedure, keep the following in mind:
...
@@ -89,41 +91,46 @@ As you go through the Microsoft procedure, keep the following in mind:
On the sign-in page, you should now see a Microsoft icon below the regular sign-in form.
On the sign-in page, you should now see a Microsoft icon below the regular
Click the icon to begin the authentication process. Microsoft then asks you to
sign-in form. Click the icon to begin the authentication process. Microsoft then
sign in and authorize the GitLab application. If successful, you are returned to GitLab and signed in.
asks you to sign in and authorize the GitLab application. If successful, you are
returned to GitLab and signed in.
Read [Enable OmniAuth for an Existing User](omniauth.md#enable-omniauth-for-an-existing-user)
Read [Enable OmniAuth for an Existing User](omniauth.md#enable-omniauth-for-an-existing-user)
for information on how existing GitLab users can connect to their newly-available Azure AD accounts.
for information on how existing GitLab users can connect to their newly-available Azure AD accounts.
## Microsoft Azure OAuth2 OmniAuth Provider v2
## Microsoft Azure OAuth 2.0 OmniAuth Provider v2
In order to use v2 endpoints provided by Microsoft Azure Active Directory you must to configure it via Azure OAuth2 OmniAuth Provider v2.
To use v2 endpoints provided by Microsoft Azure Active Directory you must to
configure it via Azure OAuth 2.0 OmniAuth Provider v2.
### Registering an Azure application
### Registering an Azure application
To enable the Microsoft Azure OAuth2 OmniAuth provider, you must register your application with Azure. Azure generates a client ID and secret key for you to use.
To enable the Microsoft Azure OAuth 2.0 OmniAuth provider, you must register
your application with Azure. Azure generates a client ID and secret key for you
to use.
Sign in to the [Azure Portal](https://portal.azure.com), and follow the instructions in
Sign in to the [Azure Portal](https://portal.azure.com), and follow the
the [Microsoft Quickstart documentation](https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app).
instructions in the [Microsoft Quickstart documentation](https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app).
As you go through the Microsoft procedure, keep the following in mind:
As you go through the Microsoft procedure, keep the following in mind:
- If you have multiple instances of Azure Active Directory, you can switch to the desired tenant.
- If you have multiple instances of Azure Active Directory, you can switch to
the desired tenant.
- You're setting up a Web application.
- You're setting up a Web application.
- The redirect URI requires the URL of the Azure OAuth callback of your GitLab
- The redirect URI requires the URL of the Azure OAuth callback of your GitLab
installation. For example, `https://gitlab.example.com/users/auth/azure_activedirectory_v2/callback`.
installation. For example, `https://gitlab.example.com/users/auth/azure_activedirectory_v2/callback`.
The type dropdown should be set to **Web**.
The type dropdown should be set to **Web**.
- The `client ID` and `client secret` are terms associated with OAuth 2. In some Microsoft documentation,
- The `client ID` and `client secret` are terms associated with OAuth 2.0. In some Microsoft documentation,
the terms may be listed as `Application ID` and `Application Secret`.
the terms may be listed as `Application ID` and `Application Secret`.
- If you need to generate a new client secret, follow the Microsoft documentation
- If you have to generate a new client secret, follow the Microsoft documentation
for [creating a new application secret](https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal#create-a-new-application-secret).
for [creating a new application secret](https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal#create-a-new-application-secret).
- Save the client ID and client secret for your new app, as the client secret is only
- Save the client ID and client secret for your new app, as the client secret is only
displayed one time.
displayed one time.
### Adding API permissions (scopes)
### Adding API permissions (scopes)
Once you have created an application, follow the [Microsoft Quickstart documentation to expose a web API](https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-configure-app-expose-web-apis). Be sure to add the following delegated permissions under the Microsoft Graph API:
After you have created an application, follow the [Microsoft Quickstart documentation to expose a web API](https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-configure-app-expose-web-apis). Be sure to add the following delegated permissions under the Microsoft Graph API:
-`email`
-`email`
-`openid`
-`openid`
...
@@ -181,7 +188,8 @@ Once you have created an application, follow the [Microsoft Quickstart documenta
...
@@ -181,7 +188,8 @@ Once you have created an application, follow the [Microsoft Quickstart documenta
The `scope` parameter is optional and can be added to `args`. Default `scope` is: `openid profile email`.
The `scope` parameter is optional and can be added to `args`. Default `scope` is: `openid profile email`.
1. Replace `CLIENT ID`, `CLIENT SECRET`, and `TENANT ID` with the values you got above.
1. Replace `CLIENT ID`, `CLIENT SECRET`, and `TENANT ID` with the values you got
info:To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
info:To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
---
---
# GitLab as OAuth2 authentication service provider
# GitLab as an OAuth 2.0 authentication service provider
This document describes how you can use GitLab as an OAuth 2
This document describes how you can use GitLab as an OAuth 2.0
authentication service provider.
authentication service provider.
If you want to use:
If you want to use:
- The [OAuth2](https://oauth.net/2/) protocol to access GitLab resources on user's behalf,
- The [OAuth 2.0](https://oauth.net/2/) protocol to access GitLab resources on
see [OAuth2 provider](../api/oauth2.md).
a user's behalf, see [OAuth 2.0 provider](../api/oauth2.md).
- Other OAuth 2 authentication service providers to sign in to
- Other OAuth 2.0 authentication service providers to sign in to
GitLab, see the [OAuth2 client documentation](omniauth.md).
GitLab, see the [OAuth 2.0 client documentation](omniauth.md).
- The related API, see [Applications API](../api/applications.md).
- The related API, see [Applications API](../api/applications.md).
info:To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
info:To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
---
---
# Twitter OAuth2 OmniAuth Provider **(FREE)**
# Twitter OAuth 2.0 OmniAuth Provider **(FREE)**
To enable the Twitter OmniAuth provider you must register your application with Twitter. Twitter generates a client ID and secret key for you to use.
To enable the Twitter OmniAuth provider you must register your application with
Twitter. Twitter generates a client ID and secret key for you to use.
1. Sign in to [Twitter Application Management](https://developer.twitter.com/apps).
1. Sign in to [Twitter Application Management](https://developer.twitter.com/apps).