1 line
5.8 KiB
JavaScript
1 line
5.8 KiB
JavaScript
"use strict";(self.webpackChunkdocusaurus=self.webpackChunkdocusaurus||[]).push([[1629],{3905:function(e,t,r){r.d(t,{Zo:function(){return c},kt:function(){return m}});var o=r(7294);function n(e,t,r){return t in e?Object.defineProperty(e,t,{value:r,enumerable:!0,configurable:!0,writable:!0}):e[t]=r,e}function a(e,t){var r=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertySymbols(e);t&&(o=o.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),r.push.apply(r,o)}return r}function i(e){for(var t=1;t<arguments.length;t++){var r=null!=arguments[t]?arguments[t]:{};t%2?a(Object(r),!0).forEach((function(t){n(e,t,r[t])})):Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(r)):a(Object(r)).forEach((function(t){Object.defineProperty(e,t,Object.getOwnPropertyDescriptor(r,t))}))}return e}function p(e,t){if(null==e)return{};var r,o,n=function(e,t){if(null==e)return{};var r,o,n={},a=Object.keys(e);for(o=0;o<a.length;o++)r=a[o],t.indexOf(r)>=0||(n[r]=e[r]);return n}(e,t);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);for(o=0;o<a.length;o++)r=a[o],t.indexOf(r)>=0||Object.prototype.propertyIsEnumerable.call(e,r)&&(n[r]=e[r])}return n}var l=o.createContext({}),u=function(e){var t=o.useContext(l),r=t;return e&&(r="function"==typeof e?e(t):i(i({},t),e)),r},c=function(e){var t=u(e.components);return o.createElement(l.Provider,{value:t},e.children)},s="mdxType",d={inlineCode:"code",wrapper:function(e){var t=e.children;return o.createElement(o.Fragment,{},t)}},f=o.forwardRef((function(e,t){var r=e.components,n=e.mdxType,a=e.originalType,l=e.parentName,c=p(e,["components","mdxType","originalType","parentName"]),s=u(r),f=n,m=s["".concat(l,".").concat(f)]||s[f]||d[f]||a;return r?o.createElement(m,i(i({ref:t},c),{},{components:r})):o.createElement(m,i({ref:t},c))}));function m(e,t){var r=arguments,n=t&&t.mdxType;if("string"==typeof e||n){var a=r.length,i=new Array(a);i[0]=f;var p={};for(var l in t)hasOwnProperty.call(t,l)&&(p[l]=t[l]);p.originalType=e,p[s]="string"==typeof e?e:n,i[1]=p;for(var u=2;u<a;u++)i[u]=r[u];return o.createElement.apply(null,i)}return o.createElement.apply(null,r)}f.displayName="MDXCreateElement"},5346:function(e,t,r){r.r(t),r.d(t,{assets:function(){return c},contentTitle:function(){return l},default:function(){return m},frontMatter:function(){return p},metadata:function(){return u},toc:function(){return s}});var o=r(7462),n=r(3366),a=(r(7294),r(3905)),i=["components"],p={id:"gitlab",title:"GitLab"},l=void 0,u={unversionedId:"configuration/providers/gitlab",id:"configuration/providers/gitlab",title:"GitLab",description:"This auth provider has been tested against Gitlab version 12.X. Due to Gitlab API changes, it may not work for version",source:"@site/docs/configuration/providers/gitlab.md",sourceDirName:"configuration/providers",slug:"/configuration/providers/gitlab",permalink:"/oauth2-proxy/docs/next/configuration/providers/gitlab",draft:!1,editUrl:"https://github.com/oauth2-proxy/oauth2-proxy/edit/master/docs/docs/configuration/providers/gitlab.md",tags:[],version:"current",frontMatter:{id:"gitlab",title:"GitLab"},sidebar:"docs",previous:{title:"Keycloak OIDC",permalink:"/oauth2-proxy/docs/next/configuration/providers/keycloak_oidc"},next:{title:"LinkedIn",permalink:"/oauth2-proxy/docs/next/configuration/providers/linkedin"}},c={},s=[],d={toc:s},f="wrapper";function m(e){var t=e.components,r=(0,n.Z)(e,i);return(0,a.kt)(f,(0,o.Z)({},d,r,{components:t,mdxType:"MDXLayout"}),(0,a.kt)("p",null,"This auth provider has been tested against Gitlab version 12.X. Due to Gitlab API changes, it may not work for version\nprior to 12.X (see ",(0,a.kt)("a",{parentName:"p",href:"https://github.com/oauth2-proxy/oauth2-proxy/issues/994"},"994"),")."),(0,a.kt)("p",null,"Whether you are using GitLab.com or self-hosting GitLab, follow\n",(0,a.kt)("a",{parentName:"p",href:"https://docs.gitlab.com/ce/integration/oauth_provider.html"},"these steps to add an application"),". Make sure to enable at\nleast the ",(0,a.kt)("inlineCode",{parentName:"p"},"openid"),", ",(0,a.kt)("inlineCode",{parentName:"p"},"profile")," and ",(0,a.kt)("inlineCode",{parentName:"p"},"email")," scopes, and set the redirect url to your application url e.g.\n",(0,a.kt)("a",{parentName:"p",href:"https://myapp.com/oauth2/callback"},"https://myapp.com/oauth2/callback"),"."),(0,a.kt)("p",null,"If you need projects filtering, add the extra ",(0,a.kt)("inlineCode",{parentName:"p"},"read_api")," scope to your application."),(0,a.kt)("p",null,"The following config should be set to ensure that the oauth will work properly. To get a cookie secret follow\n",(0,a.kt)("a",{parentName:"p",href:"/oauth2-proxy/docs/next/configuration/overview#generating-a-cookie-secret"},"these steps")),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},' --provider="gitlab"\n --redirect-url="https://myapp.com/oauth2/callback" // Should be the same as the redirect url for the application in gitlab\n --client-id=GITLAB_CLIENT_ID\n --client-secret=GITLAB_CLIENT_SECRET\n --cookie-secret=COOKIE_SECRET\n')),(0,a.kt)("p",null,"Restricting by group membership is possible with the following option:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},'--gitlab-group="mygroup,myothergroup": restrict logins to members of any of these groups (slug), separated by a comma\n')),(0,a.kt)("p",null,"If you are using self-hosted GitLab, make sure you set the following to the appropriate URL:"),(0,a.kt)("pre",null,(0,a.kt)("code",{parentName:"pre"},'--oidc-issuer-url="<your gitlab url>"\n')),(0,a.kt)("p",null,"If your self-hosted GitLab is on a subdirectory (e.g. domain.tld/gitlab), as opposed to its own subdomain\n(e.g. gitlab.domain.tld), you may need to add a redirect from domain.tld/oauth pointing at e.g. domain.tld/gitlab/oauth."))}m.isMDXComponent=!0}}]); |