Commit 4b2966fd authored by Kati Paizee's avatar Kati Paizee

Merge branch 'elygre/gitlab-patch-46' into 'master'

Add 'label' to all the OAuth examples

See merge request gitlab-org/gitlab!74831
parents 0255ba46 86ae2a9e
......@@ -50,9 +50,10 @@ To enable the Atlassian OmniAuth provider for passwordless authentication you mu
gitlab_rails['omniauth_providers'] = [
{
name: "atlassian_oauth2",
# label: "Provider name", # optional label for login button, defaults to "Atlassian"
app_id: "YOUR_CLIENT_ID",
app_secret: "YOUR_CLIENT_SECRET",
args: { scope: 'offline_access read:jira-user read:jira-work', prompt: 'consent' }
args: { scope: "offline_access read:jira-user read:jira-work", prompt: "consent" }
}
]
```
......@@ -60,10 +61,12 @@ To enable the Atlassian OmniAuth provider for passwordless authentication you mu
For installations from source:
```yaml
- name: "atlassian_oauth2",
app_id: "YOUR_CLIENT_ID",
app_secret: "YOUR_CLIENT_SECRET",
args: { scope: 'offline_access read:jira-user read:jira-work', prompt: 'consent' }
- { name: "atlassian_oauth2",
# label: "Provider name", # optional label for login button, defaults to "Atlassian"
app_id: "YOUR_CLIENT_ID",
app_secret: "YOUR_CLIENT_SECRET",
args: { scope: "offline_access read:jira-user read:jira-work", prompt: "consent" }
}
```
1. Change `YOUR_CLIENT_ID` and `YOUR_CLIENT_SECRET` to the Client credentials you received in [application registration](#atlassian-application-registration) steps.
......
......@@ -36,12 +36,13 @@ Authentiq generates a Client ID and the accompanying Client Secret for you to us
```ruby
gitlab_rails['omniauth_providers'] = [
{
"name" => "authentiq",
"app_id" => "YOUR_CLIENT_ID",
"app_secret" => "YOUR_CLIENT_SECRET",
"args" => {
"scope": 'aq:name email~rs address aq:push'
}
name: "authentiq",
# label: "Provider name", # optional label for login button, defaults to "Authentiq"
app_id: "YOUR_CLIENT_ID",
app_secret: "YOUR_CLIENT_SECRET",
args: {
"scope": 'aq:name email~rs address aq:push'
}
}
]
```
......@@ -50,6 +51,7 @@ Authentiq generates a Client ID and the accompanying Client Secret for you to us
```yaml
- { name: 'authentiq',
# label: 'Provider name', # optional label for login button, defaults to "Authentiq"
app_id: 'YOUR_CLIENT_ID',
app_secret: 'YOUR_CLIENT_SECRET',
args: {
......
......@@ -56,25 +56,25 @@ Include the code block in the `/etc/gitlab/gitlab.rb` file:
gitlab_rails['omniauth_allow_single_sign_on'] = ['cognito']
gitlab_rails['omniauth_providers'] = [
{
"name" => "cognito",
# "label" => "Cognito",
# "icon" => nil, # Optional icon URL
"app_id" => "CLIENT ID",
"app_secret" => "CLIENT SECRET",
"args" => {
"scope" => "openid profile email",
name: "cognito",
label: "Provider name", # optional label for login button, defaults to "Cognito"
icon: nil, # Optional icon URL
app_id: "CLIENT ID",
app_secret: "CLIENT SECRET",
args: {
scope: "openid profile email",
client_options: {
'site' => 'https://your_domain.auth.your_region.amazoncognito.com',
'authorize_url' => '/oauth2/authorize',
'token_url' => '/oauth2/token',
'user_info_url' => '/oauth2/userInfo'
site: "https://your_domain.auth.your_region.amazoncognito.com",
authorize_url: "/oauth2/authorize",
token_url: "/oauth2/token",
user_info_url: "/oauth2/userInfo"
},
user_response_structure: {
root_path: [],
id_path: ['sub'],
attributes: { nickname: 'email', name: 'email', email: 'email' }
id_path: ["sub"],
attributes: { nickname: "email", name: "email", email: "email" }
},
name: 'cognito',
name: "cognito",
strategy_class: "OmniAuth::Strategies::OAuth2Generic"
}
}
......
......@@ -46,11 +46,12 @@ this provider also allows Crowd authentication for Git-over-https requests.
```ruby
gitlab_rails['omniauth_providers'] = [
{
"name" => "crowd",
"args" => {
"crowd_server_url" => "CROWD_SERVER_URL",
"application_name" => "YOUR_APP_NAME",
"application_password" => "YOUR_APP_PASSWORD"
name: "crowd",
# label: "Provider name", # optional label for login button, defaults to "Crowd"
args: {
crowd_server_url: "CROWD_SERVER_URL",
application_name: "YOUR_APP_NAME",
application_password: "YOUR_APP_PASSWORD"
}
}
]
......@@ -60,6 +61,7 @@ this provider also allows Crowd authentication for Git-over-https requests.
```yaml
- { name: 'crowd',
# label: 'Provider name', # optional label for login button, defaults to "Crowd"
args: {
crowd_server_url: 'CROWD_SERVER_URL',
application_name: 'YOUR_APP_NAME',
......
......@@ -32,14 +32,15 @@ JWT will provide you with a secret key for you to use.
```ruby
gitlab_rails['omniauth_providers'] = [
{ name: 'jwt',
{ name: "jwt",
label: "Provider name", # optional label for login button, defaults to "Jwt"
args: {
secret: 'YOUR_APP_SECRET',
algorithm: 'HS256', # Supported algorithms: 'RS256', 'RS384', 'RS512', 'ES256', 'ES384', 'ES512', 'HS256', 'HS384', 'HS512'
uid_claim: 'email',
required_claims: ['name', 'email'],
info_map: { name: 'name', email: 'email' },
auth_url: 'https://example.com/',
secret: "YOUR_APP_SECRET",
algorithm: "HS256", # Supported algorithms: "RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "HS256", "HS384", "HS512"
uid_claim: "email",
required_claims: ["name", "email"],
info_map: { name: "name", email: "email" },
auth_url: "https://example.com/",
valid_within: 3600 # 1 hour
}
}
......@@ -50,6 +51,7 @@ JWT will provide you with a secret key for you to use.
```yaml
- { name: 'jwt',
label: 'Provider name', # optional label for login button, defaults to "Jwt"
args: {
secret: 'YOUR_APP_SECRET',
algorithm: 'HS256', # Supported algorithms: 'RS256', 'RS384', 'RS512', 'ES256', 'ES384', 'ES512', 'HS256', 'HS384', 'HS512'
......
......@@ -35,22 +35,23 @@ The OpenID Connect provides you with a client's details and secret for you to us
```ruby
gitlab_rails['omniauth_providers'] = [
{ 'name' => 'openid_connect',
'label' => '<your_oidc_label>',
'icon' => '<custom_provider_icon>',
'args' => {
'name' => 'openid_connect',
'scope' => ['openid','profile','email'],
'response_type' => 'code',
'issuer' => '<your_oidc_url>',
'discovery' => true,
'client_auth_method' => 'query',
'uid_field' => '<uid_field>',
'send_scope_to_token_endpoint' => 'false',
'client_options' => {
'identifier' => '<your_oidc_client_id>',
'secret' => '<your_oidc_client_secret>',
'redirect_uri' => '<your_gitlab_url>/users/auth/openid_connect/callback'
{
name: "openid_connect",
label: "Provider name", # optional label for login button, defaults to "Openid Connect"
icon: "<custom_provider_icon>",
args: {
name: "openid_connect",
scope: ["openid","profile","email"],
response_type: "code",
issuer: "<your_oidc_url>",
discovery: true,
client_auth_method: "query",
uid_field: "<uid_field>",
send_scope_to_token_endpoint: "false",
client_options: {
identifier: "<your_oidc_client_id>",
secret: "<your_oidc_client_secret>",
redirect_uri: "<your_gitlab_url>/users/auth/openid_connect/callback"
}
}
}
......@@ -61,7 +62,7 @@ The OpenID Connect provides you with a client's details and secret for you to us
```yaml
- { name: 'openid_connect',
label: '<your_oidc_label>',
label: 'Provider name', # optional label for login button, defaults to "Openid Connect"
icon: '<custom_provider_icon>',
args: {
name: 'openid_connect',
......@@ -136,20 +137,20 @@ for more details:
```ruby
gitlab_rails['omniauth_providers'] = [
{
'name' => 'openid_connect',
'label' => 'Google OpenID',
'args' => {
'name' => 'openid_connect',
'scope' => ['openid', 'profile', 'email'],
'response_type' => 'code',
'issuer' => 'https://accounts.google.com',
'client_auth_method' => 'query',
'discovery' => true,
'uid_field' => 'preferred_username',
'client_options' => {
'identifier' => '<YOUR PROJECT CLIENT ID>',
'secret' => '<YOUR PROJECT CLIENT SECRET>',
'redirect_uri' => 'https://example.com/users/auth/openid_connect/callback',
name: "openid_connect",
label: "Google OpenID", # optional label for login button, defaults to "Openid Connect"
args: {
name: "openid_connect",
scope: ["openid", "profile", "email"],
response_type: "code",
issuer: "https://accounts.google.com",
client_auth_method: "query",
discovery: true,
uid_field: "preferred_username",
client_options: {
identifier: "<YOUR PROJECT CLIENT ID>",
secret: "<YOUR PROJECT CLIENT SECRET>",
redirect_uri: "https://example.com/users/auth/openid_connect/callback",
}
}
}
......@@ -173,20 +174,20 @@ Example Omnibus configuration block:
```ruby
gitlab_rails['omniauth_providers'] = [
{
'name' => 'openid_connect',
'label' => 'Azure OIDC',
'args' => {
'name' => 'openid_connect',
'scope' => ['openid', 'profile', 'email'],
'response_type' => 'code',
'issuer' => 'https://login.microsoftonline.com/<YOUR-TENANT-ID>/v2.0',
'client_auth_method' => 'query',
'discovery' => true,
'uid_field' => 'preferred_username',
'client_options' => {
'identifier' => '<YOUR APP CLIENT ID>',
'secret' => '<YOUR APP CLIENT SECRET>',
'redirect_uri' => 'https://gitlab.example.com/users/auth/openid_connect/callback'
name: "openid_connect",
label: "Azure OIDC", # optional label for login button, defaults to "Openid Connect"
args: {
name: "openid_connect",
scope: ["openid", "profile", "email"],
response_type: "code",
issuer: "https://login.microsoftonline.com/<YOUR-TENANT-ID>/v2.0",
client_auth_method: "query",
discovery: true,
uid_field: "preferred_username",
client_options: {
identifier: "<YOUR APP CLIENT ID>",
secret: "<YOUR APP CLIENT SECRET>",
redirect_uri: "https://gitlab.example.com/users/auth/openid_connect/callback"
}
}
}
......@@ -302,21 +303,21 @@ The trailing forward slash is required.
```ruby
gitlab_rails['omniauth_providers'] = [
{
'name' => 'openid_connect',
'label' => 'Azure B2C OIDC',
'args' => {
'name' => 'openid_connect',
'scope' => ['openid'],
'response_mode' => 'query',
'response_type' => 'id_token',
'issuer' => 'https://<YOUR-DOMAIN>/tfp/<YOUR-TENANT-ID>/b2c_1a_signup_signin/v2.0/',
'client_auth_method' => 'query',
'discovery' => true,
'send_scope_to_token_endpoint' => true,
'client_options' => {
'identifier' => '<YOUR APP CLIENT ID>',
'secret' => '<YOUR APP CLIENT SECRET>',
'redirect_uri' => 'https://gitlab.example.com/users/auth/openid_connect/callback'
name: "openid_connect",
label: "Azure B2C OIDC", # optional label for login button, defaults to "Openid Connect"
args: {
name: "openid_connect",
scope: ["openid"],
response_mode: "query",
response_type: "id_token",
issuer: "https://<YOUR-DOMAIN>/tfp/<YOUR-TENANT-ID>/b2c_1a_signup_signin/v2.0/",
client_auth_method: "query",
discovery: true,
send_scope_to_token_endpoint: true,
client_options: {
identifier: "<YOUR APP CLIENT ID>",
secret: "<YOUR APP CLIENT SECRET>",
redirect_uri: "https://gitlab.example.com/users/auth/openid_connect/callback"
}
}
}]
......@@ -359,20 +360,20 @@ Example Omnibus configuration block:
```ruby
gitlab_rails['omniauth_providers'] = [
{
'name' => 'openid_connect',
'label' => 'Keycloak',
'args' => {
'name' => 'openid_connect',
'scope' => ['openid', 'profile', 'email'],
'response_type' => 'code',
'issuer' => 'https://keycloak.example.com/auth/realms/myrealm',
'client_auth_method' => 'query',
'discovery' => true,
'uid_field' => 'preferred_username',
'client_options' => {
'identifier' => '<YOUR CLIENT ID>',
'secret' => '<YOUR CLIENT SECRET>',
'redirect_uri' => 'https://gitlab.example.com/users/auth/openid_connect/callback'
name: "openid_connect",
label: "Keycloak", # optional label for login button, defaults to "Openid Connect"
args: {
name: "openid_connect",
scope: ["openid", "profile", "email"],
response_type: "code",
issuer: "https://keycloak.example.com/auth/realms/myrealm",
client_auth_method: "query",
discovery: true,
uid_field: "preferred_username",
client_options: {
identifier: "<YOUR CLIENT ID>",
secret: "<YOUR CLIENT SECRET>",
redirect_uri: "https://gitlab.example.com/users/auth/openid_connect/callback"
}
}
}
......@@ -436,21 +437,21 @@ To use symmetric key encryption:
```ruby
gitlab_rails['omniauth_providers'] = [
{
'name' => 'openid_connect',
'label' => 'Keycloak',
'args' => {
'name' => 'openid_connect',
'scope' => ['openid', 'profile', 'email'],
'response_type' => 'code',
'issuer' => 'https://keycloak.example.com/auth/realms/myrealm',
'client_auth_method' => 'query',
'discovery' => true,
'uid_field' => 'preferred_username',
'jwt_secret_base64' => '<YOUR BASE64-ENCODED SECRET>',
'client_options' => {
'identifier' => '<YOUR CLIENT ID>',
'secret' => '<YOUR CLIENT SECRET>',
'redirect_uri' => 'https://gitlab.example.com/users/auth/openid_connect/callback'
name: "openid_connect",
label: "Keycloak", # optional label for login button, defaults to "Openid Connect"
args: {
name: "openid_connect",
scope: ["openid", "profile", "email"],
response_type: "code",
issuer: "https://keycloak.example.com/auth/realms/myrealm",
client_auth_method: "query",
discovery: true,
uid_field: "preferred_username",
jwt_secret_base64: "<YOUR BASE64-ENCODED SECRET>",
client_options: {
identifier: "<YOUR CLIENT ID>",
secret: "<YOUR CLIENT SECRET>",
redirect_uri: "https://gitlab.example.com/users/auth/openid_connect/callback"
}
}
}
......
......@@ -58,12 +58,14 @@ application.
```ruby
gitlab_rails['omniauth_providers'] = [
{
"name" => "auth0",
"args" => { client_id: 'YOUR_AUTH0_CLIENT_ID',
client_secret: 'YOUR_AUTH0_CLIENT_SECRET',
domain: 'YOUR_AUTH0_DOMAIN',
scope: 'openid profile email'
}
name: "auth0",
# label: "Provider name", # optional label for login button, defaults to "Auth0"
args: {
client_id: "YOUR_AUTH0_CLIENT_ID",
client_secret: "YOUR_AUTH0_CLIENT_SECRET",
domain: "YOUR_AUTH0_DOMAIN",
scope: "openid profile email"
}
}
]
```
......@@ -72,6 +74,7 @@ application.
```yaml
- { name: 'auth0',
# label: 'Provider name', # optional label for login button, defaults to "Auth0"
args: {
client_id: 'YOUR_AUTH0_CLIENT_ID',
client_secret: 'YOUR_AUTH0_CLIENT_SECRET',
......
......@@ -58,11 +58,12 @@ As you go through the Microsoft procedure, keep the following in mind:
```ruby
gitlab_rails['omniauth_providers'] = [
{
"name" => "azure_oauth2",
"args" => {
"client_id" => "CLIENT ID",
"client_secret" => "CLIENT SECRET",
"tenant_id" => "TENANT ID",
name: "azure_oauth2",
# label: "Provider name", # optional label for login button, defaults to "Azure AD"
args: {
client_id: "CLIENT ID",
client_secret: "CLIENT SECRET",
tenant_id: "TENANT ID",
}
}
]
......@@ -72,9 +73,10 @@ As you go through the Microsoft procedure, keep the following in mind:
```yaml
- { name: 'azure_oauth2',
args: { client_id: "CLIENT ID",
client_secret: "CLIENT SECRET",
tenant_id: "TENANT ID" } }
# label: 'Provider name', # optional label for login button, defaults to "Azure AD"
args: { client_id: 'CLIENT ID',
client_secret: 'CLIENT SECRET',
tenant_id: 'TENANT ID' } }
```
The `base_azure_url` is optional and can be added for different locales;
......@@ -167,6 +169,7 @@ Alternatively, add the `User.Read.All` application permission.
gitlab_rails['omniauth_providers'] = [
{
"name" => "azure_activedirectory_v2",
"label" => "Provider name", # optional label for login button, defaults to "Azure AD v2"
"args" => {
"client_id" => "CLIENT ID",
"client_secret" => "CLIENT SECRET",
......@@ -180,9 +183,10 @@ Alternatively, add the `User.Read.All` application permission.
```yaml
- { name: 'azure_activedirectory_v2',
args: { client_id: "CLIENT ID",
client_secret: "CLIENT SECRET",
tenant_id: "TENANT ID" } }
label: 'Provider name', # optional label for login button, defaults to "Azure AD v2"
args: { client_id: "CLIENT ID",
client_secret: "CLIENT SECRET",
tenant_id: "TENANT ID" } }
```
The `base_azure_url` is optional and can be added for different locales;
......
......@@ -87,10 +87,11 @@ to the end of the Bitbucket authorization callback URL.
```ruby
gitlab_rails['omniauth_providers'] = [
{
"name" => "bitbucket",
"app_id" => "BITBUCKET_APP_KEY",
"app_secret" => "BITBUCKET_APP_SECRET",
"url" => "https://bitbucket.org/"
name: "bitbucket",
# label: "Provider name", # optional label for login button, defaults to "Bitbucket"
app_id: "BITBUCKET_APP_KEY",
app_secret: "BITBUCKET_APP_SECRET",
url: "https://bitbucket.org/"
}
]
```
......@@ -102,6 +103,7 @@ to the end of the Bitbucket authorization callback URL.
enabled: true
providers:
- { name: 'bitbucket',
# label: 'Provider name', # optional label for login button, defaults to "Bitbucket"
app_id: 'BITBUCKET_APP_KEY',
app_secret: 'BITBUCKET_APP_SECRET',
url: 'https://bitbucket.org/' }
......
......@@ -37,14 +37,14 @@ configure CAS for back-channel logout.
```ruby
gitlab_rails['omniauth_providers'] = [
{
"name"=> "cas3",
"label"=> "cas",
"args"=> {
"url"=> 'CAS_SERVER',
"login_url"=> '/CAS_PATH/login',
"service_validate_url"=> '/CAS_PATH/p3/serviceValidate',
"logout_url"=> '/CAS_PATH/logout'
}
name: "cas3",
label: "Provider name", # optional label for login button, defaults to "Cas3"
args: {
url: "CAS_SERVER",
login_url: "/CAS_PATH/login",
service_validate_url: "/CAS_PATH/p3/serviceValidate",
logout_url: "/CAS_PATH/logout"
}
}
]
```
......@@ -53,7 +53,7 @@ configure CAS for back-channel logout.
```yaml
- { name: 'cas3',
label: 'cas',
label: 'Provider name', # optional label for login button, defaults to "Cas3"
args: {
url: 'CAS_SERVER',
login_url: '/CAS_PATH/login',
......
......@@ -60,9 +60,10 @@ Sign in to DingTalk Open Platform and create an application on it. DingTalk gene
```ruby
gitlab_rails['omniauth_providers'] = [
{
"name" => "ding_talk",
"app_id" => "YOUR_APP_ID",
"app_secret" => "YOUR_APP_SECRET"
name: "ding_talk",
# label: "Provider name", # optional label for login button, defaults to "Ding Talk"
app_id: "YOUR_APP_ID",
app_secret: "YOUR_APP_SECRET"
}
]
```
......@@ -71,6 +72,7 @@ Sign in to DingTalk Open Platform and create an application on it. DingTalk gene
```yaml
- { name: 'ding_talk',
# label: 'Provider name', # optional label for login button, defaults to "Ding Talk"
app_id: 'YOUR_APP_ID',
app_secret: 'YOUR_APP_SECRET' }
```
......
......@@ -81,9 +81,10 @@ Facebook. Facebook generates an app ID and secret key for you to use.
```ruby
gitlab_rails['omniauth_providers'] = [
{
"name" => "facebook",
"app_id" => "YOUR_APP_ID",
"app_secret" => "YOUR_APP_SECRET"
name: "facebook",
# label: "Provider name", # optional label for login button, defaults to "Facebook"
app_id: "YOUR_APP_ID",
app_secret: "YOUR_APP_SECRET"
}
]
```
......@@ -91,7 +92,9 @@ Facebook. Facebook generates an app ID and secret key for you to use.
For installations from source:
```yaml
- { name: 'facebook', app_id: 'YOUR_APP_ID',
- { name: 'facebook',
# label: 'Provider name', # optional label for login button, defaults to "Facebook"
app_id: 'YOUR_APP_ID',
app_secret: 'YOUR_APP_SECRET' }
```
......
......@@ -50,10 +50,11 @@ Follow these steps to incorporate the GitHub OAuth 2 app in your GitLab server:
```ruby
gitlab_rails['omniauth_providers'] = [
{
"name" => "github",
"app_id" => "YOUR_APP_ID",
"app_secret" => "YOUR_APP_SECRET",
"args" => { "scope" => "user:email" }
name: "github",
# label: "Provider name", # optional label for login button, defaults to "GitHub"
app_id: "YOUR_APP_ID",
app_secret: "YOUR_APP_SECRET",
args: { scope: "user:email" }
}
]
```
......@@ -63,11 +64,12 @@ Follow these steps to incorporate the GitHub OAuth 2 app in your GitLab server:
```ruby
gitlab_rails['omniauth_providers'] = [
{
"name" => "github",
"app_id" => "YOUR_APP_ID",
"app_secret" => "YOUR_APP_SECRET",
"url" => "https://github.example.com/",
"args" => { "scope" => "user:email" }
name: "github",
# label: "Provider name", # optional label for login button, defaults to "GitHub"
app_id: "YOUR_APP_ID",
app_secret: "YOUR_APP_SECRET",
url: "https://github.example.com/",
args: { scope: "user:email" }
}
]
```
......@@ -85,7 +87,9 @@ Follow these steps to incorporate the GitHub OAuth 2 app in your GitLab server:
For GitHub.com:
```yaml
- { name: 'github', app_id: 'YOUR_APP_ID',
- { name: 'github',
# label: 'Provider name', # optional label for login button, defaults to "GitHub"
app_id: 'YOUR_APP_ID',
app_secret: 'YOUR_APP_SECRET',
args: { scope: 'user:email' } }
```
......@@ -94,6 +98,7 @@ Follow these steps to incorporate the GitHub OAuth 2 app in your GitLab server:
```yaml
- { name: 'github',
# label: 'Provider name', # optional label for login button, defaults to "GitHub"
app_id: 'YOUR_APP_ID',
app_secret: 'YOUR_APP_SECRET',
url: "https://github.example.com/",
......@@ -122,12 +127,13 @@ For Omnibus package:
```ruby
gitlab_rails['omniauth_providers'] = [
{
"name" => "github",
"app_id" => "YOUR_APP_ID",
"app_secret" => "YOUR_APP_SECRET",
"url" => "https://github.example.com/",
"verify_ssl" => false,
"args" => { "scope" => "user:email" }
name: "github",
# label: "Provider name", # optional label for login button, defaults to "GitHub"
app_id: "YOUR_APP_ID",
app_secret: "YOUR_APP_SECRET",
url: "https://github.example.com/",
verify_ssl: false,
args: { scope: "user:email" }
}
]
```
......@@ -142,6 +148,7 @@ For installation from source:
```yaml
- { name: 'github',
# label: 'Provider name', # optional label for login button, defaults to "GitHub"
app_id: 'YOUR_APP_ID',
app_secret: 'YOUR_APP_SECRET',
url: "https://github.example.com/",
......
......@@ -53,10 +53,11 @@ GitLab.com generates an application ID and secret key for you to use.
```ruby
gitlab_rails['omniauth_providers'] = [
{
"name" => "gitlab",
"app_id" => "YOUR_APP_ID",
"app_secret" => "YOUR_APP_SECRET",
"args" => { "scope" => "api" }
name: "gitlab",
# label: "Provider name", # optional label for login button, defaults to "GitLab.com"
app_id: "YOUR_APP_ID",
app_secret: "YOUR_APP_SECRET",
args: { scope: "api" }
}
]
```
......@@ -66,10 +67,11 @@ GitLab.com generates an application ID and secret key for you to use.
```ruby
gitlab_rails['omniauth_providers'] = [
{
"name" => "gitlab",
"app_id" => "YOUR_APP_ID",
"app_secret" => "YOUR_APP_SECRET",
"args" => { "scope" => "api", "client_options" => { "site" => "https://gitlab.example.com/api/v4" } }
name: "gitlab",
label: "Provider name", # optional label for login button, defaults to "GitLab.com"
app_id: "YOUR_APP_ID",
app_secret: "YOUR_APP_SECRET",
args: { scope: "api", client_options: { site: "https://gitlab.example.com/api/v4" } }
}
]
```
......@@ -78,6 +80,7 @@ GitLab.com generates an application ID and secret key for you to use.
```yaml
- { name: 'gitlab',
# label: 'Provider name', # optional label for login button, defaults to "GitLab.com"
app_id: 'YOUR_APP_ID',
app_secret: 'YOUR_APP_SECRET',
args: { scope: 'api' } }
......@@ -87,6 +90,7 @@ GitLab.com generates an application ID and secret key for you to use.
```yaml
- { name: 'gitlab',
label: 'Provider name', # optional label for login button, defaults to "GitLab.com"
app_id: 'YOUR_APP_ID',
app_secret: 'YOUR_APP_SECRET',
args: { scope: 'api', "client_options": { "site": 'https://gitlab.example.com/api/v4' } }
......
......@@ -79,10 +79,11 @@ On your GitLab server:
```ruby
gitlab_rails['omniauth_providers'] = [
{
"name" => "google_oauth2",
"app_id" => "YOUR_APP_ID",
"app_secret" => "YOUR_APP_SECRET",
"args" => { "access_type" => "offline", "approval_prompt" => '' }
name: "google_oauth2",
# label: "Provider name", # optional label for login button, defaults to "Google"
app_id: "YOUR_APP_ID",
app_secret: "YOUR_APP_SECRET",
args: { access_type: "offline", approval_prompt: "" }
}
]
```
......@@ -91,6 +92,7 @@ On your GitLab server:
```yaml
- { name: 'google_oauth2',
# label: 'Provider name', # optional label for login button, defaults to "Google"
app_id: 'YOUR_APP_ID',
app_secret: 'YOUR_APP_SECRET',
args: { access_type: 'offline', approval_prompt: '' } }
......
......@@ -61,30 +61,30 @@ This strategy is designed to allow configuration of the simple OmniAuth SSO proc
```ruby
gitlab_rails['omniauth_providers'] = [
{ 'name' => 'oauth2_generic',
'label' => '<your_oauth2_label>',
'app_id' => '<your_app_client_id>',
'app_secret' => '<your_app_client_secret>',
'args' => {
{
name: "oauth2_generic",
label: "Provider name", # optional label for login button, defaults to "Oauth2 Generic"
app_id: "<your_app_client_id>",
app_secret: "<your_app_client_secret>",
args: {
client_options: {
'site' => '<your_auth_server_url>',
'user_info_url' => '/oauth2/v1/userinfo',
'authorize_url' => '/oauth2/v1/authorize',
'token_url' => '/oauth2/v1/token'
},
user_response_structure: {
root_path: [],
id_path: ['sub'],
attributes: {
email: 'email',
name: 'name'
}
},
authorize_params: {
scope: 'openid profile email'
},
strategy_class: "OmniAuth::Strategies::OAuth2Generic"
}
site: "<your_auth_server_url>",
user_info_url: "/oauth2/v1/userinfo",
authorize_url: "/oauth2/v1/authorize",
token_url: "/oauth2/v1/token"
},
user_response_structure: {
root_path: [],
id_path: ["sub"],
attributes: {
email: "email",
name: "name"
}
},
authorize_params: {
scope: "openid profile email"
},
strategy_class: "OmniAuth::Strategies::OAuth2Generic"
}
}
]
......
......@@ -57,9 +57,10 @@ To get the credentials (a pair of Client ID and Client Secret), you must [create
```ruby
gitlab_rails['omniauth_providers'] = [
{
"name" => "salesforce",
"app_id" => "SALESFORCE_CLIENT_ID",
"app_secret" => "SALESFORCE_CLIENT_SECRET"
name: "salesforce",
# label: "Provider name", # optional label for login button, defaults to "Salesforce"
app_id: "SALESFORCE_CLIENT_ID",
app_secret: "SALESFORCE_CLIENT_SECRET"
}
]
```
......@@ -68,6 +69,7 @@ To get the credentials (a pair of Client ID and Client Secret), you must [create
```yaml
- { name: 'salesforce',
# label: 'Provider name', # optional label for login button, defaults to "Salesforce"
app_id: 'SALESFORCE_CLIENT_ID',
app_secret: 'SALESFORCE_CLIENT_SECRET'
}
......
......@@ -98,15 +98,15 @@ as described in the section on [Security](#security). Otherwise, your users are
```ruby
gitlab_rails['omniauth_providers'] = [
{
name: 'saml',
name: "saml",
label: "Provider name", # optional label for login button, defaults to "Saml"
args: {
assertion_consumer_service_url: 'https://gitlab.example.com/users/auth/saml/callback',
idp_cert_fingerprint: '43:51:43:a1:b5:fc:8b:b7:0a:3a:a9:b1:0f:66:73:a8',
idp_sso_target_url: 'https://login.example.com/idp',
issuer: 'https://gitlab.example.com',
name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent'
},
label: 'Provider name' # optional label for SAML login button, defaults to "Saml"
assertion_consumer_service_url: "https://gitlab.example.com/users/auth/saml/callback",
idp_cert_fingerprint: "43:51:43:a1:b5:fc:8b:b7:0a:3a:a9:b1:0f:66:73:a8",
idp_sso_target_url: "https://login.example.com/idp",
issuer: "https://gitlab.example.com",
name_identifier_format: "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
}
}
]
```
......@@ -118,14 +118,14 @@ as described in the section on [Security](#security). Otherwise, your users are
providers:
- {
name: 'saml',
label: 'Provider name', # optional label for login button, defaults to "Saml"
args: {
assertion_consumer_service_url: 'https://gitlab.example.com/users/auth/saml/callback',
idp_cert_fingerprint: '43:51:43:a1:b5:fc:8b:b7:0a:3a:a9:b1:0f:66:73:a8',
idp_sso_target_url: 'https://login.example.com/idp',
issuer: 'https://gitlab.example.com',
name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent'
},
label: 'Company Login' # optional label for SAML login button, defaults to "Saml"
}
}
```
......@@ -362,22 +362,21 @@ In addition to the changes in GitLab, make sure that your IdP is returning the
```ruby
gitlab_rails['omniauth_providers'] = [
{
name: 'saml',
name: "saml",
args: {
assertion_consumer_service_url: 'https://gitlab.example.com/users/auth/saml/callback',
idp_cert_fingerprint: '43:51:43:a1:b5:fc:8b:b7:0a:3a:a9:b1:0f:66:73:a8',
idp_sso_target_url: 'https://login.example.com/idp',
issuer: 'https://gitlab.example.com',
name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent',
upstream_two_factor_authn_contexts:
%w(
urn:oasis:names:tc:SAML:2.0:ac:classes:CertificateProtectedTransport
urn:oasis:names:tc:SAML:2.0:ac:classes:SecondFactorOTPSMS
urn:oasis:names:tc:SAML:2.0:ac:classes:SecondFactorIGTOKEN
)
},
label: 'Company Login' # optional label for SAML login button, defaults to "Saml"
assertion_consumer_service_url: "https://gitlab.example.com/users/auth/saml/callback",
idp_cert_fingerprint: "43:51:43:a1:b5:fc:8b:b7:0a:3a:a9:b1:0f:66:73:a8",
idp_sso_target_url: "https://login.example.com/idp",
issuer: "https://gitlab.example.com",
name_identifier_format: "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent",
upstream_two_factor_authn_contexts:
%w(
urn:oasis:names:tc:SAML:2.0:ac:classes:CertificateProtectedTransport
urn:oasis:names:tc:SAML:2.0:ac:classes:SecondFactorOTPSMS
urn:oasis:names:tc:SAML:2.0:ac:classes:SecondFactorIGTOKEN
)
},
label: "Company Login" # optional label for SAML login button, defaults to "Saml"
}
]
```
......
......@@ -62,9 +62,10 @@ Twitter. Twitter generates a client ID and secret key for you to use.
```ruby
gitlab_rails['omniauth_providers'] = [
{
"name" => "twitter",
"app_id" => "YOUR_APP_ID",
"app_secret" => "YOUR_APP_SECRET"
name: "twitter",
# label: "Provider name", # optional label for login button, defaults to "Twitter"
app_id: "YOUR_APP_ID",
app_secret: "YOUR_APP_SECRET"
}
]
```
......@@ -73,6 +74,7 @@ Twitter. Twitter generates a client ID and secret key for you to use.
```yaml
- { name: 'twitter',
# label: 'Provider name', # optional label for login button, defaults to "Twitter"
app_id: 'YOUR_APP_ID',
app_secret: 'YOUR_APP_SECRET' }
```
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment