Add Azure Active Directory v2 OAuth2 support
This brings in the OmniAuth provider defined in https://github.com/RIPGlobal/omniauth-azure-activedirectory-v2. The v1 endpoints do not seem to trigger MFA, which prevents logins when MFA is enforced via Azure's Conditional Access policy. Note that existing identities with the legacy V1 Azure provider do not work, and users will either have to reconnect their GitLab accounts or admins have to enable the auto-link feature. Note that the following permission scopes are required for the registered Web application: 1. profile 2. openid 3. email In addition, a redirect URI for `/users/auth/azure_activedirectory_v2/callback` has to be added to the Web application. Relates to: 1. https://gitlab.com/gitlab-org/gitlab/-/issues/214390 2. https://gitlab.com/gitlab-org/gitlab/-/issues/215674
Showing
... | ... | @@ -31,7 +31,8 @@ gem 'doorkeeper', '~> 5.5.0.rc2' |
gem 'doorkeeper-openid_connect', '~> 1.7.5' | ||
gem 'omniauth', '~> 1.8' | ||
gem 'omniauth-auth0', '~> 2.0.0' | ||
gem 'omniauth-azure-oauth2', '~> 0.0.9' | ||
gem 'omniauth-azure-activedirectory-v2', '~> 0.1' | ||
gem 'omniauth-azure-oauth2', '~> 0.0.9' # Deprecated v1 version | ||
gem 'omniauth-cas3', '~> 1.1.4' | ||
gem 'omniauth-facebook', '~> 4.0.0' | ||
gem 'omniauth-github', '~> 1.4' | ||
... | ... |
Please register or sign in to comment