Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add GitLab as an login provider #1425

Open
vanillajonathan opened this issue Jul 9, 2020 · 8 comments
Open

Add GitLab as an login provider #1425

vanillajonathan opened this issue Jul 9, 2020 · 8 comments

Comments

@vanillajonathan
Copy link
Contributor

Add support for using GitLab as OpenID Connect identity provider.

https://docs.gitlab.com/ee/integration/openid_connect_provider.html
@leplatrem
Copy link
Contributor

What is this? A feature request? :)

@vanillajonathan
Copy link
Contributor Author

Yes, this is a feature request.

@Natim
Copy link
Member

Natim commented Jul 9, 2020
edited

@vanillajonathan I encourage you to start this, We have a lot of providers already so you can copy all the tests and when they pass you will be all set.

You may also be able to leverage kinto-openid for Github an be ready without coding anything.

https://docs.kinto-storage.org/en/stable/api/1.x/openid.html

@Natim
Copy link
Member

Natim commented Jul 9, 2020
edited

Configuration

  1. Register an OAuth application on GitHub: https://github.com/settings/applications/new
  2. Note the new application's client ID and secret.
  3. Configure kinto-openid with the following:
kinto.includes = kinto.plugins.openid

multiauth.policies = github

multiauth.policy.github.use = kinto.plugins.openid.OpenIDConnectPolicy
multiauth.policy.github.issuer_url = https://github.com
multiauth.policy.github.client_id = GITHUB_CLIENT_ID
multiauth.policy.github.client_secret = GITHUB_CLIENT_SECRET
multiauth.policy.github.userid_field = email

Well apparently we would need to support setting the oauth/authorize and oauth/token URLs in the config since Github doesn't handle the well-known URL

@Natim
Copy link
Member

Natim commented Jul 9, 2020
edited

Ok sorry I wrote all this about Github while you were talking about Gitlab.

  1. Grab Gitlab OAuth Client ID and Secret with callback: https://kinto-instance.com/v1/openid/gitlab/token
  2. Configure Kinto
kinto.includes = kinto.plugins.openid

multiauth.policies = gitlab

multiauth.policy.gitlab.use = kinto.plugins.openid.OpenIDConnectPolicy
multiauth.policy.gitlab.issuer_url = https://gitlab.com
multiauth.policy.gitlab.client_id = GITLAB_CLIENT_ID
multiauth.policy.gitlab.client_secret = GITLAB_CLIENT_SECRET
multiauth.policy.gitlab.userid_field = email
  1. Initiate your login with: https://kinto-instance.com/v1/openid/giitlab/login?callback=http://frontend-app.com/callback&scope=openid+email

@vanillajonathan
Copy link
Contributor Author

It would be nice if this was setup on the demo server.

@Natim
Copy link
Member

Natim commented Jul 9, 2020
edited

It is not possible to handle all the openid providers that one could think about but it is quite handy to use the kinto-heroku deploy button to try it.

@vanillajonathan
Copy link
Contributor Author

I see.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Natim @leplatrem @vanillajonathan