Commit 86ae2a9e authored by Rémy Coutable's avatar Rémy Coutable

doc: Improve consistentyc of OAuth pages

Signed-off-by: default avatarRémy Coutable <remy@rymai.me>
parent 19363976
...@@ -50,10 +50,10 @@ To enable the Atlassian OmniAuth provider for passwordless authentication you mu ...@@ -50,10 +50,10 @@ To enable the Atlassian OmniAuth provider for passwordless authentication you mu
gitlab_rails['omniauth_providers'] = [ gitlab_rails['omniauth_providers'] = [
{ {
name: "atlassian_oauth2", name: "atlassian_oauth2",
# label: 'Provider name', # optional label for login button, defaults to "Atlassian" # label: "Provider name", # optional label for login button, defaults to "Atlassian"
app_id: "YOUR_CLIENT_ID", app_id: "YOUR_CLIENT_ID",
app_secret: "YOUR_CLIENT_SECRET", app_secret: "YOUR_CLIENT_SECRET",
args: { scope: 'offline_access read:jira-user read:jira-work', prompt: 'consent' } args: { scope: "offline_access read:jira-user read:jira-work", prompt: "consent" }
} }
] ]
``` ```
...@@ -62,10 +62,10 @@ To enable the Atlassian OmniAuth provider for passwordless authentication you mu ...@@ -62,10 +62,10 @@ To enable the Atlassian OmniAuth provider for passwordless authentication you mu
```yaml ```yaml
- { name: "atlassian_oauth2", - { name: "atlassian_oauth2",
# label: 'Provider name', # optional label for login button, defaults to "Atlassian" # label: "Provider name", # optional label for login button, defaults to "Atlassian"
app_id: "YOUR_CLIENT_ID", app_id: "YOUR_CLIENT_ID",
app_secret: "YOUR_CLIENT_SECRET", app_secret: "YOUR_CLIENT_SECRET",
args: { scope: 'offline_access read:jira-user read:jira-work', prompt: 'consent' } args: { scope: "offline_access read:jira-user read:jira-work", prompt: "consent" }
} }
``` ```
......
...@@ -36,11 +36,11 @@ Authentiq generates a Client ID and the accompanying Client Secret for you to us ...@@ -36,11 +36,11 @@ Authentiq generates a Client ID and the accompanying Client Secret for you to us
```ruby ```ruby
gitlab_rails['omniauth_providers'] = [ gitlab_rails['omniauth_providers'] = [
{ {
"name" => "authentiq", name: "authentiq",
# "label" => "Provider name", # optional label for login button, defaults to "Authentiq" # label: "Provider name", # optional label for login button, defaults to "Authentiq"
"app_id" => "YOUR_CLIENT_ID", app_id: "YOUR_CLIENT_ID",
"app_secret" => "YOUR_CLIENT_SECRET", app_secret: "YOUR_CLIENT_SECRET",
"args" => { args: {
"scope": 'aq:name email~rs address aq:push' "scope": 'aq:name email~rs address aq:push'
} }
} }
......
...@@ -56,25 +56,25 @@ Include the code block in the `/etc/gitlab/gitlab.rb` file: ...@@ -56,25 +56,25 @@ Include the code block in the `/etc/gitlab/gitlab.rb` file:
gitlab_rails['omniauth_allow_single_sign_on'] = ['cognito'] gitlab_rails['omniauth_allow_single_sign_on'] = ['cognito']
gitlab_rails['omniauth_providers'] = [ gitlab_rails['omniauth_providers'] = [
{ {
"name" => "cognito", name: "cognito",
# "label" => "Provider name", # optional label for login button, defaults to "Cognito" label: "Provider name", # optional label for login button, defaults to "Cognito"
# "icon" => nil, # Optional icon URL icon: nil, # Optional icon URL
"app_id" => "CLIENT ID", app_id: "CLIENT ID",
"app_secret" => "CLIENT SECRET", app_secret: "CLIENT SECRET",
"args" => { args: {
"scope" => "openid profile email", scope: "openid profile email",
client_options: { client_options: {
'site' => 'https://your_domain.auth.your_region.amazoncognito.com', site: "https://your_domain.auth.your_region.amazoncognito.com",
'authorize_url' => '/oauth2/authorize', authorize_url: "/oauth2/authorize",
'token_url' => '/oauth2/token', token_url: "/oauth2/token",
'user_info_url' => '/oauth2/userInfo' user_info_url: "/oauth2/userInfo"
}, },
user_response_structure: { user_response_structure: {
root_path: [], root_path: [],
id_path: ['sub'], id_path: ["sub"],
attributes: { nickname: 'email', name: 'email', email: 'email' } attributes: { nickname: "email", name: "email", email: "email" }
}, },
name: 'cognito', name: "cognito",
strategy_class: "OmniAuth::Strategies::OAuth2Generic" strategy_class: "OmniAuth::Strategies::OAuth2Generic"
} }
} }
......
...@@ -46,12 +46,12 @@ this provider also allows Crowd authentication for Git-over-https requests. ...@@ -46,12 +46,12 @@ this provider also allows Crowd authentication for Git-over-https requests.
```ruby ```ruby
gitlab_rails['omniauth_providers'] = [ gitlab_rails['omniauth_providers'] = [
{ {
"name" => "crowd", name: "crowd",
# "label" => "Provider name", # optional label for login button, defaults to "Crowd" # label: "Provider name", # optional label for login button, defaults to "Crowd"
"args" => { args: {
"crowd_server_url" => "CROWD_SERVER_URL", crowd_server_url: "CROWD_SERVER_URL",
"application_name" => "YOUR_APP_NAME", application_name: "YOUR_APP_NAME",
"application_password" => "YOUR_APP_PASSWORD" application_password: "YOUR_APP_PASSWORD"
} }
} }
] ]
......
...@@ -32,15 +32,15 @@ JWT will provide you with a secret key for you to use. ...@@ -32,15 +32,15 @@ JWT will provide you with a secret key for you to use.
```ruby ```ruby
gitlab_rails['omniauth_providers'] = [ gitlab_rails['omniauth_providers'] = [
{ name: 'jwt', { name: "jwt",
label: 'Provider name', # optional label for login button, defaults to "Jwt" label: "Provider name", # optional label for login button, defaults to "Jwt"
args: { args: {
secret: 'YOUR_APP_SECRET', secret: "YOUR_APP_SECRET",
algorithm: 'HS256', # Supported algorithms: 'RS256', 'RS384', 'RS512', 'ES256', 'ES384', 'ES512', 'HS256', 'HS384', 'HS512' algorithm: "HS256", # Supported algorithms: "RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "HS256", "HS384", "HS512"
uid_claim: 'email', uid_claim: "email",
required_claims: ['name', 'email'], required_claims: ["name", "email"],
info_map: { name: 'name', email: 'email' }, info_map: { name: "name", email: "email" },
auth_url: 'https://example.com/', auth_url: "https://example.com/",
valid_within: 3600 # 1 hour valid_within: 3600 # 1 hour
} }
} }
......
...@@ -35,22 +35,23 @@ The OpenID Connect provides you with a client's details and secret for you to us ...@@ -35,22 +35,23 @@ The OpenID Connect provides you with a client's details and secret for you to us
```ruby ```ruby
gitlab_rails['omniauth_providers'] = [ gitlab_rails['omniauth_providers'] = [
{ 'name' => 'openid_connect', {
'label' => 'Provider name', # optional label for login button, defaults to "Openid Connect" name: "openid_connect",
'icon' => '<custom_provider_icon>', label: "Provider name", # optional label for login button, defaults to "Openid Connect"
'args' => { icon: "<custom_provider_icon>",
'name' => 'openid_connect', args: {
'scope' => ['openid','profile','email'], name: "openid_connect",
'response_type' => 'code', scope: ["openid","profile","email"],
'issuer' => '<your_oidc_url>', response_type: "code",
'discovery' => true, issuer: "<your_oidc_url>",
'client_auth_method' => 'query', discovery: true,
'uid_field' => '<uid_field>', client_auth_method: "query",
'send_scope_to_token_endpoint' => 'false', uid_field: "<uid_field>",
'client_options' => { send_scope_to_token_endpoint: "false",
'identifier' => '<your_oidc_client_id>', client_options: {
'secret' => '<your_oidc_client_secret>', identifier: "<your_oidc_client_id>",
'redirect_uri' => '<your_gitlab_url>/users/auth/openid_connect/callback' secret: "<your_oidc_client_secret>",
redirect_uri: "<your_gitlab_url>/users/auth/openid_connect/callback"
} }
} }
} }
...@@ -136,20 +137,20 @@ for more details: ...@@ -136,20 +137,20 @@ for more details:
```ruby ```ruby
gitlab_rails['omniauth_providers'] = [ gitlab_rails['omniauth_providers'] = [
{ {
'name' => 'openid_connect', name: "openid_connect",
'label' => 'Google OpenID', # optional label for login button, defaults to "Openid Connect" label: "Google OpenID", # optional label for login button, defaults to "Openid Connect"
'args' => { args: {
'name' => 'openid_connect', name: "openid_connect",
'scope' => ['openid', 'profile', 'email'], scope: ["openid", "profile", "email"],
'response_type' => 'code', response_type: "code",
'issuer' => 'https://accounts.google.com', issuer: "https://accounts.google.com",
'client_auth_method' => 'query', client_auth_method: "query",
'discovery' => true, discovery: true,
'uid_field' => 'preferred_username', uid_field: "preferred_username",
'client_options' => { client_options: {
'identifier' => '<YOUR PROJECT CLIENT ID>', identifier: "<YOUR PROJECT CLIENT ID>",
'secret' => '<YOUR PROJECT CLIENT SECRET>', secret: "<YOUR PROJECT CLIENT SECRET>",
'redirect_uri' => 'https://example.com/users/auth/openid_connect/callback', redirect_uri: "https://example.com/users/auth/openid_connect/callback",
} }
} }
} }
...@@ -173,20 +174,20 @@ Example Omnibus configuration block: ...@@ -173,20 +174,20 @@ Example Omnibus configuration block:
```ruby ```ruby
gitlab_rails['omniauth_providers'] = [ gitlab_rails['omniauth_providers'] = [
{ {
'name' => 'openid_connect', name: "openid_connect",
'label' => 'Azure OIDC', # optional label for login button, defaults to "Openid Connect" label: "Azure OIDC", # optional label for login button, defaults to "Openid Connect"
'args' => { args: {
'name' => 'openid_connect', name: "openid_connect",
'scope' => ['openid', 'profile', 'email'], scope: ["openid", "profile", "email"],
'response_type' => 'code', response_type: "code",
'issuer' => 'https://login.microsoftonline.com/<YOUR-TENANT-ID>/v2.0', issuer: "https://login.microsoftonline.com/<YOUR-TENANT-ID>/v2.0",
'client_auth_method' => 'query', client_auth_method: "query",
'discovery' => true, discovery: true,
'uid_field' => 'preferred_username', uid_field: "preferred_username",
'client_options' => { client_options: {
'identifier' => '<YOUR APP CLIENT ID>', identifier: "<YOUR APP CLIENT ID>",
'secret' => '<YOUR APP CLIENT SECRET>', secret: "<YOUR APP CLIENT SECRET>",
'redirect_uri' => 'https://gitlab.example.com/users/auth/openid_connect/callback' redirect_uri: "https://gitlab.example.com/users/auth/openid_connect/callback"
} }
} }
} }
...@@ -302,21 +303,21 @@ The trailing forward slash is required. ...@@ -302,21 +303,21 @@ The trailing forward slash is required.
```ruby ```ruby
gitlab_rails['omniauth_providers'] = [ gitlab_rails['omniauth_providers'] = [
{ {
'name' => 'openid_connect', name: "openid_connect",
'label' => 'Azure B2C OIDC', # optional label for login button, defaults to "Openid Connect" label: "Azure B2C OIDC", # optional label for login button, defaults to "Openid Connect"
'args' => { args: {
'name' => 'openid_connect', name: "openid_connect",
'scope' => ['openid'], scope: ["openid"],
'response_mode' => 'query', response_mode: "query",
'response_type' => 'id_token', response_type: "id_token",
'issuer' => 'https://<YOUR-DOMAIN>/tfp/<YOUR-TENANT-ID>/b2c_1a_signup_signin/v2.0/', issuer: "https://<YOUR-DOMAIN>/tfp/<YOUR-TENANT-ID>/b2c_1a_signup_signin/v2.0/",
'client_auth_method' => 'query', client_auth_method: "query",
'discovery' => true, discovery: true,
'send_scope_to_token_endpoint' => true, send_scope_to_token_endpoint: true,
'client_options' => { client_options: {
'identifier' => '<YOUR APP CLIENT ID>', identifier: "<YOUR APP CLIENT ID>",
'secret' => '<YOUR APP CLIENT SECRET>', secret: "<YOUR APP CLIENT SECRET>",
'redirect_uri' => 'https://gitlab.example.com/users/auth/openid_connect/callback' redirect_uri: "https://gitlab.example.com/users/auth/openid_connect/callback"
} }
} }
}] }]
...@@ -359,20 +360,20 @@ Example Omnibus configuration block: ...@@ -359,20 +360,20 @@ Example Omnibus configuration block:
```ruby ```ruby
gitlab_rails['omniauth_providers'] = [ gitlab_rails['omniauth_providers'] = [
{ {
'name' => 'openid_connect', name: "openid_connect",
'label' => 'Keycloak', # optional label for login button, defaults to "Openid Connect" label: "Keycloak", # optional label for login button, defaults to "Openid Connect"
'args' => { args: {
'name' => 'openid_connect', name: "openid_connect",
'scope' => ['openid', 'profile', 'email'], scope: ["openid", "profile", "email"],
'response_type' => 'code', response_type: "code",
'issuer' => 'https://keycloak.example.com/auth/realms/myrealm', issuer: "https://keycloak.example.com/auth/realms/myrealm",
'client_auth_method' => 'query', client_auth_method: "query",
'discovery' => true, discovery: true,
'uid_field' => 'preferred_username', uid_field: "preferred_username",
'client_options' => { client_options: {
'identifier' => '<YOUR CLIENT ID>', identifier: "<YOUR CLIENT ID>",
'secret' => '<YOUR CLIENT SECRET>', secret: "<YOUR CLIENT SECRET>",
'redirect_uri' => 'https://gitlab.example.com/users/auth/openid_connect/callback' redirect_uri: "https://gitlab.example.com/users/auth/openid_connect/callback"
} }
} }
} }
...@@ -436,21 +437,21 @@ To use symmetric key encryption: ...@@ -436,21 +437,21 @@ To use symmetric key encryption:
```ruby ```ruby
gitlab_rails['omniauth_providers'] = [ gitlab_rails['omniauth_providers'] = [
{ {
'name' => 'openid_connect', name: "openid_connect",
'label' => 'Keycloak', # optional label for login button, defaults to "Openid Connect" label: "Keycloak", # optional label for login button, defaults to "Openid Connect"
'args' => { args: {
'name' => 'openid_connect', name: "openid_connect",
'scope' => ['openid', 'profile', 'email'], scope: ["openid", "profile", "email"],
'response_type' => 'code', response_type: "code",
'issuer' => 'https://keycloak.example.com/auth/realms/myrealm', issuer: "https://keycloak.example.com/auth/realms/myrealm",
'client_auth_method' => 'query', client_auth_method: "query",
'discovery' => true, discovery: true,
'uid_field' => 'preferred_username', uid_field: "preferred_username",
'jwt_secret_base64' => '<YOUR BASE64-ENCODED SECRET>', jwt_secret_base64: "<YOUR BASE64-ENCODED SECRET>",
'client_options' => { client_options: {
'identifier' => '<YOUR CLIENT ID>', identifier: "<YOUR CLIENT ID>",
'secret' => '<YOUR CLIENT SECRET>', secret: "<YOUR CLIENT SECRET>",
'redirect_uri' => 'https://gitlab.example.com/users/auth/openid_connect/callback' redirect_uri: "https://gitlab.example.com/users/auth/openid_connect/callback"
} }
} }
} }
......
...@@ -58,12 +58,13 @@ application. ...@@ -58,12 +58,13 @@ application.
```ruby ```ruby
gitlab_rails['omniauth_providers'] = [ gitlab_rails['omniauth_providers'] = [
{ {
"name" => "auth0", name: "auth0",
# "label" => "Provider name", # optional label for login button, defaults to "Auth0" # label: "Provider name", # optional label for login button, defaults to "Auth0"
"args" => { client_id: 'YOUR_AUTH0_CLIENT_ID', args: {
client_secret: 'YOUR_AUTH0_CLIENT_SECRET', client_id: "YOUR_AUTH0_CLIENT_ID",
domain: 'YOUR_AUTH0_DOMAIN', client_secret: "YOUR_AUTH0_CLIENT_SECRET",
scope: 'openid profile email' domain: "YOUR_AUTH0_DOMAIN",
scope: "openid profile email"
} }
} }
] ]
......
...@@ -58,12 +58,12 @@ As you go through the Microsoft procedure, keep the following in mind: ...@@ -58,12 +58,12 @@ As you go through the Microsoft procedure, keep the following in mind:
```ruby ```ruby
gitlab_rails['omniauth_providers'] = [ gitlab_rails['omniauth_providers'] = [
{ {
"name" => "azure_oauth2", name: "azure_oauth2",
# "label" => "Provider name", # optional label for login button, defaults to "Azure AD" # label: "Provider name", # optional label for login button, defaults to "Azure AD"
"args" => { args: {
"client_id" => "CLIENT ID", client_id: "CLIENT ID",
"client_secret" => "CLIENT SECRET", client_secret: "CLIENT SECRET",
"tenant_id" => "TENANT ID", tenant_id: "TENANT ID",
} }
} }
] ]
...@@ -74,9 +74,9 @@ As you go through the Microsoft procedure, keep the following in mind: ...@@ -74,9 +74,9 @@ As you go through the Microsoft procedure, keep the following in mind:
```yaml ```yaml
- { name: 'azure_oauth2', - { name: 'azure_oauth2',
# label: 'Provider name', # optional label for login button, defaults to "Azure AD" # label: 'Provider name', # optional label for login button, defaults to "Azure AD"
args: { client_id: "CLIENT ID", args: { client_id: 'CLIENT ID',
client_secret: "CLIENT SECRET", client_secret: 'CLIENT SECRET',
tenant_id: "TENANT ID" } } tenant_id: 'TENANT ID' } }
``` ```
The `base_azure_url` is optional and can be added for different locales; The `base_azure_url` is optional and can be added for different locales;
......
...@@ -87,11 +87,11 @@ to the end of the Bitbucket authorization callback URL. ...@@ -87,11 +87,11 @@ to the end of the Bitbucket authorization callback URL.
```ruby ```ruby
gitlab_rails['omniauth_providers'] = [ gitlab_rails['omniauth_providers'] = [
{ {
"name" => "bitbucket", name: "bitbucket",
# "label" => "Provider name", # optional label for login button, defaults to "Bitbucket" # label: "Provider name", # optional label for login button, defaults to "Bitbucket"
"app_id" => "BITBUCKET_APP_KEY", app_id: "BITBUCKET_APP_KEY",
"app_secret" => "BITBUCKET_APP_SECRET", app_secret: "BITBUCKET_APP_SECRET",
"url" => "https://bitbucket.org/" url: "https://bitbucket.org/"
} }
] ]
``` ```
......
...@@ -37,13 +37,13 @@ configure CAS for back-channel logout. ...@@ -37,13 +37,13 @@ configure CAS for back-channel logout.
```ruby ```ruby
gitlab_rails['omniauth_providers'] = [ gitlab_rails['omniauth_providers'] = [
{ {
"name"=> "cas3", name: "cas3",
"label" => "Provider name", # optional label for login button, defaults to "Cas3" label: "Provider name", # optional label for login button, defaults to "Cas3"
"args"=> { args: {
"url"=> 'CAS_SERVER', url: "CAS_SERVER",
"login_url"=> '/CAS_PATH/login', login_url: "/CAS_PATH/login",
"service_validate_url"=> '/CAS_PATH/p3/serviceValidate', service_validate_url: "/CAS_PATH/p3/serviceValidate",
"logout_url"=> '/CAS_PATH/logout' logout_url: "/CAS_PATH/logout"
} }
} }
] ]
......
...@@ -60,10 +60,10 @@ Sign in to DingTalk Open Platform and create an application on it. DingTalk gene ...@@ -60,10 +60,10 @@ Sign in to DingTalk Open Platform and create an application on it. DingTalk gene
```ruby ```ruby
gitlab_rails['omniauth_providers'] = [ gitlab_rails['omniauth_providers'] = [
{ {
"name" => "ding_talk", name: "ding_talk",
"label" => "Provider name", # optional label for login button, defaults to "Ding Talk" # label: "Provider name", # optional label for login button, defaults to "Ding Talk"
"app_id" => "YOUR_APP_ID", app_id: "YOUR_APP_ID",
"app_secret" => "YOUR_APP_SECRET" app_secret: "YOUR_APP_SECRET"
} }
] ]
``` ```
...@@ -72,7 +72,7 @@ Sign in to DingTalk Open Platform and create an application on it. DingTalk gene ...@@ -72,7 +72,7 @@ Sign in to DingTalk Open Platform and create an application on it. DingTalk gene
```yaml ```yaml
- { name: 'ding_talk', - { name: 'ding_talk',
label: 'Provider name', # optional label for login button, defaults to "Ding Talk" # label: 'Provider name', # optional label for login button, defaults to "Ding Talk"
app_id: 'YOUR_APP_ID', app_id: 'YOUR_APP_ID',
app_secret: 'YOUR_APP_SECRET' } app_secret: 'YOUR_APP_SECRET' }
``` ```
......
...@@ -81,10 +81,10 @@ Facebook. Facebook generates an app ID and secret key for you to use. ...@@ -81,10 +81,10 @@ Facebook. Facebook generates an app ID and secret key for you to use.
```ruby ```ruby
gitlab_rails['omniauth_providers'] = [ gitlab_rails['omniauth_providers'] = [
{ {
"name" => "facebook", name: "facebook",
# "label" => "Provider name", # optional label for login button, defaults to "Facebook" # label: "Provider name", # optional label for login button, defaults to "Facebook"
"app_id" => "YOUR_APP_ID", app_id: "YOUR_APP_ID",
"app_secret" => "YOUR_APP_SECRET" app_secret: "YOUR_APP_SECRET"
} }
] ]
``` ```
......
...@@ -50,11 +50,11 @@ Follow these steps to incorporate the GitHub OAuth 2 app in your GitLab server: ...@@ -50,11 +50,11 @@ Follow these steps to incorporate the GitHub OAuth 2 app in your GitLab server:
```ruby ```ruby
gitlab_rails['omniauth_providers'] = [ gitlab_rails['omniauth_providers'] = [
{ {
"name" => "github", name: "github",
# "label" => "Provider name", # optional label for login button, defaults to "GitHub" # label: "Provider name", # optional label for login button, defaults to "GitHub"
"app_id" => "YOUR_APP_ID", app_id: "YOUR_APP_ID",
"app_secret" => "YOUR_APP_SECRET", app_secret: "YOUR_APP_SECRET",
"args" => { "scope" => "user:email" } args: { scope: "user:email" }
} }
] ]
``` ```
...@@ -64,12 +64,12 @@ Follow these steps to incorporate the GitHub OAuth 2 app in your GitLab server: ...@@ -64,12 +64,12 @@ Follow these steps to incorporate the GitHub OAuth 2 app in your GitLab server:
```ruby ```ruby
gitlab_rails['omniauth_providers'] = [ gitlab_rails['omniauth_providers'] = [
{ {
"name" => "github", name: "github",
# "label" => "Provider name", # optional label for login button, defaults to "GitHub" # label: "Provider name", # optional label for login button, defaults to "GitHub"
"app_id" => "YOUR_APP_ID", app_id: "YOUR_APP_ID",
"app_secret" => "YOUR_APP_SECRET", app_secret: "YOUR_APP_SECRET",
"url" => "https://github.example.com/", url: "https://github.example.com/",
"args" => { "scope" => "user:email" } args: { scope: "user:email" }
} }
] ]
``` ```
...@@ -127,13 +127,13 @@ For Omnibus package: ...@@ -127,13 +127,13 @@ For Omnibus package:
```ruby ```ruby
gitlab_rails['omniauth_providers'] = [ gitlab_rails['omniauth_providers'] = [
{ {
"name" => "github", name: "github",
# "label" => "Provider name", # optional label for login button, defaults to "GitHub" # label: "Provider name", # optional label for login button, defaults to "GitHub"
"app_id" => "YOUR_APP_ID", app_id: "YOUR_APP_ID",
"app_secret" => "YOUR_APP_SECRET", app_secret: "YOUR_APP_SECRET",
"url" => "https://github.example.com/", url: "https://github.example.com/",
"verify_ssl" => false, verify_ssl: false,
"args" => { "scope" => "user:email" } args: { scope: "user:email" }
} }
] ]
``` ```
......
...@@ -53,11 +53,11 @@ GitLab.com generates an application ID and secret key for you to use. ...@@ -53,11 +53,11 @@ GitLab.com generates an application ID and secret key for you to use.
```ruby ```ruby
gitlab_rails['omniauth_providers'] = [ gitlab_rails['omniauth_providers'] = [
{ {
"name" => "gitlab", name: "gitlab",
# "label" => "Provider name", # optional label for login button, defaults to "GitLab.com" # label: "Provider name", # optional label for login button, defaults to "GitLab.com"
"app_id" => "YOUR_APP_ID", app_id: "YOUR_APP_ID",
"app_secret" => "YOUR_APP_SECRET", app_secret: "YOUR_APP_SECRET",
"args" => { "scope" => "api" } args: { scope: "api" }
} }
] ]
``` ```
...@@ -67,11 +67,11 @@ GitLab.com generates an application ID and secret key for you to use. ...@@ -67,11 +67,11 @@ GitLab.com generates an application ID and secret key for you to use.
```ruby ```ruby
gitlab_rails['omniauth_providers'] = [ gitlab_rails['omniauth_providers'] = [
{ {
"name" => "gitlab", name: "gitlab",
"label" => "Provider name", # optional label for login button, defaults to "GitLab.com" label: "Provider name", # optional label for login button, defaults to "GitLab.com"
"app_id" => "YOUR_APP_ID", app_id: "YOUR_APP_ID",
"app_secret" => "YOUR_APP_SECRET", app_secret: "YOUR_APP_SECRET",
"args" => { "scope" => "api", "client_options" => { "site" => "https://gitlab.example.com/api/v4" } } args: { scope: "api", client_options: { site: "https://gitlab.example.com/api/v4" } }
} }
] ]
``` ```
......
...@@ -79,11 +79,11 @@ On your GitLab server: ...@@ -79,11 +79,11 @@ On your GitLab server:
```ruby ```ruby
gitlab_rails['omniauth_providers'] = [ gitlab_rails['omniauth_providers'] = [
{ {
"name" => "google_oauth2", name: "google_oauth2",
# "label" => "Provider name", # optional label for login button, defaults to "Google" # label: "Provider name", # optional label for login button, defaults to "Google"
"app_id" => "YOUR_APP_ID", app_id: "YOUR_APP_ID",
"app_secret" => "YOUR_APP_SECRET", app_secret: "YOUR_APP_SECRET",
"args" => { "access_type" => "offline", "approval_prompt" => '' } args: { access_type: "offline", approval_prompt: "" }
} }
] ]
``` ```
......
...@@ -61,32 +61,32 @@ This strategy is designed to allow configuration of the simple OmniAuth SSO proc ...@@ -61,32 +61,32 @@ This strategy is designed to allow configuration of the simple OmniAuth SSO proc
```ruby ```ruby
gitlab_rails['omniauth_providers'] = [ gitlab_rails['omniauth_providers'] = [
{ 'name' => 'oauth2_generic', {
'label' => 'Provider name', # optional label for login button, defaults to "Oauth2 Generic" name: "oauth2_generic",
'app_id' => '<your_app_client_id>', label: "Provider name", # optional label for login button, defaults to "Oauth2 Generic"
'app_secret' => '<your_app_client_secret>', app_id: "<your_app_client_id>",
'args' => { app_secret: "<your_app_client_secret>",
args: {
client_options: { client_options: {
'site' => '<your_auth_server_url>', site: "<your_auth_server_url>",
'user_info_url' => '/oauth2/v1/userinfo', user_info_url: "/oauth2/v1/userinfo",
'authorize_url' => '/oauth2/v1/authorize', authorize_url: "/oauth2/v1/authorize",
'token_url' => '/oauth2/v1/token' token_url: "/oauth2/v1/token"
}, },
user_response_structure: { user_response_structure: {
root_path: [], root_path: [],
id_path: ['sub'], id_path: ["sub"],
attributes: { attributes: {
email: 'email', email: "email",
name: 'name' name: "name"
} }
}, },
authorize_params: { authorize_params: {
scope: 'openid profile email' scope: "openid profile email"
}, },
strategy_class: "OmniAuth::Strategies::OAuth2Generic" strategy_class: "OmniAuth::Strategies::OAuth2Generic"
} }
} }
}
] ]
``` ```
......
...@@ -57,10 +57,10 @@ To get the credentials (a pair of Client ID and Client Secret), you must [create ...@@ -57,10 +57,10 @@ To get the credentials (a pair of Client ID and Client Secret), you must [create
```ruby ```ruby
gitlab_rails['omniauth_providers'] = [ gitlab_rails['omniauth_providers'] = [
{ {
"name" => "salesforce", name: "salesforce",
# "label" => "Provider name", # optional label for login button, defaults to "Salesforce" # label: "Provider name", # optional label for login button, defaults to "Salesforce"
"app_id" => "SALESFORCE_CLIENT_ID", app_id: "SALESFORCE_CLIENT_ID",
"app_secret" => "SALESFORCE_CLIENT_SECRET" app_secret: "SALESFORCE_CLIENT_SECRET"
} }
] ]
``` ```
......
...@@ -98,14 +98,14 @@ as described in the section on [Security](#security). Otherwise, your users are ...@@ -98,14 +98,14 @@ as described in the section on [Security](#security). Otherwise, your users are
```ruby ```ruby
gitlab_rails['omniauth_providers'] = [ gitlab_rails['omniauth_providers'] = [
{ {
name: 'saml', name: "saml",
label: 'Provider name', # optional label for login button, defaults to "Saml" label: "Provider name", # optional label for login button, defaults to "Saml"
args: { args: {
assertion_consumer_service_url: 'https://gitlab.example.com/users/auth/saml/callback', assertion_consumer_service_url: "https://gitlab.example.com/users/auth/saml/callback",
idp_cert_fingerprint: '43:51:43:a1:b5:fc:8b:b7:0a:3a:a9:b1:0f:66:73:a8', idp_cert_fingerprint: "43:51:43:a1:b5:fc:8b:b7:0a:3a:a9:b1:0f:66:73:a8",
idp_sso_target_url: 'https://login.example.com/idp', idp_sso_target_url: "https://login.example.com/idp",
issuer: 'https://gitlab.example.com', issuer: "https://gitlab.example.com",
name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent' name_identifier_format: "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
} }
} }
] ]
...@@ -362,22 +362,21 @@ In addition to the changes in GitLab, make sure that your IdP is returning the ...@@ -362,22 +362,21 @@ In addition to the changes in GitLab, make sure that your IdP is returning the
```ruby ```ruby
gitlab_rails['omniauth_providers'] = [ gitlab_rails['omniauth_providers'] = [
{ {
name: 'saml', name: "saml",
args: { args: {
assertion_consumer_service_url: 'https://gitlab.example.com/users/auth/saml/callback', assertion_consumer_service_url: "https://gitlab.example.com/users/auth/saml/callback",
idp_cert_fingerprint: '43:51:43:a1:b5:fc:8b:b7:0a:3a:a9:b1:0f:66:73:a8', idp_cert_fingerprint: "43:51:43:a1:b5:fc:8b:b7:0a:3a:a9:b1:0f:66:73:a8",
idp_sso_target_url: 'https://login.example.com/idp', idp_sso_target_url: "https://login.example.com/idp",
issuer: 'https://gitlab.example.com', issuer: "https://gitlab.example.com",
name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent', name_identifier_format: "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent",
upstream_two_factor_authn_contexts: upstream_two_factor_authn_contexts:
%w( %w(
urn:oasis:names:tc:SAML:2.0:ac:classes:CertificateProtectedTransport urn:oasis:names:tc:SAML:2.0:ac:classes:CertificateProtectedTransport
urn:oasis:names:tc:SAML:2.0:ac:classes:SecondFactorOTPSMS urn:oasis:names:tc:SAML:2.0:ac:classes:SecondFactorOTPSMS
urn:oasis:names:tc:SAML:2.0:ac:classes:SecondFactorIGTOKEN urn:oasis:names:tc:SAML:2.0:ac:classes:SecondFactorIGTOKEN
) )
}, },
label: 'Company Login' # optional label for SAML login button, defaults to "Saml" label: "Company Login" # optional label for SAML login button, defaults to "Saml"
} }
] ]
``` ```
......
...@@ -62,10 +62,10 @@ Twitter. Twitter generates a client ID and secret key for you to use. ...@@ -62,10 +62,10 @@ Twitter. Twitter generates a client ID and secret key for you to use.
```ruby ```ruby
gitlab_rails['omniauth_providers'] = [ gitlab_rails['omniauth_providers'] = [
{ {
"name" => "twitter", name: "twitter",
# "label" => "Provider name", # optional label for login button, defaults to "Twitter" # label: "Provider name", # optional label for login button, defaults to "Twitter"
"app_id" => "YOUR_APP_ID", app_id: "YOUR_APP_ID",
"app_secret" => "YOUR_APP_SECRET" app_secret: "YOUR_APP_SECRET"
} }
] ]
``` ```
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment