debian-mirror-gitlab/doc/integration/auth0.md

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

94 lines
3.5 KiB
Markdown
Raw Normal View History

2021-01-29 00:20:46 +05:30
---
2022-07-16 23:28:13 +05:30
stage: Manage
group: Authentication and Authorization
2022-11-25 23:54:43 +05:30
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
2021-01-29 00:20:46 +05:30
---
2021-04-17 20:07:23 +05:30
# Auth0 OmniAuth Provider **(FREE SELF)**
2016-06-02 11:05:42 +05:30
To enable the Auth0 OmniAuth provider, you must create an Auth0 account, and an
application.
2021-11-11 11:23:49 +05:30
1. Sign in to the [Auth0 Console](https://auth0.com/auth/login). You can also
create an account using the same link.
2021-01-29 00:20:46 +05:30
1. Select **New App/API**.
2022-11-25 23:54:43 +05:30
1. Enter the **Application Name**. For example, 'GitLab'.
1. After creating the application, you should see the **Quick Start** options.
Disregard these options and select **Settings** instead.
2021-01-29 00:20:46 +05:30
1. At the top of the Settings screen, you should see your **Domain**, **Client ID**, and
2022-11-25 23:54:43 +05:30
**Client Secret** in the Auth0 Console. Note these settings to complete the configuration
file later. For example:
2019-09-30 21:07:59 +05:30
- Domain: `test1234.auth0.com`
- Client ID: `t6X8L2465bNePWLOvt9yi41i`
- Client Secret: `KbveM3nqfjwCbrhaUy_gDu2dss8TIlHIdzlyf33pB7dEK5u_NyQdp65O_o02hXs2`
2021-01-29 00:20:46 +05:30
1. Fill in the **Allowed Callback URLs**:
2022-11-25 23:54:43 +05:30
- `http://<your_gitlab_url>/users/auth/auth0/callback` (or)
- `https://<your_gitlab_url>/users/auth/auth0/callback`
2021-01-29 00:20:46 +05:30
1. Fill in the **Allowed Origins (CORS)**:
2022-11-25 23:54:43 +05:30
- `http://<your_gitlab_url>` (or)
- `https://<your_gitlab_url>`
2016-06-02 11:05:42 +05:30
1. On your GitLab server, open the configuration file.
2021-01-29 00:20:46 +05:30
For Omnibus GitLab:
2016-06-02 11:05:42 +05:30
2020-03-13 15:44:24 +05:30
```shell
2019-09-30 21:07:59 +05:30
sudo editor /etc/gitlab/gitlab.rb
```
2016-06-02 11:05:42 +05:30
2019-09-30 21:07:59 +05:30
For installations from source:
2016-06-02 11:05:42 +05:30
2020-03-13 15:44:24 +05:30
```shell
2019-09-30 21:07:59 +05:30
cd /home/git/gitlab
sudo -u git -H editor config/gitlab.yml
```
2016-06-02 11:05:42 +05:30
2023-04-23 21:23:45 +05:30
1. Edit the [common configuration file settings](omniauth.md#configure-common-settings)
to add `auth0` as a single sign-on provider. This enables Just-In-Time
account provisioning for users who do not have an existing GitLab account.
2016-06-02 11:05:42 +05:30
1. Add the provider configuration:
2021-01-29 00:20:46 +05:30
For Omnibus GitLab:
2019-09-30 21:07:59 +05:30
```ruby
gitlab_rails['omniauth_providers'] = [
{
2022-01-26 12:08:38 +05:30
name: "auth0",
# label: "Provider name", # optional label for login button, defaults to "Auth0"
args: {
2022-11-25 23:54:43 +05:30
client_id: "<your_auth0_client_id>",
client_secret: "<your_auth0_client_secret>",
domain: "<your_auth0_domain>",
2022-01-26 12:08:38 +05:30
scope: "openid profile email"
}
2019-09-30 21:07:59 +05:30
}
]
```
For installations from source:
```yaml
- { name: 'auth0',
2022-01-26 12:08:38 +05:30
# label: 'Provider name', # optional label for login button, defaults to "Auth0"
2019-09-30 21:07:59 +05:30
args: {
2022-11-25 23:54:43 +05:30
client_id: '<your_auth0_client_id>',
client_secret: '<your_auth0_client_secret>',
domain: '<your_auth0_domain>',
2019-09-30 21:07:59 +05:30
scope: 'openid profile email' }
}
```
2016-06-02 11:05:42 +05:30
2022-11-25 23:54:43 +05:30
1. Replace `<your_auth0_client_id>` with the client ID from the Auth0 Console page.
1. Replace `<your_auth0_client_secret>` with the client secret from the Auth0 Console page.
1. Replace `<your_auth0_client_secret>` with the domain from the Auth0 Console page.
2021-01-29 00:20:46 +05:30
1. Reconfigure or restart GitLab, depending on your installation method:
- *If you installed from Omnibus GitLab,*
[Reconfigure](../administration/restart_gitlab.md#omnibus-gitlab-reconfigure) GitLab.
- *If you installed from source,*
[restart GitLab](../administration/restart_gitlab.md#installations-from-source).
2016-06-02 11:05:42 +05:30
2021-01-29 00:20:46 +05:30
On the sign-in page there should now be an Auth0 icon below the regular sign-in
2022-07-23 23:45:48 +05:30
form. Select the icon to begin the authentication process. Auth0 asks the
2021-01-29 00:20:46 +05:30
user to sign in and authorize the GitLab application. If the user authenticates
successfully, the user is returned to GitLab and signed in.