feat: gitlab oidc/ oauth provider (#518)

- implement gitlab oauth support - add documentation for the gitlab support
2025-08-03 16:59:22 +02:00 · 2020-03-17 03:58:49 +01:00 · 2020-03-17 03:58:49 +01:00 · 3dd9188004
commit 3dd9188004
parent ba14ea246d
10 changed files with 199 additions and 2 deletions
--- a/docs/.vuepress/config.js
+++ b/docs/.vuepress/config.js
@ -86,6 +86,7 @@ module.exports = {
            "identity-providers/",
            "identity-providers/azure",
            "identity-providers/cognito",
+            "identity-providers/gitlab",
            "identity-providers/google",
            "identity-providers/okta",
            "identity-providers/one-login"
--- a/docs/docs/identity-providers/gitlab.md
+++ b/docs/docs/identity-providers/gitlab.md
@ -0,0 +1,41 @@
+---
+title: GitLab
+lang: en-US
+sidebarDepth: 0
+meta:
+  - name: keywords
+    content: gitlab oidc openid-connect identity-provider
+---
+
+# GitLab
+
+Log in to your GitLab account or create one [here](https://gitlab.com/users/sign_in)
+
+Go to the user settings which can be found in the user profile to [create an application](https://gitlab.com/profile/applications) where you will get your app credentials
+
+![create an application](./img/gitlab/gitlab-create-applications.png)
+
+On the **Applications** page, add a new application by setting the following parameters:
+
+Field        | Description
+------------ | --------------------------------------------
+Name         | The name of your web app
+Redirect URI | `https://${authenticate_service_url}/oauth2/callback`
+Scopes       | **Must** select **read_user** and **openid**
+
+Your `Client ID` and `Client Secret` will be displayed:
+
+![Gitlab OAuth Client ID and Secret](./img/gitlab/gitlab-credentials.png)
+
+Set `Client ID` and `Client Secret` in Pomerium's settings. Your [environmental variables] should look something like this.
+
+```bash
+authenticate_service_url: https://authenticate.localhost.pomerium.io
+idp_provider: "gitlab"
+idp_client_id: "REDACTED"   // gitlab application ID
+idp_client_secret: "REDACTED"   // gitlab application secret
+```
+
+When a user first uses pomerium to login, they will be presented with an authorization screen similar to the following depending on the scope parameters setup.
+
+![gitlab access authorization screen](./img/gitlab/gitlab-verify-access.png)
--- a/docs/docs/identity-providers/img/gitlab-credentials.png
+++ b/docs/docs/identity-providers/img/gitlab-credentials.png
--- a/docs/docs/identity-providers/img/gitlab/gitlab-create-application.png
+++ b/docs/docs/identity-providers/img/gitlab/gitlab-create-application.png
--- a/docs/docs/identity-providers/img/gitlab/gitlab-create-applications.png
+++ b/docs/docs/identity-providers/img/gitlab/gitlab-create-applications.png
--- a/docs/docs/identity-providers/img/gitlab/gitlab-credentials.png
+++ b/docs/docs/identity-providers/img/gitlab/gitlab-credentials.png
--- a/docs/docs/identity-providers/img/gitlab/gitlab-verify-access.png
+++ b/docs/docs/identity-providers/img/gitlab/gitlab-verify-access.png