fix retrieve group error: (#614)

- remove hardcoded gitlab provider url
 - update the gitlab identity provider documentation

docs/docs/identity-providers/gitlab.md

@@ -25,8 +25,9 @@ Field        | Description
 ------------ | --------------------------------------------
 Name         | The name of your web app
 Redirect URI | `https://${authenticate_service_url}/oauth2/callback`
-Scopes       | **Must** select **read_user** and **openid**
+Scopes       | **Must** select **openid**, **read_user** and **api**
 
+If no scopes are set, we will use the following scopes: `openid`, `api`, `read_user`, `profile`, `email`.
 
 Your `Client ID` and `Client Secret` will be displayed like below:
 

internal/identity/gitlab.go

@@ -19,8 +19,7 @@ import (
 
 const (
 	defaultGitLabProviderURL = "https://gitlab.com"
-	revokeURL                = "https://gitlab.com/oauth/revoke"
+	groupPath                = "/api/v4/groups"
-	defaultGitLabGroupURL    = "https://gitlab.com/api/v4/groups"
 )
 
 // GitLabProvider is an implementation of the OAuth Provider
@@ -58,7 +57,6 @@ func NewGitLabProvider(p *Provider) (*GitLabProvider, error) {
 	}
 	gp := &GitLabProvider{
 		Provider: p,
-		RevokeURL: revokeURL,
 	}
 
 	if err := p.provider.Claims(&gp); err != nil {
@@ -89,8 +87,9 @@ func (p *GitLabProvider) UserGroups(ctx context.Context, s *sessions.State) ([]s
 		FullName                       string      `json:"full_name,omitempty"`
 		FullPath                       string      `json:"full_path,omitempty"`
 	}
+	userGroupURL := p.ProviderURL + groupPath
 	headers := map[string]string{"Authorization": fmt.Sprintf("Bearer %s", s.AccessToken.AccessToken)}
-	err := httputil.Client(ctx, http.MethodGet, defaultGitLabGroupURL, version.UserAgent(), headers, nil, &response)
+	err := httputil.Client(ctx, http.MethodGet, userGroupURL, version.UserAgent(), headers, nil, &response)
 	if err != nil {
 		return nil, err
 	}