diff options
Diffstat (limited to 'doc/integration/oauth2_generic.md')
-rw-r--r-- | doc/integration/oauth2_generic.md | 55 |
1 files changed, 27 insertions, 28 deletions
diff --git a/doc/integration/oauth2_generic.md b/doc/integration/oauth2_generic.md index e3ec1aa16a1..a337873a67e 100644 --- a/doc/integration/oauth2_generic.md +++ b/doc/integration/oauth2_generic.md @@ -1,42 +1,42 @@ --- stage: Manage group: Authentication and Authorization -info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments +info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments --- -# Generic OAuth2 provider **(FREE SELF)** +# Generic OAuth 2.0 provider **(FREE SELF)** The `omniauth-oauth2-generic` gem allows single sign-on (SSO) between GitLab -and your OAuth2 provider (or any OAuth2 provider compatible with this gem). +and your OAuth 2.0 provider, or any OAuth 2.0 provider compatible with this gem). This strategy allows for the configuration of this OmniAuth SSO process: 1. Strategy directs the client to your authorization URL (**configurable**), with the specified ID and key. -1. The OAuth2 provider handles authentication of the request, user, and (optionally) - authorization to access user's profile. -1. The OAuth2 provider directs the client back to GitLab where Strategy handles - the retrieval of the access token. +1. The OAuth 2.0 provider handles authentication of the request, user, and (optionally) + authorization to access the user's profile. +1. The OAuth 2.0 provider directs the client back to GitLab where Strategy + retrieves the access token. 1. Strategy requests user information from a **configurable** "user profile" - URL (using the access token). -1. Strategy parses user information from the response, using a **configurable** + URL using the access token. +1. Strategy parses user information from the response using a **configurable** format. 1. GitLab finds or creates the returned user and signs them in. -## Limitations of this strategy +This strategy: -- It can only be used for single sign-on, and doesn't provide any other access - granted by any OAuth2 provider (like importing projects or users). -- It supports only the Authorization Grant flow (most common for client-server - applications, like GitLab). -- It can't fetch user information from more than one URL. -- It hasn't been tested with user information formats, other than JSON. +- Can only be used for single sign-on, and does not provide any other access + granted by any OAuth 2.0 provider. For example, importing projects or users. +- Only supports the Authorization Grant flow, which is most common for client-server + applications like GitLab. +- Cannot fetch user information from more than one URL. +- Has not been tested with user information formats, except JSON. -## Configure the OAuth2 provider +## Configure the OAuth 2.0 provider To configure the provider: -1. Register your application in the OAuth2 provider you want to authenticate with. +1. Register your application in the OAuth 2.0 provider you want to authenticate with. The redirect URI you provide when registering the application should be: @@ -44,9 +44,9 @@ To configure the provider: http://your-gitlab.host.com/users/auth/oauth2_generic/callback ``` - You should now be able to get a Client ID and Client Secret. Where this - appears differs for each provider. This may also be called Application ID - and Secret. + You should now be able to get a client ID and client secret. Where these + appear is different for each provider. This may also be called application ID + and application secret. 1. On your GitLab server, open the appropriate configuration file. @@ -99,15 +99,14 @@ To configure the provider: ] ``` - For more information about these settings, see [the gem's README](https://gitlab.com/satorix/omniauth-oauth2-generic#gitlab-config-example). + For more information about these settings, see the [gem's README](https://gitlab.com/satorix/omniauth-oauth2-generic#gitlab-config-example). 1. Save the configuration file. -1. [Restart](../administration/restart_gitlab.md#installations-from-source) - GitLab for the changes to take effect. +1. For the changes to take effect, [restart GitLab](../administration/restart_gitlab.md#installations-from-source). -On the sign-in page there should now be a new button below the regular sign-in -form. Select the button to begin your provider's authentication process. This -directs the browser to your OAuth2 provider's authentication page. If -everything goes well, you are returned to your GitLab instance and are +On the sign-in page there should now be a new icon below the regular sign-in +form. Select that icon to begin your provider's authentication process. This +directs the browser to your OAuth 2.0 provider's authentication page. If +everything goes well, you are returned to your GitLab instance and signed in. |