From acfc526828923db381ab01d872ecd1b82618ddc3 Mon Sep 17 00:00:00 2001 From: Valery Sizov Date: Mon, 25 Jan 2016 06:34:30 +0000 Subject: update OAuth doc --- doc/integration/oauth_provider.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/integration/oauth_provider.md b/doc/integration/oauth_provider.md index dbe5a175c82..f0c2a45b6ae 100644 --- a/doc/integration/oauth_provider.md +++ b/doc/integration/oauth_provider.md @@ -26,7 +26,7 @@ Every application you authorized will be shown in your "Authorized application" ![authorized_application](img/oauth_provider_authorized_application.png) -At any time you can revoke access just clicking button "Revoke" +As you can see we use default scope "api" here which is only scope we have so far. At any time you can revoke access just clicking button "Revoke". ### OAuth applications in admin area -- cgit v1.2.1 From cbd550cfa68581127e344f31d8d7c624bdc52cbb Mon Sep 17 00:00:00 2001 From: Achilleas Pipinellis Date: Wed, 3 Feb 2016 13:18:37 +0200 Subject: Refactor OAuth provider documentation [ci skip] --- .../img/oauth_provider_admin_application.png | Bin 55533 -> 40579 bytes .../img/oauth_provider_application_form.png | Bin 25075 -> 27974 bytes .../img/oauth_provider_application_id_secret.png | Bin 0 -> 33901 bytes .../img/oauth_provider_authorized_application.png | Bin 17260 -> 32225 bytes .../img/oauth_provider_user_wide_applications.png | Bin 46238 -> 40632 bytes doc/integration/oauth_provider.md | 89 ++++++++++++++++----- 6 files changed, 67 insertions(+), 22 deletions(-) create mode 100644 doc/integration/img/oauth_provider_application_id_secret.png diff --git a/doc/integration/img/oauth_provider_admin_application.png b/doc/integration/img/oauth_provider_admin_application.png index a5f34512aa8..a2d8e14c120 100644 Binary files a/doc/integration/img/oauth_provider_admin_application.png and b/doc/integration/img/oauth_provider_admin_application.png differ diff --git a/doc/integration/img/oauth_provider_application_form.png b/doc/integration/img/oauth_provider_application_form.png index ae135db2627..3a676b22393 100644 Binary files a/doc/integration/img/oauth_provider_application_form.png and b/doc/integration/img/oauth_provider_application_form.png differ diff --git a/doc/integration/img/oauth_provider_application_id_secret.png b/doc/integration/img/oauth_provider_application_id_secret.png new file mode 100644 index 00000000000..6d68df001af Binary files /dev/null and b/doc/integration/img/oauth_provider_application_id_secret.png differ diff --git a/doc/integration/img/oauth_provider_authorized_application.png b/doc/integration/img/oauth_provider_authorized_application.png index d3ce05be9cc..efc3b807d71 100644 Binary files a/doc/integration/img/oauth_provider_authorized_application.png and b/doc/integration/img/oauth_provider_authorized_application.png differ diff --git a/doc/integration/img/oauth_provider_user_wide_applications.png b/doc/integration/img/oauth_provider_user_wide_applications.png index 719e1974068..45ad8a6d468 100644 Binary files a/doc/integration/img/oauth_provider_user_wide_applications.png and b/doc/integration/img/oauth_provider_user_wide_applications.png differ diff --git a/doc/integration/oauth_provider.md b/doc/integration/oauth_provider.md index f0c2a45b6ae..5f8bb57365c 100644 --- a/doc/integration/oauth_provider.md +++ b/doc/integration/oauth_provider.md @@ -1,35 +1,80 @@ -## GitLab as OAuth2 authentication service provider +# GitLab as OAuth2 authentication service provider -This document is about using GitLab as an OAuth authentication service provider to sign into other services. -If you want to use other OAuth authentication service providers to sign into GitLab please see the [OAuth2 client documentation](../api/oauth2.md) +This document is about using GitLab as an OAuth authentication service provider +to sign in to other services. -OAuth2 provides client applications a 'secure delegated access' to server resources on behalf of a resource owner. Or you can allow users to sign in to your application with their GitLab.com account. -In fact OAuth allows to issue access token to third-party clients by an authorization server, -with the approval of the resource owner, or end-user. -Mostly, OAuth2 is using for SSO (Single sign-on). But you can find a lot of different usages for this functionality. -For example, our feature 'GitLab Importer' is using OAuth protocol to give an access to repositories without sharing user credentials to GitLab.com account. -Also GitLab.com application can be used for authentication to your GitLab instance if needed [GitLab OmniAuth](gitlab.md). +If you want to use other OAuth authentication service providers to sign in to +GitLab, please see the [OAuth2 client documentation](../api/oauth2.md). -GitLab has two ways to add new OAuth2 application to an instance, you can add application as regular user and through admin area. So GitLab actually can have an instance-wide and a user-wide applications. There is no defferences between them except the different permission levels. +## Introduction to OAuth -### Adding application through profile -Go to your profile section 'Application' and press button 'New Application' +[OAuth] provides to client applications a 'secure delegated access' to server +resources on behalf of a resource owner. In fact, OAuth allows an authorization +server to issue access tokens to third-party clients with the approval of the +resource owner, or the end-user. -![applications](img/oauth_provider_user_wide_applications.png) +OAuth is mostly used as a Single Sign-On service (SSO), but you can find a +lot of different uses for this functionality. For example, you can allow users +to sign in to your application with their GitLab.com account, or GitLab.com +can be used for authentication to your GitLab instance +(see [GitLab OmniAuth](gitlab.md)). -After this you will see application form, where "Name" is arbitrary name, "Redirect URI" is URL in your app where users will be sent after authorization on GitLab.com. +The 'GitLab Importer' feature is also using the OAuth protocol to give access +to repositories without sharing user credentials to your GitLab.com account. -![application_form](img/oauth_provider_application_form.png) +--- -### Authorized application -Every application you authorized will be shown in your "Authorized application" sections. +GitLab supports two ways of adding a new OAuth2 application to an instance. You +can either add an application as a regular user or add it in the admin area. +What this means is that GitLab can actually have instance-wide and a user-wide +applications. There is no difference between them except for the different +permission levels they are set (user/admin). -![authorized_application](img/oauth_provider_authorized_application.png) +## Adding an application through the profile -As you can see we use default scope "api" here which is only scope we have so far. At any time you can revoke access just clicking button "Revoke". +In order to add a new application via your profile, navigate to +**Profile Settings > Applications** and select **New Application**. -### OAuth applications in admin area +![New OAuth application](img/oauth_provider_user_wide_applications.png) -If you want to create application that does not belong to certain user you can create it from admin area +--- -![admin_application](img/oauth_provider_admin_application.png) +In the application form, enter a **Name** (arbitrary), and make sure to set up +correctly the **Redirect URI** which is the URL where users will be sent after +they authorize with GitLab. + +![New OAuth application form](img/oauth_provider_application_form.png) + +--- + +When you hit **Submit** you will be provided with the application ID and +the application secret which you can then use with your application that +connects to GitLab. + +![OAuth application ID and secret](img/oauth_provider_application_id_secret.png) + +--- + +## OAuth applications in the admin area + +To create an application that does not belong to a certain user, you can create +it from the admin area. + +![OAuth admin_applications](img/oauth_provider_admin_application.png) + +--- + +## Authorized applications + +Every application you authorized to use your GitLab credentials will be shown +in the **Authorized applications** section under **Profile Settings > Applications**. + +![Authorized_applications](img/oauth_provider_authorized_application.png) + +--- + +As you can see, the default scope `api` is used, which is the only scope that +GitLab supports so far. At any time you can revoke any access by just clicking +**Revoke**. + +[oauth]: http://oauth.net/2/ "OAuth website" -- cgit v1.2.1