This document describes the use of GitLab as an identity provider with Pomerium.
# Setting up GitLab OAuth2 for your Application
Log in to your GitLab account or create one here.
Go to the user settings which can be found in the user profile to create an application like below:
- Add a new application by setting the following parameters:
|Name||The name of your web app|
|Scopes||Must select openid, read_user and read_api|
If no scopes are set, we will use the following scopes:
Client ID and
Client Secret will be displayed like below:
Client Secretin Pomerium's settings.
Your configuration should look like the following example:
authenticate_service_url: https://authenticate.localhost.pomerium.io idp_provider: "gitlab" idp_client_id: "REDACTED" // gitlab application ID idp_client_secret: "REDACTED" // gitlab application secret
When a user first uses pomerium to login, they will be presented with an authorization screen similar to the following depending on the scope parameters setup:
Please be aware that Group ID will be used to affirm group(s) a user belongs to.