Implementing Gitlab OAuth
Issue: #57 Implement Gitlab login with OAuth
Approach:
As per the use case of this project, I implemented Gitlab OAuth with PKCE. For this, we are not required to pass the Secret to the server and it will work with just the ClientID.
Note: The backend can also be deployed using a Socket, I am unable to configure OAuth with that. I did some research and it seems that OAuth can only work over HTTP/HTTPS. I have added a check that if Sockets are being used for deployment, I am skipping the OAuth Flow.
Note 2: I have added the OAuth support with unix socket as well, but it does require the proxy_port of the NGINX conf for building the callback url
I have added the OAuth check as a middleware in routing so it is being checked over all the routes. I am open to any changes to this approach.
Flow:
The general flow of the program is as per this
Merge request reports
Activity
added 1 commit
- f1ac4fd1 - [feat] added token authentication via gitlab
added 1 commit
- 5366b95f - [fix] added feature to generate the redirect url from config
added 1 commit
- c1b278ce - [fix] Modified redirect url for server when deployed via socket
Sorry for being a bit late, but I have tested the Gitlab OAuth as for both Unix Socket and Http Port and am adding a screen recording for better context.
Screencast_from_2024-03-16_00-31-53
The screen recording is for server being hosted on a unix socket. I am also Marking it as ready and removing from Draft.
Edited by Achintya Singhadded 1 commit
- 79dbc416 - chore: implemented redirect url, path and oauth url to be configured by config
-
Regarding the encrypted cookie, maybe you can use https://github.com/gin-contrib/sessions?tab=readme-ov-file#cookie-based instead which seems to nicely integrate with gin.
Additionally we need a way to only allow users that are member in a specific group with a specific role so that i.e. only VideoLAN maintainer group members can login.
