Replace GitLab sudo-token-based authz impl with OAuth-based impl (!1923) · Merge requests · Administrator / sourcegraph

Administrator requested to merge bl/gitlab-oauth-authz into master Jan 16, 2019

Created by: beyang

Previous GitLab authz implementation required a sudo token. This replaces that implementation with one that uses a GitLab OAuth app, instead, which is consistent with what we already do for GitHub.

Old GitLab authz:

Requires sudo-scoped access token, which increased setup friction, because this requires admin permissions
Required a SSO authentication provider to be set in auth.providers (this would be the same SSO provider used to sign into the GitLab instance and would require their GitLab instance use SSO, as well)

New GitLab authz:

Requires creating a GitLab OAuth app (any user can do this)
Requires GitLab be set as an authentication provider in auth.providers

Fixes https://github.com/sourcegraph/sourcegraph/issues/1813

Replace GitLab sudo-token-based authz impl with OAuth-based impl

Merge request reports