Skip to content

Replace GitLab sudo-token-based authz impl with OAuth-based impl

Warren Gifford requested to merge bl/gitlab-oauth-authz into master

Created by: beyang

Previous GitLab authz implementation required a sudo token. This replaces that implementation with one that uses a GitLab OAuth app, instead, which is consistent with what we already do for GitHub.

Old GitLab authz:

  • Requires sudo-scoped access token, which increased setup friction, because this requires admin permissions
  • Required a SSO authentication provider to be set in auth.providers (this would be the same SSO provider used to sign into the GitLab instance and would require their GitLab instance use SSO, as well)

New GitLab authz:

  • Requires creating a GitLab OAuth app (any user can do this)
  • Requires GitLab be set as an authentication provider in auth.providers

Fixes https://github.com/sourcegraph/sourcegraph/issues/1813

Merge request reports

Loading