/doc/integration/google.md
Markdown | 120 lines | 93 code | 27 blank | 0 comment | 0 complexity | 5675e5d5275f539b452e024f9d6b88d0 MD5 | raw file
- # Google OAuth2 OmniAuth Provider
- To enable the Google OAuth2 OmniAuth provider you must register your application
- with Google. Google will generate a client ID and secret key for you to use.
- ## Enabling Google OAuth
- In Google's side:
- 1. Navigate to the [cloud resource manager](https://console.cloud.google.com/cloud-resource-manager) page
- 1. Select **Create Project**
- 1. Provide the project information:
- - **Project name** - "GitLab" works just fine here.
- - **Project ID** - Must be unique to all Google Developer registered applications.
- Google provides a randomly generated Project ID by default. You can use
- the randomly generated ID or choose a new one.
- 1. Refresh the page and you should see your new project in the list
- 1. Go to the [Google API Console](https://console.developers.google.com/apis/dashboard)
- 1. Select the previously created project in the upper left corner
- 1. Select **Credentials** from the sidebar
- 1. Select **OAuth consent screen** and fill the form with the required information
- 1. In the **Credentials** tab, select **Create credentials > OAuth client ID**
- 1. Fill in the required information
- - **Application type** - Choose "Web Application"
- - **Name** - Use the default one or provide your own
- - **Authorized JavaScript origins** -This isn't really used by GitLab but go
- ahead and put `https://gitlab.example.com`
- - **Authorized redirect URIs** - Enter your domain name followed by the
- callback URIs one at a time:
- ```
- https://gitlab.example.com/users/auth/google_oauth2/callback
- https://gitlab.example.com/-/google_api/auth/callback
- ```
- 1. You should now be able to see a Client ID and Client secret. Note them down
- or keep this page open as you will need them later.
- 1. To enable projects to access [Google Kubernetes Engine](../user/project/clusters/index.md), you must also
- enable these APIs:
- - Google Kubernetes Engine API
- - Cloud Resource Manager API
- - Cloud Billing API
- To do so you need to:
- 1. Go to the [Google API Console](https://console.developers.google.com/apis/dashboard).
- 1. Click on **ENABLE APIS AND SERVICES** button at the top of the page.
- 1. Find each of the above APIs. On the page for the API, press the **ENABLE** button.
- It may take a few minutes for the API to be fully functional.
- On your GitLab server:
- 1. Open the configuration file.
- For Omnibus GitLab:
- ```shell
- sudo editor /etc/gitlab/gitlab.rb
- ```
- For installations from source:
- ```shell
- cd /home/git/gitlab
- sudo -u git -H editor config/gitlab.yml
- ```
- 1. See [Initial OmniAuth Configuration](omniauth.md#initial-omniauth-configuration) for initial settings.
- 1. Add the provider configuration:
- For Omnibus GitLab:
- ```ruby
- gitlab_rails['omniauth_providers'] = [
- {
- "name" => "google_oauth2",
- "app_id" => "YOUR_APP_ID",
- "app_secret" => "YOUR_APP_SECRET",
- "args" => { "access_type" => "offline", "approval_prompt" => '' }
- }
- ]
- ```
- For installations from source:
- ```yaml
- - { name: 'google_oauth2', app_id: 'YOUR_APP_ID',
- app_secret: 'YOUR_APP_SECRET',
- args: { access_type: 'offline', approval_prompt: '' } }
- ```
- 1. Change `YOUR_APP_ID` to the client ID from the Google Developer page
- 1. Similarly, change `YOUR_APP_SECRET` to the client secret
- 1. Make sure that you configure GitLab to use an FQDN as Google will not accept
- raw IP addresses.
- For Omnibus packages:
- ```ruby
- external_url 'https://gitlab.example.com'
- ```
- For installations from source:
- ```yaml
- gitlab:
- host: https://gitlab.example.com
- ```
- 1. Save the configuration file.
- 1. [Reconfigure][] or [restart GitLab][] for the changes to take effect if you
- installed GitLab via Omnibus or from source respectively.
- On the sign in page there should now be a Google icon below the regular sign in
- form. Click the icon to begin the authentication process. Google will ask the
- user to sign in and authorize the GitLab application. If everything goes well
- the user will be returned to GitLab and will be signed in.
- [reconfigure]: ../administration/restart_gitlab.md#omnibus-gitlab-reconfigure
- [restart GitLab]: ../administration/restart_gitlab.md#installations-from-source