PageRenderTime 25ms CodeModel.GetById 24ms RepoModel.GetById 0ms app.codeStats 0ms

/doc/integration/google.md

https://gitlab.com/rymai/gitlab
Markdown | 120 lines | 93 code | 27 blank | 0 comment | 0 complexity | 5675e5d5275f539b452e024f9d6b88d0 MD5 | raw file
    

  1. # Google OAuth2 OmniAuth Provider
    2. 

  2. 

  3. To enable the Google OAuth2 OmniAuth provider you must register your application
    4. 

  4. with Google. Google will generate a client ID and secret key for you to use.
    5. 

  5. 

  6. ## Enabling Google OAuth
    7. 

  7. 

  8. In Google's side:
    9. 

    10. 

  10. 1. Navigate to the [cloud resource manager](https://console.cloud.google.com/cloud-resource-manager) page
    11. 

  11. 1. Select **Create Project**
    12. 

  12. 1. Provide the project information:
    13. 

  13.    - **Project name** - "GitLab" works just fine here.
    14. 

  14.    - **Project ID** - Must be unique to all Google Developer registered applications.
    15. 

  15.      Google provides a randomly generated Project ID by default. You can use
    16. 

  16.      the randomly generated ID or choose a new one.
    17. 

  17. 1. Refresh the page and you should see your new project in the list
    18. 

  18. 1. Go to the [Google API Console](https://console.developers.google.com/apis/dashboard)
    19. 

  19. 1. Select the previously created project in the upper left corner
    20. 

  20. 1. Select **Credentials** from the sidebar
    21. 

  21. 1. Select **OAuth consent screen** and fill the form with the required information
    22. 

  22. 1. In the **Credentials** tab, select **Create credentials > OAuth client ID**
    23. 

  23. 1. Fill in the required information
    24. 

  24.    - **Application type** - Choose "Web Application"
    25. 

  25.    - **Name** - Use the default one or provide your own
    26. 

  26.    - **Authorized JavaScript origins** -This isn't really used by GitLab but go
    27. 

  27.      ahead and put `https://gitlab.example.com`
    28. 

  28.    - **Authorized redirect URIs** - Enter your domain name followed by the
    29. 

  29.      callback URIs one at a time:
    30. 

  30. 

  31.      ```
    32. 

  32.      https://gitlab.example.com/users/auth/google_oauth2/callback
    33. 

  33.      https://gitlab.example.com/-/google_api/auth/callback
    34. 

  34.      ```
    35. 

  35. 

  36. 1. You should now be able to see a Client ID and Client secret. Note them down
    37. 

  37.    or keep this page open as you will need them later.
    38. 

  38. 1. To enable projects to access [Google Kubernetes Engine](../user/project/clusters/index.md), you must also
    39. 

  39.    enable these APIs:
    40. 

  40.    - Google Kubernetes Engine API
    41. 

  41.    - Cloud Resource Manager API
    42. 

  42.    - Cloud Billing API
    43. 

  43. 

  44.    To do so you need to:
    45. 

  45. 

  46.    1. Go to the [Google API Console](https://console.developers.google.com/apis/dashboard).
    47. 

  47.    1. Click on **ENABLE APIS AND SERVICES** button at the top of the page.
    48. 

  48.    1. Find each of the above APIs. On the page for the API, press the **ENABLE** button.
    49. 

  49.       It may take a few minutes for the API to be fully functional.
    50. 

  50. 

  51. On your GitLab server:
    52. 

  52. 

  53. 1. Open the configuration file.
    54. 

  54. 

  55.    For Omnibus GitLab:
    56. 

  56. 

  57.    ```shell
    58. 

  58.    sudo editor /etc/gitlab/gitlab.rb
    59. 

  59.    ```
    60. 

  60. 

  61.    For installations from source:
    62. 

  62. 

  63.    ```shell
    64. 

  64.    cd /home/git/gitlab
    65. 

  65.    sudo -u git -H editor config/gitlab.yml
    66. 

  66.    ```
    67. 

  67. 

  68. 1. See [Initial OmniAuth Configuration](omniauth.md#initial-omniauth-configuration) for initial settings.
    69. 

  69. 1. Add the provider configuration:
    70. 

  70. 

  71.    For Omnibus GitLab:
    72. 

  72. 

  73.    ```ruby
    74. 

  74.    gitlab_rails['omniauth_providers'] = [
    75. 

  75.      {
    76. 

  76.        "name" => "google_oauth2",
    77. 

  77.        "app_id" => "YOUR_APP_ID",
    78. 

  78.        "app_secret" => "YOUR_APP_SECRET",
    79. 

  79.        "args" => { "access_type" => "offline", "approval_prompt" => '' }
    80. 

  80.      }
    81. 

  81.    ]
    82. 

  82.    ```
    83. 

  83. 

  84.    For installations from source:
    85. 

  85. 

  86.    ```yaml
    87. 

  87.    - { name: 'google_oauth2', app_id: 'YOUR_APP_ID',
    88. 

  88.      app_secret: 'YOUR_APP_SECRET',
    89. 

  89.      args: { access_type: 'offline', approval_prompt: '' } }
    90. 

  90.    ```
    91. 

  91. 

  92. 1. Change `YOUR_APP_ID` to the client ID from the Google Developer page
    93. 

  93. 1. Similarly, change `YOUR_APP_SECRET` to the client secret
    94. 

  94. 1. Make sure that you configure GitLab to use an FQDN as Google will not accept
    95. 

  95.    raw IP addresses.
    96. 

  96. 

  97.    For Omnibus packages:
    98. 

  98. 

  99.    ```ruby
    100. 

  100.    external_url 'https://gitlab.example.com'
    101. 

  101.    ```
    102. 

  102. 

  103.    For installations from source:
    104. 

  104. 

  105.    ```yaml
    106. 

  106.    gitlab:
    107. 

  107.      host: https://gitlab.example.com
    108. 

  108.    ```
    109. 

  109. 

  110. 1. Save the configuration file.
    111. 

  111. 1. [Reconfigure][] or [restart GitLab][] for the changes to take effect if you
    112. 

  112.    installed GitLab via Omnibus or from source respectively.
    113. 

  113. 

  114. On the sign in page there should now be a Google icon below the regular sign in
    115. 

  115. form. Click the icon to begin the authentication process. Google will ask the
    116. 

  116. user to sign in and authorize the GitLab application. If everything goes well
    117. 

  117. the user will be returned to GitLab and will be signed in.
    118. 

  118. 

  119. [reconfigure]: ../administration/restart_gitlab.md#omnibus-gitlab-reconfigure
    120. 

  120. [restart GitLab]: ../administration/restart_gitlab.md#installations-from-source
    121. 

  121.