Configuring OAuth 2.0 for GitLab

To enable users to work with a remote Git repository that is hosted using a GitLab instance:

  1. Set up the GitLab authorized application (OAuth 2.0).

  2. Apply the GitLab authorized application Secret.

Setting up the GitLab authorized application

Set up a GitLab authorized application using OAuth 2.0.

Prerequisites

  • You are logged in to GitLab.

Procedure

  1. Click your avatar and go to Edit profile  Applications.

  2. Enter Che as the Name.

  3. Enter https://<che_fqdn>/api/oauth/callback as the Redirect URI.

  4. Check the Confidential and Expire access tokens checkboxes.

  5. Under Scopes, check the api, write_repository, and openid checkboxes.

  6. Click Save application.

  7. Copy and save the GitLab Application ID for use when applying the GitLab-authorized application Secret.

  8. Copy and save the GitLab Client Secret for use when applying the GitLab-authorized application Secret.

Additional resources

Applying the GitLab-authorized application Secret

Prepare and apply the GitLab-authorized application Secret.

Prerequisites

  • Setting up the GitLab authorized application is completed.

  • The following values, which were generated when setting up the GitLab authorized application, are prepared:

    • GitLab Application ID

    • GitLab Client Secret

  • An active kubectl session with administrative permissions to the destination Kubernetes cluster. See Overview of kubectl.

Procedure

  1. Prepare the Secret:

    kind: Secret
apiVersion: v1
metadata:
  name: gitlab-oauth-config
  namespace: eclipse-che (1)
  labels:
    app.kubernetes.io/part-of: che.eclipse.org
    app.kubernetes.io/component: oauth-scm-configuration
  annotations:
    che.eclipse.org/oauth-scm-server: gitlab
    che.eclipse.org/scm-server-endpoint: <gitlab_server_url> (2)
type: Opaque
stringData:
  id: <GitLab_Application_ID> (3)
  secret: <GitLab_Client_Secret> (4)
    1 The Che namespace. The default is eclipse-che.
    2 The GitLab server URL. Use https://gitlab.com for the SAAS version.
    3 The GitLab Application ID.
    4 The GitLab Client Secret.

  2. Apply the Secret:

    $ kubectl apply -f - <<EOF
<Secret_prepared_in_the_previous_step>
EOF

  3. Verify in the output that the Secret is created.

To configure OAuth 2.0 for another Gitlab provider, you have to repeat the steps above and create a second Gitlab OAuth Secret with a different name.