@ -3,7 +3,7 @@ group: Accounts
|
||||
weight: 60
|
||||
title: External OAuth Clients
|
||||
---
|
||||
If you would like to facilitate your own OAuth authentication rather than use Netlify's service or implicit grant, you can use one of the community-maintained projects below. Feel free to hit the "Edit this page" button if you'd like to add yours!
|
||||
If you would like to facilitate your own OAuth authentication rather than use Netlify's service or a client side flow like implicit or PKCE, you can use one of the community-maintained projects below. Feel free to hit the "Edit this page" button if you'd like to add yours!
|
||||
|
||||
| Author | Supported Git hosts | Language(s)/Platform(s) | Link |
|
||||
| ------------------------------------------------------------ | --------------------------------- | --------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------ |
|
||||
|
@ -7,10 +7,11 @@ For repositories stored on GitLab, the `gitlab` backend allows CMS users to log
|
||||
|
||||
**Note:** GitLab default branch is protected by default, thus typically requires `maintainer` permissions in order for users to have push access.
|
||||
|
||||
The GitLab API allows for two types of OAuth2 flows:
|
||||
The GitLab API allows for three types of OAuth2 flows:
|
||||
|
||||
* [Authorization Code Flow](https://docs.gitlab.com/ce/api/oauth2.html#authorization-code-flow), which works much like the GitHub OAuth flow described above.
|
||||
* [Implicit Grant Flow](https://docs.gitlab.com/ce/api/oauth2.html#implicit-grant-flow), which operates *without* the need for an authentication server.
|
||||
* [Authorization Code with PKCE Flow](https://docs.gitlab.com/ce/api/oauth2.html#authorization-code-with-proof-key-for-code-exchange-pkce), which operates *without* the need for an authentication server.
|
||||
* (DEPRECATED [Implicit Grant Flow](https://docs.gitlab.com/ce/api/oauth2.html#implicit-grant-flow), which operates *without* the need for an authentication server.
|
||||
|
||||
## Authorization Code Flow with Netlify
|
||||
|
||||
@ -28,7 +29,36 @@ backend:
|
||||
repo: owner-name/repo-name # Path to your GitLab repository
|
||||
```
|
||||
|
||||
## Client-Side Implicit Grant (GitLab)
|
||||
|
||||
## Client-Side PKCE Authorization
|
||||
|
||||
With GitLab's PKCE authorization, users can authenticate with GitLab directly from the client. To do this:
|
||||
|
||||
1. Follow the [GitLab docs](https://docs.gitlab.com/ee/integration/oauth_provider.html#adding-an-application-through-the-profile) to add your Netlify CMS instance as an OAuth application and uncheck the **Confidential** checkbox. For the **Redirect URI**, enter the address where you access Netlify CMS, for example, `https://www.mysite.com/admin/`. For scope, select `api`.
|
||||
2. GitLab gives you an **Application ID**. Copy this ID and enter it in your Netlify CMS `config.yml` file, along with the following settings:
|
||||
|
||||
```yaml
|
||||
backend:
|
||||
name: gitlab
|
||||
repo: owner-name/repo-name # Path to your GitLab repository
|
||||
auth_type: pkce # Required for pkce
|
||||
app_id: your-app-id # Application ID from your GitLab settings
|
||||
```
|
||||
|
||||
You can also use PKCE Authorization with a self-hosted GitLab instance. This requires adding `api_root`, `base_url`, and `auth_endpoint` fields:
|
||||
|
||||
```yaml
|
||||
backend:
|
||||
name: gitlab
|
||||
repo: owner-name/repo-name # Path to your GitLab repository
|
||||
auth_type: pkce # Required for pkce
|
||||
app_id: your-app-id # Application ID from your GitLab settings
|
||||
api_root: https://my-hosted-gitlab-instance.com/api/v4
|
||||
base_url: https://my-hosted-gitlab-instance.com
|
||||
auth_endpoint: oauth/authorize
|
||||
```
|
||||
|
||||
## (DEPRECATED) Client-Side Implicit Grant
|
||||
|
||||
**Note:** This method is not recommended and will be deprecated both [by GitLab](https://gitlab.com/gitlab-org/gitlab/-/issues/288516) and [in the OAuth 2.1 specification](https://oauth.net/2.1/) in the future.
|
||||
|
||||
@ -58,4 +88,4 @@ With GitLab's Implicit Grant, users can authenticate with GitLab directly from t
|
||||
auth_endpoint: oauth/authorize
|
||||
```
|
||||
|
||||
**Note:** In both cases, GitLab also provides you with a client secret. You should *never* store this in your repo or reveal it in the client.
|
||||
**Note:** In all cases, GitLab also provides you with a client secret. You should *never* store this in your repo or reveal it in the client.
|
||||
|
Reference in New Issue
Block a user