sameersbn
Need `authorize_params` in oauth2_generic
Currently I am in need for authorize_params key in oauth2_generic provider, as seen in this example from https://docs.gitlab.com/ee/integration/oauth2_generic.html#configure-the-oauth-20-provider
gitlab_rails['omniauth_providers'] = [
{
name: "oauth2_generic",
label: "Provider name", # optional label for login button, defaults to "Oauth2 Generic"
app_id: "<your_app_client_id>",
app_secret: "<your_app_client_secret>",
args: {
client_options: {
site: "<your_auth_server_url>",
user_info_url: "/oauth2/v1/userinfo",
authorize_url: "/oauth2/v1/authorize",
token_url: "/oauth2/v1/token"
},
user_response_structure: {
root_path: [],
id_path: ["sub"],
attributes: {
email: "email",
name: "name"
}
},
authorize_params: { --------------> this
scope: "openid profile email"
},
strategy_class: "OmniAuth::Strategies::OAuth2Generic"
}
}
]
-
I have tried to inject it using "sed inplace in specific line number" before /sbin/entrypoint.sh but I can't seems to find the key for oauth2_generic in gitlab.yaml inside container.
-
And currently I am trying to build the image from source, but it took so long :sweat_smile: .
-
I also tried to volume mount the gitlab.yml with
volumes:
- ./.dockerdata/gitlab:/home/git/data:Z
- $PWD/gitlab.yml:/home/git/gitlab/config/gitlab.yml
but got this sed: cannot rename /home/git/gitlab/config/sedgfJOQv: Device or resource busy
Any suggestion ?
So, I end up building my own image from this repo, and modifying the gitlab.yml to my needs. Now that I've tried it, it works, but I think option 3 is a bit more viable and easier. Anyway, here's my change to the files
My name/email reside in sub node, so I remove the quote from the attributes.name
--- a/assets/runtime/config/gitlabhq/gitlab.yml
+++ b/assets/runtime/config/gitlabhq/gitlab.yml
@@ -347,7 +347,7 @@ production: &base
google_json_key_location: {{GITLAB_PACKAGES_OBJECT_STORE_CONNECTION_GOOGLE_JSON_KEY_LOCATION}}
#end-packages-gcs
-
+
## Dependency Proxy
dependency_proxy:
enabled: true
@@ -1010,13 +1010,14 @@ production: &base
end_session_endpoint: '{{OAUTH2_GENERIC_CLIENT_END_SESSION_ENDPOINT}}',
},
user_response_structure: {
- id_path: '{{OAUTH2_GENERIC_ID_PATH}}',
+ id_path: {{OAUTH2_GENERIC_ID_PATH}},
attributes: {
- uid: '{{OAUTH2_GENERIC_USER_UID}}',
- name: '{{OAUTH2_GENERIC_USER_NAME}}',
- email: '{{OAUTH2_GENERIC_USER_EMAIL}}'
+ uid: {{OAUTH2_GENERIC_USER_UID}},
+ name: {{OAUTH2_GENERIC_USER_NAME}},
+ email: {{OAUTH2_GENERIC_USER_EMAIL}}
}
},
+ authorize_params: { scope: "{{OAUTH2_GENERIC_AUTHORIZE_PARAMS_SCOPE}}" },
name: '{{OAUTH2_GENERIC_NAME}}' }}
index 787ce5c8..fd671e32 100644
--- a/assets/runtime/functions
+++ b/assets/runtime/functions
@@ -635,7 +635,8 @@ gitlab_configure_oauth2_generic() {
OAUTH2_GENERIC_USER_UID \
OAUTH2_GENERIC_USER_NAME \
OAUTH2_GENERIC_USER_EMAIL \
- OAUTH2_GENERIC_NAME
+ OAUTH2_GENERIC_NAME \
+ OAUTH2_GENERIC_AUTHORIZE_PARAMS_SCOPE
And to the env
environment:
- OAUTH2_GENERIC_NAME=oauth2_generic
- OAUTH2_GENERIC_AUTHORIZE_PARAMS_SCOPE=user.basic
- OAUTH2_GENERIC_ID_PATH=['attributes', '********', 'attribute_value']
- OAUTH2_GENERIC_USER_UID='***********'
- OAUTH2_GENERIC_USER_NAME=['attributes', 'nama', 'attribute_value']
- OAUTH2_GENERIC_USER_EMAIL=['attributes', 'email', 'attribute_value']
- OAUTH_AUTO_LINK_USER='oauth2_generic'
Glad to hear it works for you. I would appreciate it if you could submit it as a pull request if you have time.
About option 3:
volumes: - ./.dockerdata/gitlab:/home/git/data:Z - $PWD/gitlab.yml:/home/git/gitlab/config/gitlab.ymlbut got this sed: cannot rename /home/git/gitlab/config/sedgfJOQv: Device or resource busy
Correction:
- $PWD/gitlab.yml:/etc/docker-gitlab/runtime/gitlab/gitlab.yml
These configurations (assets/runtime) are:
- Copied from project repository to /etc/docker-gitlab/runtime/ of image on build
- Copied from /etc/docker-gitlab/runtime to each path on container startup.
If you mount a file to installation destination, you may face permission issue on updating template file (as you have already reported).
I have the same issue, also the Label field is missing see https://github.com/sameersbn/docker-gitlab/issues/2838
