Skip to main content

GitLab 身份验证提供程序

Backstagecore-plugin-api软件包自带一个 GitLab 身份验证提供程序,可使用 GitLab OAuth 对用户进行身份验证。

在 GitLab 上创建 OAuth 应用程序

要支持 GitLab 身份验证,必须从GitLab 设置......。Redirect URI应指向您的Backstage授权处理程序。

  1. Set Application Name to backstage-dev or something along those lines. 2. The Authorization Callback URL should match the redirect URI set in Backstage. 1. Set this to http://localhost:7007/api/auth/gitlab/handler/frame for local development. 2. Set this to http://{APP_FQDN}:{APP_BACKEND_PORT}/api/auth/gitlab/handler/frame for non-local deployments. 3. Select the following scopes from the list: + [x] read_user Grants read-only access to the authenticated user's profile through the /user API endpoint, which includes username, public email, and full name. Also grants access to read-only API endpoints under /users. + [x] read_repository Grants read-only access to repositories on private projects using Git-over-HTTP (not using the API). + [x] write_repository Grants read-write access to repositories on private projects using Git-over-HTTP (not using the API). + [x] openid Grants permission to authenticate with GitLab using OpenID Connect. Also gives read-only access to the user's profile and group

配置

然后就可以将提供程序配置添加到您的app-config.yaml根目录下auth配置:

auth:
  environment: development
  providers:
    gitlab:
      development:
        clientId: ${AUTH_GITLAB_CLIENT_ID}
        clientSecret: ${AUTH_GITLAB_CLIENT_SECRET}
        ## uncomment if using self-hosted GitLab
        # audience: https://gitlab.company.com
        ## uncomment if using a custom redirect URI
        # callbackUrl: https://${BASE_URL}/api/auth/gitlab/handler/frame

GitLab 提供程序是一个包含三个配置键的结构:

  • clientId: The Application ID that you generated on GitLab, e.g. 4928c033ab3d592845c044a653bc20583baf84f2e67b954c6fdb32a532ab76c9 * clientSecret: The Application secret * audience (optional): The base URL for the self-hosted GitLab instance, e.g. https://gitlab.company.com * callbackUrl (optional): The URL matching the Redirect URI registered when creating your GitLab OAuth App, e.g. https://$backstage.acme.corp/api/auth/gitlab/handler/frame Note: Due to a peculiarity with GitLab OAuth, ensure there is no trailing / after 'frame' in the URL.

将提供程序添加到 Backstage 前端

要将提供程序添加到前端,请添加gitlabAuthApi参考和SignInPage如图所示将提供商添加到登录页面.