Backstage Software Catalog and Developer Platform

Edit

GitLab Authentication Provider

The Backstage core-plugin-api package comes with a GitLab authentication provider that can authenticate users using GitLab OAuth.

Create an OAuth App on GitLab

To support GitLab authentication, you must create an Application from the GitLab settings. The Redirect URI should point to your Backstage backend auth handler.

Settings for local development:

  • Name: Backstage (or your custom app name)
  • Redirect URI: http://localhost:7007/api/auth/gitlab/handler/frame
  • Scopes: read_api and read_user

Configuration

The provider configuration can then be added to your app-config.yaml under the root auth configuration:

auth:
  environment: development
  providers:
    gitlab:
      development:
        clientId: ${AUTH_GITLAB_CLIENT_ID}
        clientSecret: ${AUTH_GITLAB_CLIENT_SECRET}
        ## uncomment if using self-hosted GitLab
        # audience: https://gitlab.company.com
        ## uncomment if using a custom redirect URI
        # callbackUrl: https://${BASE_URL}/api/auth/gitlab/handler/frame

The GitLab provider is a structure with three configuration keys:

  • clientId: The Application ID that you generated on GitLab, e.g. 4928c033ab3d592845c044a653bc20583baf84f2e67b954c6fdb32a532ab76c9
  • clientSecret: The Application secret
  • audience (optional): The base URL for the self-hosted GitLab instance, e.g. https://gitlab.company.com
  • callbackUrl (optional): The URL matching the Redirect URI registered when creating your GitLab OAuth App, e.g. https://$backstage.acme.corp/api/auth/gitlab/handler/frame Note: Due to a peculiarity with GitLab OAuth, ensure there is no trailing / after 'frame' in the URL.

Adding the provider to the Backstage frontend

To add the provider to the frontend, add the gitlabAuthApi reference and SignInPage component as shown in Adding the provider to the sign-in page.

Last updated on 1/29/2023
GitHubGoogle