GitLab Authentication Provider
The Backstage core-plugin-api
package comes with a GitLab authentication
provider that can authenticate users using GitLab OAuth.
Create an OAuth App on GitLab
To support GitLab authentication, you must create an Application from the
GitLab settings. The Redirect URI
should point to your Backstage backend auth handler.
Settings for local development:
- Name: Backstage (or your custom app name)
- Redirect URI:
http://localhost:7007/api/auth/gitlab/handler/frame
- Scopes:
read_api
andread_user
Configuration
The provider configuration can then be added to your app-config.yaml
under the
root auth
configuration:
auth:
environment: development
providers:
gitlab:
development:
clientId: ${AUTH_GITLAB_CLIENT_ID}
clientSecret: ${AUTH_GITLAB_CLIENT_SECRET}
## uncomment if using self-hosted GitLab
# audience: https://gitlab.company.com
## uncomment if using a custom redirect URI
# callbackUrl: https://${BASE_URL}/api/auth/gitlab/handler/frame
The GitLab provider is a structure with three configuration keys:
clientId
: The Application ID that you generated on GitLab, e.g.4928c033ab3d592845c044a653bc20583baf84f2e67b954c6fdb32a532ab76c9
clientSecret
: The Application secretaudience
(optional): The base URL for the self-hosted GitLab instance, e.g.https://gitlab.company.com
callbackUrl
(optional): The URL matching the Redirect URI registered when creating your GitLab OAuth App, e.g.https://$backstage.acme.corp/api/auth/gitlab/handler/frame
Note: Due to a peculiarity with GitLab OAuth, ensure there is no trailing/
after 'frame' in the URL.
Adding the provider to the Backstage frontend
To add the provider to the frontend, add the gitlabAuthApi
reference and
SignInPage
component as shown in
Adding the provider to the sign-in page.