| id | provider |
|---|---|
| title | GitLab Authentication Provider |
| sidebar_label | GitLab |
| description | Adding GitLab OAuth as an authentication provider in Backstage |
The Backstage core-plugin-api package comes with a GitLab authentication
provider that can authenticate users using GitLab OAuth.
To support GitLab authentication, you must create an Application from the
GitLab settings. The Redirect URI
should point to your Backstage backend auth handler.
Settings for local development:
- Name: Backstage (or your custom app name)
- Redirect URI:
http://localhost:7007/api/auth/gitlab/handler/frame - Scopes:
read_user
The provider configuration can then be added to your app-config.yaml under the
root auth configuration:
auth:
environment: development
providers:
gitlab:
development:
clientId: ${AUTH_GITLAB_CLIENT_ID}
clientSecret: ${AUTH_GITLAB_CLIENT_SECRET}
## uncomment if using self-hosted GitLab
# audience: https://gitlab.company.com
## uncomment if using a custom redirect URI
# callbackUrl: https://${BASE_URL}/api/auth/gitlab/handler/frameThe GitLab provider is a structure with three configuration keys:
clientId: The Application ID that you generated on GitLab, e.g.4928c033ab3d592845c044a653bc20583baf84f2e67b954c6fdb32a532ab76c9clientSecret: The Application secretaudience(optional): The base URL for the self-hosted GitLab instance, e.g.https://gitlab.company.comcallbackUrl(optional): The URL matching the Redirect URI registered when creating your GitLab OAuth App, e.g.https://$backstage.acme.corp/api/auth/gitlab/handler/frameNote: Due to a peculiarity with GitLab OAuth, ensure there is no trailing/after 'frame' in the URL.
To add the provider to the frontend, add the gitlabAuthApi reference and
SignInPage component as shown in
Adding the provider to the sign-in page.