fh1ch / passport-gitlab2 Goto Github PK
View Code? Open in Web Editor NEWGitLab authentication strategy for Passport
License: MIT License
GitLab authentication strategy for Passport
License: MIT License
Is it possible to allow a user not by specifying all users, but to allow login by group?
In what cases would one use only 'read_user' scope?
After the authentication, the profile is retrieved using the api/v3/user
URL - using only 'read_user' scope will result in 403 error:
{"error":"insufficient_scope","error_description":"The request requires higher privileges than provided by the access token.","scope":"api"}
After I authorize the project to have Gitlab access I got this error:
Implementation:
middleware
passport.use(new gitlab.Strategy({
clientID: config.GITLAB.APPLICATION_ID,
clientSecret: config.GITLAB.SECRET,
callbackURL: "http://localhost:3000/auth/gitlab/callback"
}, (accessToken, refreshToken, profile, cb) => {
console.log(accesstoken)
return cb(null, profile)
}
))
auth route
passport.authenticate('gitlab', {
state: userId,
scope: ['api']
})
callback
router.get('/auth/gitlab/callback',
passport.authenticate('gitlab', {
failureRedirect: '/login'
}), gitlabCallback )
I have to mention that authentication was working until a couple of weeks ago, when I worked last time on the project and now this error occurred. Moreover, the code and the necessary tokens were not changed since implementation. It might be a change in Gitlab's api or am I am missing something?
Hey guys. I'm unsure if the library is still maintained, but I hope so.
After a simple setup, I keep being redirected to https://gitlab.com/users/sign_in with a 503 error.
If I copy/paste the second step directly into the browser, it actually works. I'm not entirely sure why number 2 tries to call the sign_in URL, but it does.
Any help is highly appreciated.
Hey,
i'm using sailsjs (latest 1.2.3)
When the gitlab
action is called i get an infinite loop.
Action in my controller
gitlab: function (req, res, next) {
sails.log.info("Gitlab");
passport.authenticate('gitlab');
},
Strategy config
passport.use(new GitLabStrategy({
clientID: "CLIENT_ID",
clientSecret: "SECRET",
callbackURL: 'http://localhost:1337/auth/gitlab/callback',
baseURL: "https://gitlab.example.org/",
usernameField: 'username'
},
function (accessToken, refreshToken, profile, cb) {
sails.log.info(profile);
User.findOrCreate({gitlabId: profile.id}, function (err, user) {
return cb(err, user);
});
}
));
Can't get any debug information, only in the log output of sails.log.info
shows up on each loop.
Any idea idea what is going wrong here?
Hi,
Each time I am redirected to oauth/authorize it shows up the authorization form, even if I previously approved the authorization.
passport.use(new GitLabStrategy({
baseURL: xxx,
clientID: xxx,
clientSecret: xxx,
callbackURL: xxx
}, afterGitLabLoginHandler));
router.get(yyy, passport.authenticate('gitlab', { scope: ['api'] }));
I'm missing something ?
Thank you.
From a discussion we know, that GitLab also does support a read_user
scope. The documentation in README.md#how-do-i-change-permissions--scope-when-obtaining-a-user-profile does not reflect this, yet.
Unlike several other passport strategies (including passport-facebook, passport-github, and passport-twitter) that provide the user avatar in the profile object photos
field, passport-gitlab2 uses avatarUrl
instead.
Is there any reason for that? Would you accept a PR that change it?
Hello,
I'm trying to integrate gitlab login in my application. I read the documentation, filled all the required credentials and added the callback endpoint but I think I'm missing something related with scopes because I get 401 although I set username: "ericzon" with permissions: ["*"]
Here is my basic setup:
const app = express();
console.log('Starting application...');
app.use('/',express.static('public'));
app.use(session({
secret: 'keyboard cat',
resave: false,
saveUninitialized: true
}))
const server = http.createServer(app);
app.use(passport.initialize());
app.use(passport.session());
passport.serializeUser((user, done) => {
done(null, user)
});
passport.deserializeUser(async (user, done) => {
console.log('deserialize > incoming user: ', user);
done(null, user);
});
const settings = {
httpAdminRoot:'/red',
httpNodeRoot: '/api',
userDir: path.join(__dirname, path.sep, 'userDir'),
functionGlobalContext: { }, // enables global context
adminAuth: require('./userDir/node_modules/node-red-auth-gitlab')({
clientID: "<MY_CLIENT_ID>",
clientSecret: "<MY_SECRET>",
baseURL: "http://localhost:3000",
gitlabURL: "https://gitlab.com/",
users: [
{ username: "ericzon", permissions: ["*"]}
]
})
};
RED.init(server, settings);
app.use(settings.httpAdminRoot, RED.httpAdmin);
app.use(settings.httpNodeRoot, RED.httpNode);
app.get('/auth/strategy/callback',
passport.authenticate('gitlab', {
failureRedirect: '/red-auth-failure'
}),
function(req, res) {
// Successful authentication, redirect home.
res.redirect('/red');
});
const PORT = process.env.PORT || 3000;
server.listen(PORT), () => {
console.log('Listening port ' + PORT);
};
I go through all the process of login against Gitlab, all seems ok but when I return to backoffice, settings request returns 401 and login appears:
I'm using node-red version: v1.0.6 in MACOS Mojave
P.S: just to give more details, if I add a log in deserializeUser I get:
{
username: 'ericzon',
permissions: [ '*' ],
tokens: {
accessToken: ... // a-valid-access-token,
expires_in: 604800
}
}
adding another log in @node-red/editor-api/lib/auth/index.js inside needsPermission method I can see that 401 is returned after failing settings.read
Thank you
I am unable to get the
function(accessToken, refreshToken, profile, cb) {
console.log(profile);
}
to fire when authenticating
passport.use(new gitlabAuth({
clientID: info.gitlabID,
clientSecret: info.gitlabSecret,
callbackURL: "http://bertie.io:"+opts.port+"/auth/gitlab/callback",
baseURL: "http://git.bertie.io"
},function(accessToken, refreshToken, profile, cb) {
console.log(profile);
}
));
Full code
var passport = require("passport");
var gitlabAuth = require("passport-gitlab2");
var info = require("./info.js");
var express = require("express");
var morgan = require('morgan');
var opts = {};
opts.port = 3000;
var app = express();
app.use(morgan('common'));
var admin = express.Router();
app.use(require('serve-static')(__dirname + '/../../public'));
app.use(require('express-session')({
secret: 'keyboard cat',
resave: true,
saveUninitialized: true
}));
app.use(passport.initialize());
app.use(passport.session());
console.log("Server running on port: " + opts.port);
passport.use(new gitlabAuth({
clientID: info.gitlabID,
clientSecret: info.gitlabSecret,
callbackURL: "http://bertie.io:"+opts.port+"/auth/gitlab/callback",
baseURL: "http://git.bertie.io"
},function(accessToken, refreshToken, profile, cb) {
console.log(profile);
}
));
app.get('/', function(req, res) {
res.send('Hello World')
})
app.get('/auth/gitlab', passport.authenticate('gitlab', {scope: ['api']}));
function gitLabTest(res) {
var gitlab = require('gitlab')({
url: 'http://git.bertie.io',
token: info.pvTest
});
// Listing users
gitlab.issues.all(function(issues) {
for(var i = 0; i < issues.length; i++){
if (issues[i].author.id = 2) {
console.log("#" + issues[i].id + ": " + issues[i].project_id + ", " + issues[i].author.name);
}
}
// for (var i = 0; i < users.length; i++) {
// console.log("#" + users[i].id + ": " + users[i].email + ", " + users[i].name + ", " + users[i].created_at);
// }
// });
//
// // Listing projects
// gitlab.projects.all(function(projects) {
// for (var i = 0; i < projects.length; i++) {
// console.log("#" + projects[i].id + ": " + projects[i].name + ", path: " + projects[i].path + ", default_branch: " + projects[i].default_branch + ", private: " + projects[i]["private"] + ", owner: " + projects[i].owner.name + " (" + projects[i].owner.email + "), date: " + projects[i].created_at);
// }
});
}
app.get('/auth/gitlab/callback', function(req, res) {
gitLabTest(res);
});
app.listen(3000)
//Connection
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.