fh1ch / passport-gitlab2 Goto Github PK
View Code? Open in Web Editor NEWGitLab authentication strategy for Passport
License: MIT License
passport-gitlab2's Issues
Authorize request each time?
Hi,
Each time I am redirected to oauth/authorize it shows up the authorization form, even if I previously approved the authorization.
passport.use(new GitLabStrategy({
baseURL: xxx,
clientID: xxx,
clientSecret: xxx,
callbackURL: xxx
}, afterGitLabLoginHandler));
router.get(yyy, passport.authenticate('gitlab', { scope: ['api'] }));
I'm missing something ?
Thank you.
Why not make 'api' scope default?
In what cases would one use only 'read_user' scope?
After the authentication, the profile is retrieved using the api/v3/user URL - using only 'read_user' scope will result in 403 error:
{"error":"insufficient_scope","error_description":"The request requires higher privileges than provided by the access token.","scope":"api"}
Function after passport.use not working
I am unable to get the
function(accessToken, refreshToken, profile, cb) {
console.log(profile);
}
to fire when authenticating
passport.use(new gitlabAuth({
clientID: info.gitlabID,
clientSecret: info.gitlabSecret,
callbackURL: "http://bertie.io:"+opts.port+"/auth/gitlab/callback",
baseURL: "http://git.bertie.io"
},function(accessToken, refreshToken, profile, cb) {
console.log(profile);
}
));
Full code
var passport = require("passport");
var gitlabAuth = require("passport-gitlab2");
var info = require("./info.js");
var express = require("express");
var morgan = require('morgan');
var opts = {};
opts.port = 3000;
var app = express();
app.use(morgan('common'));
var admin = express.Router();
app.use(require('serve-static')(__dirname + '/../../public'));
app.use(require('express-session')({
secret: 'keyboard cat',
resave: true,
saveUninitialized: true
}));
app.use(passport.initialize());
app.use(passport.session());
console.log("Server running on port: " + opts.port);
passport.use(new gitlabAuth({
clientID: info.gitlabID,
clientSecret: info.gitlabSecret,
callbackURL: "http://bertie.io:"+opts.port+"/auth/gitlab/callback",
baseURL: "http://git.bertie.io"
},function(accessToken, refreshToken, profile, cb) {
console.log(profile);
}
));
app.get('/', function(req, res) {
res.send('Hello World')
})
app.get('/auth/gitlab', passport.authenticate('gitlab', {scope: ['api']}));
function gitLabTest(res) {
var gitlab = require('gitlab')({
url: 'http://git.bertie.io',
token: info.pvTest
});
// Listing users
gitlab.issues.all(function(issues) {
for(var i = 0; i < issues.length; i++){
if (issues[i].author.id = 2) {
console.log("#" + issues[i].id + ": " + issues[i].project_id + ", " + issues[i].author.name);
}
}
// for (var i = 0; i < users.length; i++) {
// console.log("#" + users[i].id + ": " + users[i].email + ", " + users[i].name + ", " + users[i].created_at);
// }
// });
//
// // Listing projects
// gitlab.projects.all(function(projects) {
// for (var i = 0; i < projects.length; i++) {
// console.log("#" + projects[i].id + ": " + projects[i].name + ", path: " + projects[i].path + ", default_branch: " + projects[i].default_branch + ", private: " + projects[i]["private"] + ", owner: " + projects[i].owner.name + " (" + projects[i].owner.email + "), date: " + projects[i].created_at);
// }
});
}
app.get('/auth/gitlab/callback', function(req, res) {
gitLabTest(res);
});
app.listen(3000)
//Connection
Authentication by group
Is it possible to allow a user not by specifying all users, but to allow login by group?
Problem after login
Hello,
I'm trying to integrate gitlab login in my application. I read the documentation, filled all the required credentials and added the callback endpoint but I think I'm missing something related with scopes because I get 401 although I set username: "ericzon" with permissions: ["*"]
Here is my basic setup:
const app = express();
console.log('Starting application...');
app.use('/',express.static('public'));
app.use(session({
secret: 'keyboard cat',
resave: false,
saveUninitialized: true
}))
const server = http.createServer(app);
app.use(passport.initialize());
app.use(passport.session());
passport.serializeUser((user, done) => {
done(null, user)
});
passport.deserializeUser(async (user, done) => {
console.log('deserialize > incoming user: ', user);
done(null, user);
});
const settings = {
httpAdminRoot:'/red',
httpNodeRoot: '/api',
userDir: path.join(__dirname, path.sep, 'userDir'),
functionGlobalContext: { }, // enables global context
adminAuth: require('./userDir/node_modules/node-red-auth-gitlab')({
clientID: "<MY_CLIENT_ID>",
clientSecret: "<MY_SECRET>",
baseURL: "http://localhost:3000",
gitlabURL: "https://gitlab.com/",
users: [
{ username: "ericzon", permissions: ["*"]}
]
})
};
RED.init(server, settings);
app.use(settings.httpAdminRoot, RED.httpAdmin);
app.use(settings.httpNodeRoot, RED.httpNode);
app.get('/auth/strategy/callback',
passport.authenticate('gitlab', {
failureRedirect: '/red-auth-failure'
}),
function(req, res) {
// Successful authentication, redirect home.
res.redirect('/red');
});
const PORT = process.env.PORT || 3000;
server.listen(PORT), () => {
console.log('Listening port ' + PORT);
};
I go through all the process of login against Gitlab, all seems ok but when I return to backoffice, settings request returns 401 and login appears:
I'm using node-red version: v1.0.6 in MACOS Mojave
P.S: just to give more details, if I add a log in deserializeUser I get:
{
username: 'ericzon',
permissions: [ '*' ],
tokens: {
accessToken: ... // a-valid-access-token,
expires_in: 604800
}
}
adding another log in @node-red/editor-api/lib/auth/index.js inside needsPermission method I can see that 401 is returned after failing settings.read
Thank you
User avatar is given in "avatarUrl" instead of "photos"
Unlike several other passport strategies (including passport-facebook, passport-github, and passport-twitter) that provide the user avatar in the profile object photos field, passport-gitlab2 uses avatarUrl instead.
Is there any reason for that? Would you accept a PR that change it?
read_user scope undocumented
From a discussion we know, that GitLab also does support a read_user scope. The documentation in README.md#how-do-i-change-permissions--scope-when-obtaining-a-user-profile does not reflect this, yet.
InternalOAuthError: Failed to fetch user profile
After I authorize the project to have Gitlab access I got this error:
Implementation:
middleware
passport.use(new gitlab.Strategy({
clientID: config.GITLAB.APPLICATION_ID,
clientSecret: config.GITLAB.SECRET,
callbackURL: "http://localhost:3000/auth/gitlab/callback"
}, (accessToken, refreshToken, profile, cb) => {
console.log(accesstoken)
return cb(null, profile)
}
))
auth route
passport.authenticate('gitlab', {
state: userId,
scope: ['api']
})
callback
router.get('/auth/gitlab/callback',
passport.authenticate('gitlab', {
failureRedirect: '/login'
}), gitlabCallback )
I have to mention that authentication was working until a couple of weeks ago, when I worked last time on the project and now this error occurred. Moreover, the code and the necessary tokens were not changed since implementation. It might be a change in Gitlab's api or am I am missing something?
call back is not invalid? why is localhost??
Authenticate stuck in loop
Hey,
i'm using sailsjs (latest 1.2.3)
When the gitlab action is called i get an infinite loop.
Action in my controller
gitlab: function (req, res, next) {
sails.log.info("Gitlab");
passport.authenticate('gitlab');
},
Strategy config
passport.use(new GitLabStrategy({
clientID: "CLIENT_ID",
clientSecret: "SECRET",
callbackURL: 'http://localhost:1337/auth/gitlab/callback',
baseURL: "https://gitlab.example.org/",
usernameField: 'username'
},
function (accessToken, refreshToken, profile, cb) {
sails.log.info(profile);
User.findOrCreate({gitlabId: profile.id}, function (err, user) {
return cb(err, user);
});
}
));
Can't get any debug information, only in the log output of sails.log.info shows up on each loop.
Any idea idea what is going wrong here?
https://gitlab.com/users/sign_in 503
Hey guys. I'm unsure if the library is still maintained, but I hope so.
After a simple setup, I keep being redirected to https://gitlab.com/users/sign_in with a 503 error.
- My client hits http://localhost:3000/auth/gitlab
- I get a 302 response https://gitlab.com/oauth/authorize?response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A3008%2Fauth%2Fgitlab%2Fcallback&scope=read_user&client_id=myClientId
- The previous request calls https://gitlab.com/users/sign_in and I get 503.
If I copy/paste the second step directly into the browser, it actually works. I'm not entirely sure why number 2 tries to call the sign_in URL, but it does.
Any help is highly appreciated.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.