Skip to content

OpenID/GitLab challenge options #2016

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Jun 9, 2016
Merged

OpenID/GitLab challenge options #2016

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 10 additions & 2 deletions install_config/configuring_authentication.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -991,7 +991,7 @@ oauthConfig:
...
identityProviders:
- name: gitlab <1>
challenge: false <2>
challenge: true <2>
login: true <3>
mappingMethod: claim <4>
provider:
Expand All @@ -1004,6 +1004,10 @@ oauthConfig:
----
<1> This provider name is prefixed to the GitLab numeric user ID to form an
identity name. It is also used to build the callback URL.
<2> When *true*, unauthenticated token requests from non-web clients (like
the CLI) are sent a `WWW-Authenticate` challenge header for this provider.
This uses the http://doc.gitlab.com/ce/api/oauth2.html#resource-owner-password-credentials[Resource Owner Password Credentials]
grant flow to obtain an access token from GitLab.
<2> *GitLabIdentityProvider* cannot be used to send `WWW-Authenticate`
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@liggitt Sorry for bothering you, but I found out that this commits added two callouts with the same number. I mean there was <2> already and another one was added. I can provide a fix for this if you told me how (merge, remove previous or something else). Thanks.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

just open a new PR with the fix

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Definitely will open but I don't understand how it should be fixed :(

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

open a PR removing the old <2> callout line

Copy link

@php-coder php-coder Aug 24, 2016
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, I added the fix: ed5304b

Thank you!

challenges.
<3> When *true*, unauthenticated token requests from web clients (like the web
Expand Down Expand Up @@ -1133,7 +1137,7 @@ oauthConfig:
...
identityProviders:
- name: my_openid_connect <1>
challenge: false <2>
challenge: true <2>
login: true <3>
mappingMethod: claim <4>
provider:
Expand All @@ -1156,6 +1160,10 @@ oauthConfig:
----
<1> This provider name is prefixed to the value of the identity claim to form an
identity name. It is also used to build the redirect URL.
<2> When *true*, unauthenticated token requests from non-web clients (like
the CLI) are sent a `WWW-Authenticate` challenge header for this provider.
This requires the OpenID provider to support the
https://tools.ietf.org/html/rfc6749#section-1.3.3[Resource Owner Password Credentials] grant flow.
<2> *OpenIDIdentityProvider* cannot be used to send `WWW-Authenticate`
challenges.
<3> When *true*, unauthenticated token requests from web clients (like the web
Expand Down