Disable OAuth provider for external users
Problem to solve
Login to third party apps via OAuth provider is possible, even when a gitlab account is marked as external.
Intended users
Sidney (Systems Administrator)? GitLab Administrator
Further details
Gitlab has two very useful option, 1) to use GitLab as login for third party apps via OAuth ('User OAuth application' in general settings) and right next to it 2) 'new users set to external.'
So we use AD/LDAP Authentication to let in "internal" users which are member of our university, only those are allowed to start projects, etc.. And we want to use the in-built registration process, creating local account for all those users, that are not part of the university, but still want to comment, sent issues, etc. to public projects.
But then, we also use the OAuth provider for login, esp. for Mattermost. The culprit here is, anyone with a gitlab account can then log in to the mattermost service, and we want to restrict access to mattermost for university members only.
So a viable solution I see, is to disallow usage of the Oauth provider to external accounts. This might be reasonable im many more scenarios other than the one described here and might come in handy for others, too, so I'd like to ask this option to be added.
Proposal
Add an (sub-)option to settings->General->User OAuth application: "disallow this for external users", which does exactly that.