[EE] Skip oAuth authorization for trusted applications (!2456) · Merge requests · GitLab.org / GitLab

Oswaldo Ferreira requested to merge skip-oauth-authorization-for-trusted-applications into master Jul 17, 2017

What does this MR do?

Enables admins to select an oAuth consumer application as trusted or not. Trusted applications doesn't have the Authorization click phase (this step is skipped).

Are there points in the code the reviewer needs to double check?

Security!
Will we provide such feature for self-hosted instances, or just GitLab.com?
Will this also be available for CE?

Why was this MR needed?

We need a way to skip this phase for customers logging-in through GitLab.com on customers.gitlab.com, as this shows as an unnecessary extra step (since customers.gitlab.com is a trusted application).

Does this MR meet the acceptance criteria?

Changelog entry added, if necessary
Documentation created/updated
API support added
Tests
- Added for this feature/bug
- All builds are passing
Conform by the merge request performance guides
Conform by the style guides
Branch has no merge conflicts with master (if it does - rebase it please)
Squashed related commits together

What are the relevant issue numbers?

https://gitlab.com/gitlab-com/customers-gitlab-com/issues/121

Edited Jul 27, 2017 by Robert Speicher

[EE] Skip oAuth authorization for trusted applications

What does this MR do?

Are there points in the code the reviewer needs to double check?

Why was this MR needed?

Does this MR meet the acceptance criteria?

What are the relevant issue numbers?

Merge request reports