Add configurable option for bypass_two_factor of oauth
Problem to solve
bypass_two_factor in oauth is hard coded as false now. Some oauth method has already required two-factor, user has to do two-factor auth again....
Target audience
Software Developer or Community, if this proposal is acceptable, I can create a merge request for this also.
Further details
Proposal
What does success look like, and how can we measure that?
Add a key bypass_two_factor under config gitlab_rails['omniauth_providers'] like this:
gitlab_rails['omniauth_enabled'] = true
gitlab_rails['omniauth_allow_single_sign_on'] = ['oauth2_generic']
gitlab_rails['omniauth_block_auto_created_users'] = true
gitlab_rails['omniauth_providers'] = [
{
'name' => 'oauth2_generic',
'bypass_two_factor' => true,
'app_id' => 'gitlab',
'app_secret' => '9zQf3mvqe8LnN9',
'args' => {
client_options: {
'site' => 'http://oauth.example.com/', # including port if necessary
'user_info_url' => '/gitlab/user'
},
user_response_structure: {
#root_path: ['data', 'user'], # i.e. if attributes are returned in JsonAPI format (in a 'user' node nested under a 'data' node)
#attributes: { nickname: 'username' } # if the nickname attribute of a user is called 'username'
},
# optionally, you can add the following two lines to "white label" the display name
# of this strategy (appears in urls and Gitlab login buttons)
# If you do this, you must also replace oauth2_generic, everywhere it appears above, with the new name.
name: 'OAuth', # display name for this strategy
strategy_class: "OmniAuth::Strategies::OAuth2Generic" # Devise-specific config option Gitlab uses to find renamed strategy
}
}
]