refactor: implement basic OAuth login to GitLab.com (!556) · Merge requests · GitLab.org / gitlab-vscode-extension

Tomas Vik requested to merge 560-oauth-login into main May 17, 2022

This MR implements the OAuth2 PKCE flow for GitLab.com.

The MR title is refactor: because commits with this message prefix don't show in CHANGELOG. And that's what we want because OAuth can't be enabled in the extension till we implement #561 (closed)

basic-oauth-flow

The implementation is roughly captured in the following sequence diagram:

sequenceDiagram
Authenticate command ->> GitLabAuthenticationProvider : createSession()
GitLabAuthenticationProvider ->> GitLabUriHandler : listen on vscode:// URLs
GitLabAuthenticationProvider ->> Browser : https://gitlab.com/oauth/authorize
Browser ->> GitLabUriHandler : open vscode://gitlab.gitlab-workflow/authentication
GitLabUriHandler ->> GitLabAuthenticationProvider : exchangeCodeForToken()
GitLabAuthenticationProvider ->> GitLab API : POST to https://gitlab.com/oauth/token
GitLab API ->> GitLabAuthenticationProvider : returns token
GitLabAuthenticationProvider ->> AccountService : store the token in a new account
GitLabAuthenticationProvider ->> Authenticate command : return VS Code session

The core part of the implementation is the GitLabAuthenticationProvider.getSession method which implements the PKCE flow.

The implementation conforms to the VS Code authentication API. The intended usage from this extension's perspective is to call:

await vscode.authentication.getSession('gitlab', ['api', 'read_user'], {
    createIfNone: true,
  });

from the "Authenticate" command. We don't care about the returned session because if there is a successful return, we know that our AccountService has got the new oauth account and the rest of the extension will work the same.

Related to #560 (closed)

Edited May 17, 2022 by Tomas Vik

refactor: implement basic OAuth login to GitLab.com

Merge request reports