Prototype of authentication settings in GitLab admin area

Dev: https://dev.gitlab.org/gitlab/gitlabhq/issues/1961

Resources

UX @hazelyang

Problem

Right now we have OAuth settings in gitlab.yml file as array of hashes. It is harder to maintain and easy to make mistake. We dont have any validation on this side so application will just crash if you put something wrong or silently will not work. Since OAuth is important part of GitLab and we want more people to migrate from GitHub it should be easy to configure and use.

Proposal

We can have OAuth settings configurable in admin area of GitLab. It will give us next advantages:

  • validate settings like URL
  • no place for syntax error in compare to config
  • we can provide test button so user can try newly configured OAuth
  • easy to use: UI with only text fields for user input
  • changes works immediately after save button

How to start

  • Move OAuth providers to UI
  • Make sure omniauth gem works with dynamic settings
  • Make migration from settings to DB

Implementation

  • BaseAuth model with serialized properties
  • Inherit from it
  • ApplicationSettings.has_one :github_auth....

Providers to move

  • GitHub
  • GitLab
  • Twitter
  • Google
  • Kerberos
  • Shibolleth

Custom providers that are not supporter by GitLab can be contributed

Milestone

7.9 or 7.10?

Preparations

  • test kerberos server

Resources

1 Developer for 2-3 weeks in one milestone

Commit with UI prototype - gitlab-ce@55bf5028c54e1fa8229ef7b61fe88e4db189df90

Branch - https://dev.gitlab.org/gitlab/gitlabhq/commits/admin-auth

Screnshot (ignore ldap tab):

admin-auth

cc @Sytse @valery @dzaporozhets

Edited by 🤖 GitLab Bot 🤖