Introduce a mechanism to have public OAuth clients across GitLab installations
While creating tools for Gitlab which are supposed to work across the GitLab installations, having a common OAuth Id will help the tools to switch between GitLab instances just using the instance URL.
Use cases include
- Gitlab CLI
- Gitlab IDE plugins
- Git Credential manager #374172
Alternatives
- Create a metadata endpoint which tools can use to fetch the OAuth id for the given public application
- Not standard compliant, and cause extra work for clients
Aspects to consider
From ~"group::authentication and authorization"
- Is this a secure way to authenticate?
- Should we have some kind of mechanism to avoid these default OAuth applications getting deleted by mistake?
From groupdistribution
- Is this a feasible method in all our active channels of distribution?
Edited by Aboobacker MK