- Enable OIDC/OAuth in GitLab
- Test OIDC/OAuth with your client application
- Verify OIDC/OAuth authentication
To test OIDC/OAuth in GitLab, you must:
Before you can test OIDC/OAuth on GitLab, you’ll need the following:
- Publicly accessible GitLab instance
- A client application that you want to use to test OIDC/OAuth
- A user account on the GitLab instance that you can use to log in and test OIDC/OAuth
First, you must create OIDC/OAuth application on your GitLab instance. To do this:
- Sign in to GitLab as an administrator.
- Select Profile > Preferences > Applications.
- Fill in the details for your client application, including the name, redirect URI, and allowed scopes.
- Make sure the
openidscope is enabled.
- Select Save application to create the new OAuth application.
After you’ve created your OAuth application in GitLab, you can use it to test OIDC/OAuth:
- You can use https://openidconnect.net as the OIDC/OAuth playground.
- Sign out of GitLab.
- Visit your client application and initiate the OIDC/OAuth flow, using the GitLab OAuth application you created in the previous step.
- Follow the prompts to sign in to GitLab and authorize the client application to access your GitLab account.
- After you’ve completed the OIDC/OAuth flow, your client application should have received an access token that it can use to authenticate with GitLab.
To verify that OIDC/OAuth authentication is working correctly on GitLab, you can perform the following checks:
Check that the access token you received in the previous step is valid and can be used to authenticate with GitLab. You can do this by making a test API request to GitLab, using the access token to authenticate. For example:
curl --header "Authorization: Bearer <access_token>" https://mygitlabinstance.com/api/v4/user
<access_token>with the actual access token you received in the previous step. If the API request succeeds and returns information about the authenticated user, then OIDC/OAuth authentication is working correctly.
Check that the scopes you specified in your OAuth application are being enforced correctly. You can do this by making API requests that require the specific scopes and checking that they succeed or fail as expected.
That’s it! With these steps, you should be able to test OIDC/OAuth authentication on your GitLab instance using your client application.