We have an gitlab ce installation with an external oauth2 provider.
While users are able to authenticate via the oauth provider, we notice that all logins via this authentication method are logged in as 1 user.
I expect that it is due to an empty extern_uid field, because we see log entries in the gitlab application.log like:
“(OAuth) saving user myemail@example.com from login with extern_uid =>”
We have tried to read the uid (called “sub” by the oauth provider ) into the user attributes, but still the extern_uid stays empty. Any ideas?
It looks a bit like https://github.com/gitlabhq/gitlabhq/issues/9369 but we do not have any extern_uid reported in the logs
Kind regards
Bart
And of course the relevant configuration (with which we have experimented with placing the extern_uid an uid keys):
gitlab_rails[‘omniauth_enabled’] = true
gitlab_rails[‘omniauth_allow_single_sign_on’] = [‘oauth2_generic’]
gitlab_rails[‘omniauth_block_auto_created_users’] = true
gitlab_rails[‘omniauth_providers’] = [
{
‘name’ => ‘oauth2_generic’,
‘app_id’ => ‘ourappid’,
‘app_secret’ => ‘oursecret’,
‘args’ => {
client_options: {
‘site’ => ‘https://oauth.example.com/’, # including port if necessary
‘authorize_url’ => '/auth/,
‘user_info_url’ => ‘/auth/userinfo’,
‘token_url’ => ‘/auth/token’
},
user_response_structure: {
#root_path: [‘data’, ‘user’], # i.e. if attributes are returned in JsonAPI format (in a ‘user’ node nested under a ‘data’ node)
root_path: , # i.e. if attributes are returned in JsonAPI format (in a ‘user’ node nested under a ‘data’ node)
#id_path: ‘sub’,
attributes: { nickname: ‘email’, name: ‘name’, email: ‘email’, extern_uid: ‘sub’ } # if the nickname attribute of a user is called ‘username’
},
‘uid’: ‘sub’,
‘redirect_url’ => ‘http://gitlab1.example.com/users/auth/oauth2_generic/callback’,
# optionally, you can add the following two lines to “white label” the display name
# of this strategy (appears in urls and Gitlab login buttons)
# If you do this, you must also replace oauth2_generic, everywhere it appears above, with the new name.
strategy_class: “OmniAuth::Strategies::OAuth2Generic” # Devise-specific config option Gitlab uses to find renamed strategy
}
}
]