Hello, I am attempting to set up OmniAuth with Google oauth2 on a CE I just stood up.
I have set the values to what should be correct -
### OmniAuth Settings
###! Docs: https://docs.gitlab.com/ee/integration/omniauth.html
gitlab_rails['omniauth_enabled'] = true
gitlab_rails['omniauth_allow_single_sign_on'] = ['google_oauth2']
gitlab_rails['omniauth_sync_email_from_provider'] = 'google_oauth2'
gitlab_rails['omniauth_sync_profile_from_provider'] = ['google_oauth2']
# gitlab_rails['omniauth_sync_profile_attributes'] = ['email']
gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'google_oauth2'
gitlab_rails['omniauth_block_auto_created_users'] = true
# gitlab_rails['omniauth_auto_link_ldap_user'] = false
# gitlab_rails['omniauth_auto_link_saml_user'] = true
gitlab_rails['omniauth_auto_link_user'] = ['google_oauth2']
# gitlab_rails['omniauth_external_providers'] = ['google_oauth2']
gitlab_rails['omniauth_allow_bypass_two_factor'] = ['google_oauth2']
gitlab_rails['omniauth_providers'] = [
{
"name" => "google_oauth2",
"label" => "Google Login",
"app_id" => "my apps clientID",
"app_secret" => "my apps secret",
"args" => { "access_type" => "offline", "approval_prompt" => ""}
}
]
gitlab_rails['omniauth_cas3_session_duration'] = 28800
gitlab_rails['omniauth_saml_message_max_byte_size'] = 250000
I have added the scopes for profile, email and openid to the consent screen in google cloud.
The request after selecting my google account hangs waiting on accounts.google.com
The logs show the following:
Started GET "/users/auth/google_oauth2/callback?state=bdb687e1d77da6d7693e48323178a01f1aaef2dda97ff0e3&code=[FILTERED]&scope=email+profile+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile+openid&authuser=0&prompt=consent" for 192.168.3.10 at 2022-11-27 03:34:24 +0000
Started GET "/-/metrics" for 127.0.0.1 at 2022-11-27 03:34:32 +0000
Processing by MetricsController#index as HTML
Completed 200 OK in 76ms (Views: 1.0ms | ActiveRecord: 0.0ms | Elasticsearch: 0.0ms | Allocations: 652)
Started GET "/help" for 127.0.0.1 at 2022-11-27 03:34:44 +0000
Processing by OmniauthCallbacksController#failure as HTML
Parameters: {"state"=>"bdb687e1d77da6d7693e48323178a01f1aaef2dda97ff0e3", "code"=>"[FILTERED]", "scope"=>"email profile https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile openid", "authuser"=>"0", "prompt"=>"consent"}
I have GitLab running in a docker container on a swarm, and the UI is reverse proxied through a single proxy.
web → fw/router → apache2 proxy → docker swarm → gitlab
I followed the oauth docs for general and google. Any help would be superb.