diff --git a/doc/administration/auth/oidc.md b/doc/administration/auth/oidc.md index e55f7dbb4df2268a05f74079cae71b5a0541e6c0..df4f22aa3e7483c70e95e4e64bae69533d7c3eeb 100644 --- a/doc/administration/auth/oidc.md +++ b/doc/administration/auth/oidc.md @@ -31,6 +31,7 @@ The OpenID Connect will provide you with a client details and secret for you to { 'name' => 'openid_connect', 'label' => '', 'args' => { + "name' => 'openid_connect', 'scope' => ['openid','profile'], 'response_type' => 'code', 'issuer' => '', @@ -53,6 +54,7 @@ The OpenID Connect will provide you with a client details and secret for you to - { name: 'openid_connect', label: '', args: { + name: 'openid_connect', scope: ['openid','profile'], response_type: 'code', issuer: '', @@ -103,3 +105,36 @@ On the sign in page, there should now be an OpenID Connect icon below the regula Click the icon to begin the authentication process. The OpenID Connect provider will ask the user to sign in and authorize the GitLab application (if confirmation required by the client). If everything goes well, the user will be redirected to GitLab and will be signed in. + +## Example configurations + +The following configurations illustrate how to set up OpenID with +different providers with Omnibus GitLab. + +### Google + +See the [Google +documentation](https://developers.google.com/identity/protocols/OpenIDConnect) +for more details: + +```ruby + gitlab_rails['omniauth_providers'] = [ + { + 'name' => 'openid_connect', + 'label' => 'Google OpenID', + 'args' => { + 'name' => 'openid_connect', + 'scope' => ['openid', 'profile', 'email'], + 'response_type' => 'code', + 'issuer' => 'https://accounts.google.com', + 'client_auth_method' => 'query', + 'discovery' => true, + 'uid_field' => 'preferred_username', + 'client_options' => { + 'identifier' => '', + 'secret' => '', + 'redirect_uri' => 'https://example.com/users/auth/openid_connect/callback', + } + } + } +```