Skip to content
Switch branches/tags
Go to file

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time

GitLab external user creator

This small app allows internal users to create new external users (introduced in GitLab 8.6). For example in our research group we want to invite external collaborators without the need to be a system administrator.

GitLab itself does not (not yet) allow for fine-grained administration permissions, but thanks to the REST API and the GitLab OAuth we can write small apps like this one to meet our needs.

Setup and installation


It is common to work in a Python virtualenv. There the basic steps to install all dependencies would be:

virtualenv venv
. ./venv/bin/activate
pip install -r requirements.txt


The app expects a file settings.cfg containing the following parameters.

Parameter Description
GITLAB_BASE Base URL to the GitLab installation (without the /api/v3 part)
GITLAB_CONSUMER_KEY Application Id provided by GitLab
GITLAB_CONSUMER_SECRET Secret provided by GitLab
GITLAB_ADMIN_TOKEN Private token of a GitLab administrator
CSRF_SECRET Some long string which will be used to secure the html forms
... More Flask parameters can also be provided in this configuration

An example configuration is provided in settings.example.cfg.

GitLab configuration

  1. Register the application for GitLab OAuth.
    1. In the GitLab Admin area, enter the Applications settings.
    2. Start a New Application with the corresponding button.
    3. Enter some name, e.g. "External User Creator".
    4. Enter the Redirect URI. This must be "DOMAIN/oauth-authorized", where DOMAIN depends on your installation. In development setups you can use "http://localhost:5000/oauth-authorized".
    5. Confirm and copy the Application Id and Secret generated by GitLab in your settings.cfg.
  2. Obtain an administrator private token.
    1. Login as an admin and navigate to Profile settings > Account. There you will find the Private token which is needed to create users via the API.

Launching the app

For development purposes one can use the built-in Flask/Werkzeug webserver:


For this setup the Redirect URI in the GitLab settings should contain something like http://localhost:5000/oauth-authorized.

In production it is adviced to use some production WSGI server. Read more on the Flask deployment documentation.


Example for a deployment on the same server running our local GitLab installation is in


Copyright on the application belongs to the Institute for Theoretical Physics, ETH Zurich.

This project ships copies of the Bootstrap framework and the jQuery library, which contain their own copyright.


Distributed under the Apache License, Version 2.0. (See accompanying file LICENSE.txt or copy at


Web app which allows internal users to create new external users.




No packages published