Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #267 from DentonGentry/master
Add gitlab scope documentation
- Loading branch information
Showing
3 changed files
with
43 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,39 @@ | ||
| Scopes may be added to the GitLab OAuthenticator by overriding the | ||
| scope list, like so: | ||
|
|
||
| c.GitLabOAuthenticator.scope = ['read_user'] | ||
|
|
||
|
|
||
| The following scopes are implemented in GitLab 11.x: | ||
|
|
||
| `api`: Grants complete read/write access to the API, including all | ||
| groups and projects. If no other scope is requested, this is the default. | ||
| This is a *very* powerful set of permissions, it is recommended to limit | ||
| the scope of authentication to something other than API. | ||
|
|
||
| `read_user`: Grants read-only access to the authenticated user's | ||
| profile through the /user API endpoint, which includes username, | ||
| public email, and full name. Also grants access to read-only | ||
| API endpoints under /users. | ||
|
|
||
| `read_repository`: Grants read-only access to repositories on | ||
| private projects using Git-over-HTTP (not using the API). | ||
|
|
||
| `write_repository`: Grants read-write access to repositories | ||
| on private projects using Git-over-HTTP (not using the API). | ||
|
|
||
| `read_registry`: Grants read-only access to container registry | ||
| images on private projects. | ||
|
|
||
| `sudo`: Grants permission to perform API actions as any user | ||
| in the system, when authenticated as an admin user. | ||
|
|
||
| `openid`: Grants permission to authenticate with GitLab using | ||
| OpenID Connect. Also gives read-only access to the user's | ||
| profile and group memberships. | ||
|
|
||
| `profile`: Grants read-only access to the user's profile data | ||
| using OpenID Connect. | ||
|
|
||
| `email`: Grants read-only access to the user's primary email | ||
| address using OpenID Connect. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters