Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refine OAuth scopes for GitLab integration [ON HOLD] #3164

Closed
wants to merge 2 commits into from
Closed

Refine OAuth scopes for GitLab integration [ON HOLD] #3164

wants to merge 2 commits into from
+172 −161

Conversation

AlexTugarev
Copy link
Member

@AlexTugarev AlexTugarev commented Feb 10, 2021
edited
Loading

Resolves #1932

  • update scopes for OAuth App on preview environments and verify update paths
  • update scopes for OAuth App on gitpod.io
  • require only reading email address on signup
  • when starting a workspace on a repo, permission update should be requested if necessary.
  • when trying to push to a remote repo, permission update should be offered if missing scopes can be detected.

ON HOLD

Apparently, it's not possible to push with write_repository scope. While that scope works as intended for personal access tokens on gitlab.com, it does not with OAuth2 tokens. Cf. https://gitlab.com/gitlab-org/gitlab/-/issues/259254#note_506868732

Update I filed a bug report per request https://gitlab.com/gitlab-org/gitlab/-/issues/321359

Update I notified the GitLab team about closing this for now, https://gitlab.com/gitlab-org/gitlab/-/issues/259254#note_509064310

Sorry, something went wrong.

@AlexTugarev AlexTugarev added this to the February 2021 milestone Feb 10, 2021
@AlexTugarev
[gitlab] scopes refinement
4a8df47 
Signed-off-by: Alex Tugarev <alex@gitpod.io>
@AlexTugarev
[gitlab] fix missing scope requests for GitLab
d97cd0e 
Signed-off-by: Alex Tugarev <alex@gitpod.io>
@AlexTugarev
Copy link
Member Author

1. from the start, we're requesting minimal scopes to read user info (i.e. email)

Screen Shot 2021-02-11 at 09 34 18

2. when trying to start a workspace, you need to authorize for reading repositories and reading api

Screen Shot 2021-02-11 at 09 34 33

3. when trying to push changes, we request to grant permissions to write to repositories

Screen Shot 2021-02-11 at 09 35 32

Screen Shot 2021-02-11 at 09 35 53

@AlexTugarev AlexTugarev changed the title Refine OAuth scopes for GitLab integration Refine OAuth scopes for GitLab integration [ON HOLD] Feb 11, 2021
@AlexTugarev
Copy link
Member Author

AlexTugarev commented Feb 15, 2021
edited
Loading

Closing this for now, because it not useable as long as the underlying issue https://gitlab.com/gitlab-org/gitlab/-/issues/321359 isn't solved.

We can revise it in one of the coming iterations.

@schurteb
Copy link

schurteb commented Mar 7, 2023

Is there any update on this since https://gitlab.com/gitlab-org/gitlab/-/issues/321359 has been closed?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
February 2021
Development

Successfully merging this pull request may close these issues.

Revise permission scope acquisitions for GitLab
2 participants
@AlexTugarev @schurteb