2020-10-29 11:09:12 -04:00
---
2022-05-12 23:08:13 -04:00
stage: Manage
group: Authentication and Authorization
2020-11-26 01:09:20 -05:00
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
2020-10-29 11:09:12 -04:00
---
2021-09-28 05:11:19 -04:00
# Google OAuth 2.0 OmniAuth Provider **(FREE SELF)**
2014-04-02 23:11:25 -04:00
2021-08-26 17:11:25 -04:00
To enable the Google OAuth 2.0 OmniAuth provider you must register your application
2020-11-19 13:09:13 -05:00
with Google. Google generates a client ID and secret key for you to use.
2017-10-05 12:15:12 -04:00
2021-08-26 17:11:25 -04:00
## Enable Google OAuth
2017-10-05 12:15:12 -04:00
In Google's side:
1. Navigate to the [cloud resource manager ](https://console.cloud.google.com/cloud-resource-manager ) page
2017-10-06 08:41:43 -04:00
1. Select **Create Project**
2017-10-05 12:15:12 -04:00
1. Provide the project information:
2019-07-11 11:21:26 -04:00
- **Project name** - "GitLab" works just fine here.
- **Project ID** - Must be unique to all Google Developer registered applications.
Google provides a randomly generated Project ID by default. You can use
the randomly generated ID or choose a new one.
2017-10-05 12:15:12 -04:00
1. Refresh the page and you should see your new project in the list
1. Go to the [Google API Console ](https://console.developers.google.com/apis/dashboard )
2019-09-29 14:06:11 -04:00
1. Select the previously created project in the upper left corner
2017-10-06 08:41:43 -04:00
1. Select **Credentials** from the sidebar
1. Select **OAuth consent screen** and fill the form with the required information
1. In the **Credentials** tab, select **Create credentials > OAuth client ID**
2017-10-05 12:15:12 -04:00
1. Fill in the required information
2019-07-11 11:21:26 -04:00
- **Application type** - Choose "Web Application"
- **Name** - Use the default one or provide your own
- **Authorized JavaScript origins** -This isn't really used by GitLab but go
ahead and put `https://gitlab.example.com`
- **Authorized redirect URIs** - Enter your domain name followed by the
callback URIs one at a time:
2020-03-25 02:07:58 -04:00
```plaintext
2019-07-11 11:21:26 -04:00
https://gitlab.example.com/users/auth/google_oauth2/callback
https://gitlab.example.com/-/google_api/auth/callback
```
2014-04-24 18:48:22 -04:00
2017-10-06 08:41:43 -04:00
1. You should now be able to see a Client ID and Client secret. Note them down
2020-11-19 13:09:13 -05:00
or keep this page open as you need them later.
2021-10-08 20:12:30 -04:00
1. To enable projects to access [Google Kubernetes Engine ](../user/infrastructure/clusters/index.md ), you must also
2018-04-26 23:12:47 -04:00
enable these APIs:
- Google Kubernetes Engine API
- Cloud Resource Manager API
- Cloud Billing API
2014-04-24 18:48:22 -04:00
2021-08-26 17:11:25 -04:00
To do so you should:
2019-09-30 05:06:31 -04:00
1. Go to the [Google API Console ](https://console.developers.google.com/apis/dashboard ).
2022-05-25 11:08:05 -04:00
1. Select **ENABLE APIS AND SERVICES** at the top of the page.
2019-09-30 05:06:31 -04:00
1. Find each of the above APIs. On the page for the API, press the **ENABLE** button.
It may take a few minutes for the API to be fully functional.
2017-10-05 12:15:12 -04:00
On your GitLab server:
2014-04-24 18:48:22 -04:00
2017-10-05 12:15:12 -04:00
1. Open the configuration file.
2015-02-13 17:49:19 -05:00
2019-07-11 11:21:26 -04:00
For Omnibus GitLab:
2015-02-13 17:49:19 -05:00
2020-01-30 10:09:15 -05:00
```shell
2019-07-11 11:21:26 -04:00
sudo editor /etc/gitlab/gitlab.rb
```
2015-02-13 17:49:19 -05:00
2019-07-11 11:21:26 -04:00
For installations from source:
2014-04-24 18:48:22 -04:00
2020-01-30 10:09:15 -05:00
```shell
2019-07-11 11:21:26 -04:00
cd /home/git/gitlab
sudo -u git -H editor config/gitlab.yml
```
2014-04-24 18:48:22 -04:00
2021-11-09 13:13:13 -05:00
1. See [Configure initial settings ](omniauth.md#configure-initial-settings ) for initial settings.
2017-10-05 12:15:12 -04:00
1. Add the provider configuration:
2015-02-13 17:49:19 -05:00
2019-07-11 11:21:26 -04:00
For Omnibus GitLab:
2015-02-13 17:49:19 -05:00
2019-07-11 11:21:26 -04:00
```ruby
gitlab_rails['omniauth_providers'] = [
{
2021-11-19 04:13:48 -05:00
name: "google_oauth2",
# label: "Provider name", # optional label for login button, defaults to "Google"
app_id: "YOUR_APP_ID",
app_secret: "YOUR_APP_SECRET",
args: { access_type: "offline", approval_prompt: "" }
2019-07-11 11:21:26 -04:00
}
]
```
2014-04-24 18:48:22 -04:00
2019-07-11 11:21:26 -04:00
For installations from source:
2014-04-02 23:11:25 -04:00
2019-07-11 11:21:26 -04:00
```yaml
2020-10-02 02:08:27 -04:00
- { name: 'google_oauth2',
2021-11-19 04:13:48 -05:00
# label: 'Provider name', # optional label for login button, defaults to "Google"
2020-10-02 02:08:27 -04:00
app_id: 'YOUR_APP_ID',
app_secret: 'YOUR_APP_SECRET',
args: { access_type: 'offline', approval_prompt: '' } }
2019-07-11 11:21:26 -04:00
```
2014-04-02 23:11:25 -04:00
2017-10-05 12:15:12 -04:00
1. Change `YOUR_APP_ID` to the client ID from the Google Developer page
1. Similarly, change `YOUR_APP_SECRET` to the client secret
2021-08-26 17:11:25 -04:00
1. Make sure that you configure GitLab to use a fully-qualified domain name, as
Google doesn't accept raw IP addresses.
2017-06-08 07:51:44 -04:00
2019-07-11 11:21:26 -04:00
For Omnibus packages:
2017-06-08 07:51:44 -04:00
2019-07-11 11:21:26 -04:00
```ruby
external_url 'https://gitlab.example.com'
```
2017-06-08 07:51:44 -04:00
2019-07-11 11:21:26 -04:00
For installations from source:
2017-06-08 07:51:44 -04:00
2019-07-11 11:21:26 -04:00
```yaml
gitlab:
host: https://gitlab.example.com
```
2017-06-08 07:51:44 -04:00
2019-07-11 11:21:26 -04:00
1. Save the configuration file.
2021-08-26 17:11:25 -04:00
1. [Reconfigure ](../administration/restart_gitlab.md#omnibus-gitlab-reconfigure )
or [restart GitLab ](../administration/restart_gitlab.md#installations-from-source ) for
the changes to take effect if you installed GitLab via Omnibus or from source
respectively.
2014-04-02 23:11:25 -04:00
2017-10-05 12:15:12 -04:00
On the sign in page there should now be a Google icon below the regular sign in
2022-05-25 11:08:05 -04:00
form. Select the icon to begin the authentication process. Google asks the
2017-10-05 12:15:12 -04:00
user to sign in and authorize the GitLab application. If everything goes well
2020-11-19 13:09:13 -05:00
the user is returned to GitLab and is signed in.