2 min read
Nextcloud Social Login with Gitlab
This example shows one way to configure GitLab as an OpenID Connect (OIDC) identity provider, so that only members a specific GitLab group are allowed to login.
In the example, the GitLab group is named hfmts
and the Nextcloud server is https://nextcloud.example.com
.
Setup GitLab
To make the login work with GitLab we need a GitLab application and a group. The GitLab application represents our Nextcloud application.
Open https://gitlab.com/oauth/applications and create a new application with these values:
Name: Name of Nextcloud
Redirect URI: https://cloud.example.com/apps/sociallogin/custom_oidc/gitlab
Condential: [ ]
Scopes: openid
Save the Application ID and the Secret to a notepad. We need it later.
Next create the GitLab group at https://gitlab.com/groups/new. Enter a valid name and also not the generated url path. This will be the group name that is referenced in the Nextcloud integration.
Setup Social Login
As we have our GitLab application and group, we are ready to setup the login integration in Nextcloud.
Open social login settings at https://nextcloud.example.com/settings/admin/sociallogin. Ensure the options are checked as follow:
This will ensure that user data is always up-to-date and only members of the GitLab group are allowed to login.
Next create a new Custom OpenID Connect entry by clicking on the +
next to it. Set these values
Internal name: gitlab
Title: GitLab
Authorize url: https://gitlab.com/oauth/authorize
Token url: https://gitlab.com/oauth/token
User info URL: https://gitlab.com/oauth/userinfo
Client Id: Copy from notepad
Client Secret: Copy from notepad
Scope: openid
Groups claim: groups
Button style: Gitlab
Default group: None
Group mapping: hfmts
<–> hfmts
On the left of the Group mapping option is the displayname of the GitLab group and on the right is the selected Nextcloud group. Create a separate Nextcloud group if not already done.
Click Save on the bottom of the settings page.
Test the login
To test the login integration proceed as followed:
- Log out of Nextcloud
- Click Log in with GitLab
Your are redirectred to GitLab.
- Sign into GitLab
- Authorize the application
You are redirected back to Nextcloud and are logged in.
Any group shares can be accessed immediately. This is a great way to work with external users which do not want have another account.
Categories: Identity and Access ManagementTags: gitlab , nextcloud , openid connect
Edit this page
Show statistic for this page