picman
commented
1 year ago Thank you.
Closed timum-viw closed 1 year ago
picman
commented
1 year ago Thank you.
timum-viw
commented
1 year ago Thanks for merging!
Apparently I messed up my commits a bit and I also commited a changed GitLab scope. It was set to scope: 'read_user api read_api openid profile email' and I changed it to scope: 'read_user'. I thinks it is good practice to only ask for permissions, that are actually necessary and we are only using the user endpoint.
Sorry for mixing this up. If you don't like the change I guess it's an easy revert.
picman
commented
1 year ago I have nothing against reducing the amount of required information to the minimum. However, could you verify that read_user is enough to have the first name, family name, login and email from GitLab in case of self-registration?
timum-viw
commented
1 year ago According to the documentation at https://docs.gitlab.com/ee/integration/oauth_provider.html#view-all-authorized-applications
read_user Grants read-only access to the authenticated user’s profile through the /user API endpoint, which includes username, public email, and full name. Also grants access to read-only API endpoints under /users.
/user is the endpoint the plugin is using.
I can also confirm this to be working in our organisations setup.
picman
commented
1 year ago Then it is alright, I think.
There is a tiny Bug when changing the select dropdown to GitLab. If client_id, client_secret, etc fields have been hidden before, they stay invisible.
I am also hiding tenant_id for GitLab since it isn't used.
Thanks for the great plugin!