Set up social login with GitLab
The official Logto connector for GitLab social sign-in. Use GitLab as an OAuth 2.0 authentication identity provider.
This guide assumes you have basic understanding of Logto Connectors. For those unfamiliar, please refer to the Connectors guide to get started.
Get started
The GitLab connector enables end-users to sign in to your application using their own GitLab accounts via the GitLab OAuth 2.0 authentication protocol.
Sign in with GitLab account
Go to the GitLab website and sign in with your GitLab account. You may register a new account if you don't have one.
Create and configure OAuth app
Follow the creating a GitLab OAuth App guide, and register a new application.
Name your new OAuth application in Name and fill in Redirect URI of the app. Customize the Redirect URIs as ${your_logto_origin}/callback/${connector_id}. The connector_id can be found on the top bar of the Logto Admin Console connector details page.
On scopes, select openid. You may also want to enable profile and email. The profile scope is required to get the user's profile information, and the email scope is required to get the user's email address. Ensure you have allowed these scopes in your GitLab OAuth app if you want to use them. These scopes will also be used when configuring your connector later.
- If you use custom domains, add both the custom domain and the default Logto domain to the Redirect URIs to ensure the OAuth flow works correctly with both domains.
- If you encounter the error message "The redirect_uri MUST match the registered callback URL for this application." when logging in, try aligning the Redirect URI of your GitLab OAuth App and your Logto App's redirect URL (including the protocol) to resolve the issue.
Managing OAuth apps
Go to the Applications page on GitLab, where you can add, edit, or delete existing OAuth apps. You can also find the Application ID and generate Secret in the OAuth app detail pages.
Configure your connector
Fill out the clientId and clientSecret field with the Application ID and Secret you've got from the OAuth app detail pages mentioned in the previous section.
scope is a space-delimited list of scopes. If not provided, scope defaults to be openid. For GitLab connector, the scope you may want to use are openid, profile and email. profile scope is required to get the user's profile information, and email scope is required to get the user's email address. Ensure you have allowed these scopes in your GitLab OAuth app (configured in Create and configure OAuth app section).
Config types
| Name | Type |
|---|---|
| clientId | string |
| clientSecret | string |
| scope | string |
Test GitLab connector
That's it. The GitLab connector should be available now. Don't forget to Enable connector in sign-in experience.
References
GitLab - API DocumentationGitLab - OAuth Applications