diff options
Diffstat (limited to 'doc/integration/openid_connect_provider.md')
-rw-r--r-- | doc/integration/openid_connect_provider.md | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/doc/integration/openid_connect_provider.md b/doc/integration/openid_connect_provider.md index dd65fb4822a..54d4a5b6bb7 100644 --- a/doc/integration/openid_connect_provider.md +++ b/doc/integration/openid_connect_provider.md @@ -33,6 +33,14 @@ Refer to the [OAuth guide](oauth_provider.md) for basic information on how to se applications in GitLab. To enable OIDC for an application, all you have to do is select the `openid` scope in the application settings. +## Settings discovery + +If your client allows importing OIDC settings from a discovery URL, you can use the following URL to automatically find the correct settings: + +```plaintext +https://gitlab.example.com/.well-known/openid-configuration +``` + ## Shared information The following user information is shared with clients: @@ -51,5 +59,8 @@ The following user information is shared with clients: | `picture` | `string` | URL for the user's GitLab avatar | `groups` | `array` | Paths for the groups the user is a member of, either directly or through an ancestor group. | `groups_direct` | `array` | Paths for the groups the user is a direct member of. +| `https://gitlab.org/claims/groups/owner` | `array` | Names of the groups the user is a direct member of with Owner role +| `https://gitlab.org/claims/groups/maintainer` | `array` | Names of the groups the user is a direct member of with Maintainer role +| `https://gitlab.org/claims/groups/developer` | `array` | Names of the groups the user is a direct member of with Developer role The claims `sub`, `sub_legacy`, `email`, `email_verified` and `groups_direct` are included in the ID token. All other claims are available from the `/oauth/userinfo` endpoint used by OIDC clients. |