feat(auth): add GitLab OAuth2 provider support#264
Open
myml wants to merge 1 commit intoiflytek:mainfrom
Open
Conversation
|
|
Add GitLab as an additional OAuth2 authentication provider alongside GitHub. This includes: - GitLab OAuth2 client configuration with customizable base URL - GitLabClaimsExtractor for handling GitLab-specific user claims - Multi-provider login UI with provider-specific icons - Updated localization to use OAuth-agnostic terminology - JSON type annotation for IdentityBinding entity
This comment was marked as duplicate.
This comment was marked as duplicate.
Sorry, something went wrong.
wowo-zZ
requested changes
Apr 12, 2026
Collaborator
wowo-zZ
left a comment
wowo-zZ
left a comment
There was a problem hiding this comment.
整体实现清晰,测试覆盖到位。以下几个问题建议修复后再合并。
| gitlab: | ||
| client-id: ${OAUTH2_GITLAB_CLIENT_ID:placeholder} | ||
| client-secret: ${OAUTH2_GITLAB_CLIENT_SECRET:placeholder} | ||
| scope: read_user,email |
Collaborator
There was a problem hiding this comment.
scope 格式不一致
GitHub 已改为 YAML list 格式,但 GitLab 仍用逗号分隔字符串。Spring Security 对逗号分隔 scope 的处理可能因版本而异,建议统一为 list 格式:
scope:
- read_user
- email| * Determines the GitLab API base URL from the provider configuration. | ||
| * The user-info-uri is configured as ${OAUTH2_GITLAB_BASE_URI}/api/v4/user, | ||
| * so we simply remove the /user suffix to get the API base URL. | ||
| */ |
Collaborator
There was a problem hiding this comment.
replace("/user", "") 存在误替换风险
如果自建 GitLab 的域名或路径中包含 "user"(例如 https://gitlab.usercompany.com/api/v4/user),会被错误替换。
建议改为:
if (userInfoUri.endsWith("/user")) {
return userInfoUri.substring(0, userInfoUri.length() - "/user".length());
}
return userInfoUri;| return ( | ||
| <img | ||
| src="/github-logo.svg" | ||
| alt="GitHub" |
Collaborator
There was a problem hiding this comment.
未知 provider 默认返回 GitHub 图标
当前 fallback 是 GitHub logo,如果后续加入 Gitee 等其他 provider 会显示错误图标。建议 fallback 用一个通用登录图标,或者根据 provider name 动态匹配:
// 通用 fallback
return <LogIn className="w-5 h-5 mr-3" />或者让后端在 provider 列表中返回 icon URL,前端直接渲染。
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
What changed?
Why is this needed?
Add GitLab as an additional OAuth2 authentication provider
Validation
Commands run:
Risk
Notes