CookbookSocial login
Add GitLab as a social login provider
Configure GitLab OAuth as an alternate login method
Step 1: Register GitLab OAuth App
GitLab.com → Edit profile → Applications → Add new application.
- Name: "Your App via Olympus"
- Redirect URI:
https://ciam.your-domain/self-service/methods/oidc/callback/gitlab - Scopes:
read_user,openid,profile,email - Confidential: yes
- Save. Note Application ID and Secret.
Step 2: Configure Kratos
selfservice:
methods:
oidc:
config:
providers:
- id: gitlab
provider: gitlab
client_id: <gitlab-application-id>
client_secret: <gitlab-secret>
scope: [openid, profile, email]
mapper_url: file:///etc/config/kratos/oidc.gitlab.jsonnetoidc.gitlab.jsonnet:
local claims = std.extVar('claims');
{
identity: {
traits: {
email: claims.email,
name: { first: claims.given_name, last: claims.family_name },
},
},
}Self-hosted GitLab
If using a self-hosted GitLab instance, override the discovery URL:
- id: gitlab
provider: gitlab
issuer_url: https://gitlab.your-corp.com
client_id: ...The issuer_url lets Kratos discover the right endpoints.