OAuth2 Profile Auth Plugin
The OAuth2 Profile auth plugin connects systems that provide OAuth2 Authorization Code flow and a profile API, even when they are not OIDC issuers. It fits GitLab, GitHub, GitHub Enterprise, and internal OAuth2 profile APIs.
Highlights
- Provides
generic,gitlab, andgithubpresets for endpoint and profile field mapping. - Derives authorization, token, and profile URLs from the provider URL for GitLab and GitHub presets.
- Maps profile API subject, username, email, display name, and verified email fields into external identities.
- Health metadata reports endpoint resolution and whether client credentials are configured without leaking secret values.
Before Registration
- Prepare OAuth application client ID, client secret, and redirect URI.
- The generic preset also requires authorization URL, token URL, profile URL, subject field, and username field.
- When verified email is required, define
verified_email_fieldandrequire_verified_emailtogether.
Operations Tips
- Do not use this plugin for GitLab operational monitoring. It is login-only.
- Multiple GitLab or GitHub Enterprise instances can be registered, so keep provider names and namespaces explicit.
- If profile API fields change, inspect health check mapping metadata before troubleshooting RBAC.