Skip to content

OAuth2 Profile Auth Plugin

The OAuth2 Profile auth plugin connects systems that provide OAuth2 Authorization Code flow and a profile API, even when they are not OIDC issuers. It fits GitLab, GitHub, GitHub Enterprise, and internal OAuth2 profile APIs.

Highlights

  • Provides generic, gitlab, and github presets for endpoint and profile field mapping.
  • Derives authorization, token, and profile URLs from the provider URL for GitLab and GitHub presets.
  • Maps profile API subject, username, email, display name, and verified email fields into external identities.
  • Health metadata reports endpoint resolution and whether client credentials are configured without leaking secret values.

Before Registration

  • Prepare OAuth application client ID, client secret, and redirect URI.
  • The generic preset also requires authorization URL, token URL, profile URL, subject field, and username field.
  • When verified email is required, define verified_email_field and require_verified_email together.

Operations Tips

  • Do not use this plugin for GitLab operational monitoring. It is login-only.
  • Multiple GitLab or GitHub Enterprise instances can be registered, so keep provider names and namespaces explicit.
  • If profile API fields change, inspect health check mapping metadata before troubleshooting RBAC.