Skip to main content

Auth Configuration

Auth is only configurable in the Enterprise version of BuildBuddy.

Section

auth: The Auth section enables BuildBuddy authentication using an OpenID Connect provider that you specify. Optional

Options

  • oauth_providers: A list of configured OAuth Providers.
    • issuer_url: The issuer URL of this OIDC Provider.
    • client_id: The oauth client ID.
    • client_secret: The oauth client secret.
  • enable_anonymous_usage: If true, unauthenticated build uploads will still be allowed but won't be associated with your organization.

Redirect URL

If during your OpenID provider configuration you're asked to enter a Redirect URL, you should enter https://YOUR_BUILDBUDDY_URL/auth/. For example if your BuildBuddy instance was hosted on https://buildbuddy.acme.com, you'd enter https://buildbuddy.acme.com/auth/ as your redirect url.

Google auth provider

If you'd like to use Google as an auth provider, you can easily obtain your client id and client secret here.

Example:

auth:
  oauth_providers:
    - issuer_url: "https://accounts.google.com"
      client_id: "12345678911-f1r0phjnhbabcdefm32etnia21keeg31.apps.googleusercontent.com"
      client_secret: "sEcRetKeYgOeShErE"

Gitlab auth provider

You can use Gitlab as an OIDC identity provider for BuildBuddy. This feature is available for both Gitlab On-Prem Deployment and Gitlab SaaS offering.

For more details, please refer to Gitlab's latest Official Documentation

Note: Because Gitlab has yet to support refresh tokens, you need to configure BuildBuddy to not request the offline_access scope from Gitlab:

auth:
  disable_refresh_token: true

Configuration:

Once the Gitlab application is created, you can configure it as a BuildBuddy auth provider like so:

auth:
  oauth_providers:
    - issuer_url: "https://gitlab.com"
      client_id: "<GITLAB APPLICATION ID>"
      client_secret: "<GITLAB APPLICATION SECRET>"