Auth is only configurable in the Enterprise version of BuildBuddy.
auth: The Auth section enables BuildBuddy authentication using an OpenID Connect provider that you specify. Optional
oauth_providers:A list of configured OAuth Providers.
issuer_url:The issuer URL of this OIDC Provider.
client_id:The oauth client ID.
client_secret:The oauth client secret.
enable_anonymous_usage:If true, unauthenticated build uploads will still be allowed but won't be associated with your organization.
If during your OpenID provider configuration you're asked to enter a Redirect URL, you should enter
https://YOUR_BUILDBUDDY_URL/auth/. For example if your BuildBuddy instance was hosted on
https://buildbuddy.acme.com, you'd enter
https://buildbuddy.acme.com/auth/ as your redirect url.
Google auth provider
If you'd like to use Google as an auth provider, you can easily obtain your client id and client secret here.
- issuer_url: "https://accounts.google.com"
Gitlab auth provider
You can use Gitlab as an OIDC identity provider for BuildBuddy. This feature is available for both Gitlab On-Prem Deployment and Gitlab SaaS offering.
For more details, please refer to Gitlab's latest Official Documentation
Note: Because Gitlab has yet to support refresh tokens, you need to configure BuildBuddy to not request the
offline_access scope from Gitlab:
- First, register an Application on Gitlab side:
- The Redirect URL should be
https://YOUR_BUILDBUDDY_URL/auth/, pointing to your existing BuildBuddydeployment.
- The scopes needed are
Once the Gitlab application is created, you can configure it as a BuildBuddy auth provider like so:
- issuer_url: "https://gitlab.com"
client_id: "<GITLAB APPLICATION ID>"
client_secret: "<GITLAB APPLICATION SECRET>"