Skip to content

Add user OAUTH application authorisation audit event

Nate Rosandich requested to merge 514152-add-user-oauth-application-authorisation-audit-event into master

What does this MR do and why?

Add an audit event when an OAUTH application is authorized by a user.

References

Please include cross links to any resources that are relevant to this MR. This will give reviewers and future readers helpful context to give an efficient review of the changes introduced.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Audit-events--Admin-area--GitLab-02-05-2025_02_17_PM

How to set up and validate locally

On local GDK setup:

  • Go to User Settings-->Applications
  • Click on Add new application
  • Give application a desired name and add http://localhost:3000/auth/gitlab/callback as the redirect URI.
  • Choose openid and profile as scope.
  • Make a note of Application ID
  • Send a web-request to http://localhost:3000/oauth/authorize?client_id=<app-id>&redirect_uri=http://localhost:3000/auth/gitlab/callback&response_type=code&state=STATE&scope=profile
  • Check the Instance audit event logs in Admin -> Monitoring -> Audit Events.

Related to #514152 (closed)

Edited by Nate Rosandich

Merge request reports

OSZAR »