GitLab
Authenticate with GitLab for repository, user, and API access via OAuth with PKCE.
Auth Model
User OAuth
Standard OAuth 2.0 authorization. A user grants consent and receives an access token. Authpipe handles refresh, rotation, and health monitoring automatically.
Connection Flow
// Get a valid credential — always fresh, zero latency const { credential } = await authpipe.getCredential({ provider: 'gitlab', tenantId: 'org_acme', userId: 'user_123', });
// Use the credential with the provider API const response = await fetch('https://api.example.com/data', { headers: { Authorization: `Bearer ${credential}` }, });
// Drop-in React component <ConnectButton provider="gitlab" onSuccess={(conn) => console.log('Connected!', conn)} />
Available Scopes
Permissions you can request when connecting to GitLab.
api Full read-write access to the API (includes all other scopes except sudo)
read_api Read-only access to the API (projects, groups, packages, registry)
read_user Read the authenticated user's profile information
read_repository Read access to repositories (clone via git)
write_repository Read and write access to repositories (push via git)
read_registry Read access to container registry images
write_registry Read and write access to container registry images
openid OpenID Connect authentication; access to the user's unique identifier
profile Read the user's profile data (name, username, avatar)
email Read the user's email address
sudo Perform API actions as any user in the system (admin only)
create_runner Create new CI/CD runners
k8s_proxy Access to the Kubernetes agent API
ai_features Access to GitLab AI features
What Authpipe handles for GitLab
OAuth Orchestration
PKCE, state validation, callback handling, and provider-specific quirks — all automatic.
Encrypted Vault
AES-256-GCM encryption with per-tenant key isolation. OAuth tokens, API keys, and webhook secrets — never exposed to the frontend.
Silent Refresh
Proactive token refresh before expiry. SDK returns from local cache with zero latency.
Health Monitoring
Scheduled checks detect revoked tokens and expired credentials before users notice.
More Developer Tools providers
Algolia
Search and manage indices through Algolia using Application ID and API key authentication.
Azure DevOps
Access Azure DevOps repositories, pipelines, work items, and builds via Microsoft identity platform OAuth.
Bitbucket
Access Bitbucket repositories, pull requests, and account data via OAuth.
Buildkite
Manage CI/CD pipelines and builds through Buildkite using API key authentication.
Ready to connect GitLab?
Get your first 100 connections free. Set up in minutes with our SDK.