BitBucket and GitHub login and registration on dev.heptapod.net
Today, we've configured dev.heptapod.net, the self-hosted development instance of Heptapod, for login and registration with BitBucket and GitHub accounts.
This makes it a breeze to register a new account and start filing issues, commenting on Merge Requests, etc.
Existing users have to activate the feature explicitely (see below).
Note
one still needs to ask us for explicit permission grant in order to push topics and create Merge Requests.
A bit of background
It should not come as a surprise: GitLab has powerful single-sign-on (SSO) capabilities. It is able to perform as an OAuth 2.0 and OpenID Connect (OIDC) Provider as well as a Consumer.
OpenId Connect (OIDC) provides the ability to use a third party for authentication, and that's what we did today, with BitBucket and GitHub OIDC Providers.
All of this ships with GitLab Community Edition and is of course readily available within Heptapod, with no specific development on our side, because it's orthogonal to repository matters.
This is a good example of the benefits we were hoping to reap with our strategy to extend a fully integrated forge: repository support is actually but a tiny fraction of the GitLab code base. Furthermore, the official documentation is applicable to Heptapod.
The BitBucket importer also relies on OAuth 2.0, with a broader set of permissions to be able to fetch the repository content. We've been able to make it work with just minimal adjustments.
For new users
On the Sign in page, don't fill any form field, just click on the BitBucket or GitHub logo.
You will be redirected if needed to the chosen provider for authentication and to grant explicit permission to read your necessary account information. Once you've done it, that's it, you're registered and signed in.
Next time, you won't need to grant permission. You'll just have to authenticate with the SSO provider if needed.
Note
you'll have to set a password if later on you want to push Mercurial changesets.
For existing users
As a mandatory step, you need to connect you Heptapod account to the wished external Provider account.
Warning
all SSO sign-in attempts from a Provider that has not been connected will result in a 422 error page.
In your personal Settings area, select the "Account" tool, scroll down go to "Social sign-in":
After clicking on the relevant "Connect" button, you'll be redirected to the chosen Provider for authentication if needed, and asked to grant explicit permission to access the necessary account information.
Once that has been done, you will be able to log in directly from the Heptapod sign-in page: don't fill any form field, just click on the appropriate Provider logo.
From now on, you won't need to grant the permission again. You'll just have to authenticate with the SSO provider if needed.