Today, we've configured dev.heptapod.net, the self-hosted development instance of Heptapod, for login and registration with BitBucket and GitHub accounts.
This makes it a breeze to register a new account and start filing issues, commenting on Merge Requests, etc.
Existing users have to activate the feature explicitely (see below).
one still needs to ask us for explicit permission grant in order to push topics and create Merge Requests.
A bit of background
OpenId Connect (OIDC) provides the ability to use a third party for authentication, and that's what we did today, with BitBucket and GitHub OIDC Providers.
All of this ships with GitLab Community Edition and is of course readily available within Heptapod, with no specific development on our side, because it's orthogonal to repository matters.
This is a good example of the benefits we were hoping to reap with our strategy to extend a fully integrated forge: repository support is actually but a tiny fraction of the GitLab code base. Furthermore, the official documentation is applicable to Heptapod.
The BitBucket importer also relies on OAuth 2.0, with a broader set of permissions to be able to fetch the repository content. We've been able to make it work with just minimal adjustments.
For new users
On the Sign in page, don't fill any form field, just click on the BitBucket or GitHub logo.
You will be redirected if needed to the chosen provider for authentication and to grant explicit permission to read your necessary account information. Once you've done it, that's it, you're registered and signed in.
Next time, you won't need to grant permission. You'll just have to authenticate with the SSO provider if needed.
you'll have to set a password if later on you want to push Mercurial changesets.
For existing users
As a mandatory step, you need to connect you Heptapod account to the wished external Provider account.
all SSO sign-in attempts from a Provider that has not been connected will result in a 422 error page.
In your personal Settings area, select the "Account" tool, scroll down go to "Social sign-in":
After clicking on the relevant "Connect" button, you'll be redirected to the chosen Provider for authentication if needed, and asked to grant explicit permission to access the necessary account information.
Once that has been done, you will be able to log in directly from the Heptapod sign-in page: don't fill any form field, just click on the appropriate Provider logo.
From now on, you won't need to grant the permission again. You'll just have to authenticate with the SSO provider if needed.