Geo: Allow OAuth login to a secondary node at an alternate URL
What does this MR do?
Background
Logging into a Geo secondary requires OAuth authentication with the Geo primary. This works fine when you're browsing the secondary at its external_url
.
Problem
But say for example you put 2 Geo secondaries (with different external URLs, by nature, since each Geo node is basically an independent GitLab installation) behind a load balancer.
When you visit the load balancer URL at a path that needs you to be logged in, you go into the OAuth flow. You get redirected to the primary, passing along the callback URL you want to be redirected back to (which has the load balancer domain). But the primary doesn't allow redirects to a URL it doesn't know, so you can't do that currently.
Solution
Let admins add this load balancer URL so the primary knows it's safe to redirect you back there. Authentication continues, and you are able to log in at the load balancer URL.
Follow up
There's more work to do to make everything work well, but this issue and MR limits scope to unblocking authentication.
Screenshots
Desktop | Mobile | |
---|---|---|
Node Edit | ||
Node Details |
What are the relevant issue numbers?
Resolves https://gitlab.com/gitlab-org/gitlab-ee/issues/9142
Does this MR meet the acceptance criteria?
-
Changelog entry added, if necessary -
Documentation created/updated via this MR -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Tested in all supported browsers -
Conforms to the code review guidelines -
Conforms to the merge request performance guidelines -
Conforms to the style guides -
Conforms to the database guides - ~~Link to e2e tests MR added if this MR has Requires e2e tests label. See the Test Planning Process.~~
-
EE specific content should be in the top level /ee
folder -
For a paid feature, have we considered GitLab.com plans, how it works for groups, and is there a design for promoting it to users who aren't on the correct plan? -
Security reports checked/validated by reviewer