"glab auth login workflow changes" #12
Description
By profclems,
"I opened this issue #233 as a feature request to create better authentication between
glaband GitLab and also, dynamically create access token for users directly using their username and password.rnHowever, GitLab currently does not support creating an access token using the GitLab API. Access tokens can only be created on GitLab's web UI.rnThere is an [issue][1] on this. A [merge request][2] was created to resolve this but it was closed in favour of this comment:rnrn> It makes sense that this API is restricted to admin users, since it can be used by a malicious third-party application to preserve access even after a revoke:rn> rn> User gives token PAT-1 to applicationrn> Application accesses personal access tokens API to create token PAT-2rn> User revokes PAT-1rn> Application can still access the API using PAT-2rnrnGitLab also allows creating impersonation token but this operation is limited to only admins https://docs.gitlab.com/ce/api/users.html#create-an-impersonation-tokenrnrnFor this reason,glabwill only allow authentication via personal access tokens. The users are supposed to create the access token with these minimum scopes [api, write_repository]. GitLab docs on the scopes can be found [here][3]rnglabmust validate the token and ensure it has the minimum scopes.rnThe authentication flow usingglab auth logincommand changes to:rnshrn$ glab loginrn? Which instance do you want to log in? [Use arrows to move, type to filter]rn GitLab.comrn > GitLab Self Hostedrnrn# if self-hosted is selected, ask for hostnamernrn? Hostname: gitlab.example.comrn? Token: xxxxxrnrn- Verifying token ...rn✓ Authenticated successfullyrnrnrnSuggested Flagsrnshrn-h, --hostname The hostname of the GitLab instance to authenticate with. Will not be prompted for hosted if specifiedrn-w, --with-token Read token from standard inputrnrnrnrnReferences:rnhttps://gitlab.com/gitlab-org/gitlab/-/issues/17176rnhttps://gitlab.com/gitlab-org/gitlab/-/issues/17176#note_214950031rnhttps://gitlab.com/gitlab-org/gitlab/-/merge_requests/37703rnrn[1]: https://gitlab.com/gitlab-org/gitlab/-/issues/17176rn[2]: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/37703rn[3]: https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html#limiting-scopes-of-a-personal-access-token"Last updated: "2020-10-25T11:40:23.000Z"