►
From YouTube: GitLab Auth Service PoC
Description
Grzegorz Bizon demos a simple Proof-of-Concept of how GitLab Auth Service could look like in theory. The main intent of delivering this PoC is to start a discussion about how our authentication approach could look like in the era of GitLab Cells and GitLab Dedicated.
A
A
And
today,
I
wanted
to
show
you
my
small
proof
of
concept
service
I've
been
working
on
recently,
it's
a
small
golang
based
reverse
proxy.
That
makes
it
possible
to
authenticate
users
into
separate,
fully
decoupled
instances
of
GitHub
like
gitlab
cells
or
maybe
GitHub
dedicated
instances.
This
is
just
a
you
know,
a
theoretical
service,
something
that
could
work
this
way
in
theory,
but
it's
not
production
ready.
So
let
me
just
show
you
how
it
works.
A
Let
me
show
you
my
screen
and
that's
where
you
can
find
the
code.
It's
a
public
project
on
gitlab.com.
So
if
you
have
questions
or
ideas
feel
free
to,
you
know,
comment
on
on
the
code
itself
or
just
timing
on
slack.
So,
let's,
let's
just
jump
in
and
I'll,
be
happy
to
show
you
how
it
works.
So
let
me
just
start
the
service
and
now,
let's
navigate.
A
To
the
gitlab
POC
domain,
as
you
can
see,
because
I'm
I'm
not
signed
in
in
anywhere
like
it's,
my
there's
I
have
a
global
identity
here
with
a
couple
of
organizations
assigned
and
I
just
got
immediately
redirected
the
first
organization,
and
there
are
multiple
organizations
assigned
to
my
GitHub
handle.
So
let
me
just
sign
in.
A
As
you
can
see,
that's
the
first
gitlab
instance
and
I
can
I
can
navigate
the
instance.
It's
using
the
organization
scoping
here.
So
when
I
now
I
can
go
to
the
second
one.
A
And,
as
you
can
see,
there's
a
second
project
here,
but
there's
no
first
project
right.
So
it's
a
different
instance
and
here
I
can
open
the
first
organization
and
you
will
see
that
there
is
no
second
project,
but
there's
only
the
first
one,
all
right
and
now
I
can
sign
out
of
the
first
organization
and
I
will
remind
remained
remain
signed
into
the
second
one.
A
So
under
hood
we
are
running
two
completely
subvert
GitHub
instances
you're
using
our
official
Docker
image,
that's
at
the
latest
release
and
there
are
no
application
changes
required
to
make
it
work.
A
And
now
the
service
itself
is
managing
the
sessions.
So
whenever
we
sign
in
into
the
organization
or
Excel,
the
service
is
going
to
store
the
session
in
the
global
identity
store.
And
then
whenever
we
want
to
open
an
organization,
then
the
correct
identity
is
going
to
be
forwarded
to
the
cell
or
GitHub
instance
that
the
user
wants
to
connect
to
yeah
and
that's
it
feel
free
to
reach
out.
If
you
have
questions
or
suggestions
yeah.
Thank
you,
foreign.