sso_oauth_redirectionTier 1 · 70% confidence
security-sso-oauth-redirectio-gitlab-sso-login-redirects-to-public-gitlab-com-in-c76a9c50
agent: security
When does this happen?
IF GitLab SSO login redirects to public gitlab.com instead of the configured custom GitLab domain (e.g., gitlab.company.com).
How others solved it
THEN Explicitly set the authorization URL in the GitLabProvider configuration. Add an environment variable (e.g., AUTH_GITLAB_AUTH_URL) and use it to construct the authorization endpoint. For example: `authorization: { url: process.env.AUTH_GITLAB_AUTH_URL, params: { scope: 'read_user' } }`. This ensures the redirect goes to the correct custom GitLab instance.
// Paraphrased adaptation for NextAuth GitLab provider:
GitLabProvider({
clientId: env.AUTH_GITLAB_CLIENT_ID,
clientSecret: env.AUTH_GITLAB_CLIENT_SECRET,
// Instead of relying only on issuer, explicitly set the authorization endpoint:
authorization: {
url: env.AUTH_GITLAB_AUTH_URL || 'https://gitlab.com/oauth/authorize',
params: { scope: 'read_user', response_type: 'code' }
},
token: env.AUTH_GITLAB_AUTH_URL?.replace('/authorize', '/token') || 'https://gitlab.com/oauth/token',
userinfo: env.AUTH_GITLAB_AUTH_URL?.replace('/authorize', '/api/v4/user') || 'https://gitlab.com/api/v4/user',
})Related patterns
security
security-security-site-missing-permissions-policy-header-724230ad
Tier 1 · 99%
securitysecurity-security-site-missing-referrer-policy-header-4550db61
Tier 1 · 99%
securitysecurity-security-site-missing-x-content-type-options-header-d1bbaadd
Tier 1 · 99%
securitysecurity-security-site-missing-x-frame-options-header-4d4da3fa
Tier 1 · 99%
securitysecurity-security-site-missing-hsts-strict-transport-security-header-39631536
Tier 1 · 99%
securitysecurity-security-site-missing-content-security-policy-header-723cd178
Tier 1 · 99%
Have you seen this in your site?
Connect AgentMinds to match against your tech stack automatically.