diff options
2 files changed, 4 insertions, 3 deletions
diff --git a/server/sonar-auth-gitlab/src/main/java/org/sonar/auth/gitlab/GitLabIdentityProvider.java b/server/sonar-auth-gitlab/src/main/java/org/sonar/auth/gitlab/GitLabIdentityProvider.java index fdd76dcd932..ebfa534c55c 100644 --- a/server/sonar-auth-gitlab/src/main/java/org/sonar/auth/gitlab/GitLabIdentityProvider.java +++ b/server/sonar-auth-gitlab/src/main/java/org/sonar/auth/gitlab/GitLabIdentityProvider.java @@ -43,6 +43,7 @@ public class GitLabIdentityProvider implements OAuth2IdentityProvider { public static final String API_SCOPE = "api"; public static final String READ_USER_SCOPE = "read_user"; + public static final String KEY = "gitlab"; private final GitLabSettings gitLabSettings; private final ScribeGitLabOauth2Api scribeApi; private final GitLabRestClient gitLabRestClient; @@ -55,7 +56,7 @@ public class GitLabIdentityProvider implements OAuth2IdentityProvider { @Override public String getKey() { - return "gitlab"; + return KEY; } @Override @@ -93,7 +94,7 @@ public class GitLabIdentityProvider implements OAuth2IdentityProvider { checkState(isEnabled(), "GitLab authentication is disabled"); return new ServiceBuilder(gitLabSettings.applicationId()) .apiSecret(gitLabSettings.secret()) - .defaultScope(API_SCOPE) + .defaultScope(gitLabSettings.syncUserGroups() ? API_SCOPE : READ_USER_SCOPE) .callback(context.getCallbackUrl()); } diff --git a/server/sonar-auth-gitlab/src/test/java/org/sonar/auth/gitlab/GitLabIdentityProviderTest.java b/server/sonar-auth-gitlab/src/test/java/org/sonar/auth/gitlab/GitLabIdentityProviderTest.java index 3371b3188a1..49399eb64e7 100644 --- a/server/sonar-auth-gitlab/src/test/java/org/sonar/auth/gitlab/GitLabIdentityProviderTest.java +++ b/server/sonar-auth-gitlab/src/test/java/org/sonar/auth/gitlab/GitLabIdentityProviderTest.java @@ -85,7 +85,7 @@ public class GitLabIdentityProviderTest { gitLabIdentityProvider.init(initContext); - verify(initContext).redirectTo("http://server/oauth/authorize?response_type=code&client_id=123&redirect_uri=http%3A%2F%2Fserver%2Fcallback&scope=api"); + verify(initContext).redirectTo("http://server/oauth/authorize?response_type=code&client_id=123&redirect_uri=http%3A%2F%2Fserver%2Fcallback&scope=read_user"); } @Test |