Gitlab

To validate Gitlab ID Tokens, add the gitlab issuer to the server’s configuration.

config.yaml

issuers:
  gitlab:
    issuer: https://gitlab.com
    jwks_uri: https://gitlab.com/oauth/discovery/keys

Claims

policy.rego

claims.sub = "project_path:org/repo:ref_type:branch:ref:main"
claims.ci_config_ref_uri = "gitlab.com/org/repo//.gitlab-ci.yml@refs/heads/main"
claims.ci_config_sha = "8fe1b322a576d59fe6257052a4107df7dc1b8c78"
claims.groups_direct = ["org", "org/subgroup"]
claims.job_id = "8222997048"
claims.namespace_id = "68413579"
claims.namespace_path = "org"
claims.pipeline_id = "1519139981"
claims.pipeline_source = "push"
claims.project_id = "46573356"
claims.project_path = "org/repo"
claims.project_visibility = "private"
claims.ref = "main"
claims.ref_path = "refs/heads/main"
claims.ref_protected = "true"
claims.ref_type = "branch"
claims.runner_environment = "gitlab-hosted"
claims.runner_id = 12270835
claims.sha = "8fe1b322a576d59fe6257052a4107df7dc1b8c78"
claims.user_access_level = "owner"
claims.user_email = "[email protected]"
claims.user_id = "184239"
claims.user_login = "user"

References

• Gitlab Docs - GitLab as OpenID Connect identity provider