I’ve just configured GitLab Authentication for SonarQube 8.4 and am running GitLab 13.1.
When I hit the link to “Log in with GitLab”, I get:
### An error has occurred
The requested scope is invalid, unknown, or malformed.
As per instructions, I configured a “SonarQube” application from within GitLab’s admin section using:
Application: SonarQube
Application ID
[masked]
Secret
[masked]
Callback URL
http://[sonarqube base url]/oauth2/callback/gitlab
*note- haven’t switched sonarqube to https yet
Trusted Y
Confidential Y
Scopes
api (Access the authenticated user’s API)
The application ID and secret were then entered into the sonarqube side at admin > config > general > ALM > GitLab
I also checked “enabled” and entered our GitLab URL
I increased the scope of permissions granted to the sonarqube application within gitlab. Following this change, logging into sonarqube via gitlab authentication started working. This indicates that there is a bug in sonarqube’s documentation on the required api scope of this feature simply being API access (this is clearly not true).
The docs are actually correct about Scopes, although they seems to provide some confusion in term of wording as they starts from groups sync rather than authentication.
Under Scopes , select api if you plan to enable group synchronization. You can instead select read_user if you only plan to delegate authentication.
So if you wanted to enable authentication only you should have read_user scope only. If you additionally wanted groups sync you should add api scope additionally, which means you should have both scopes.
I have created a ticket on our side, to make that point clear in docs: SONAR-13616
@jacek.poreda I had granted the api scope initially and it didn’t work (This is what my original post says). After adding additional undocumented scopes, it worked. The sonar documentation seems to be wrong.