Arctic

GitLab

OAuth 2.0 provider for GitLab.

Also see the OAuth 2.0 guide.

Initialization

The baseURL parameter is the full URL where the GitLab instance is hosted. Use https://gitlab.com for managed servers. Pass the client secret for confidential clients.

import * as arctic from "arctic";

const baseURL = "https://gitlab.com";
const baseURL = "https://my-app.com/gitlab";
const gitlab = new arctic.GitLab(baseURL, clientId, clientSecret, redirectURI);
const gitlab = new arctic.GitLab(baseURL, clientId, null, redirectURI);

Create authorization URL

import * as arctic from "arctic";

const state = arctic.generateState();
const scopes = ["read_user", "profile"];
const url = gitlab.createAuthorizationURL(state, scopes);

Validate authorization code

validateAuthorizationCode() will either return an OAuth2Tokens, or throw one of OAuth2RequestError, ArcticFetchError, UnexpectedResponseError, or UnexpectedErrorResponseBodyError. GitLab returns an access token, the access token expiration, and a refresh token.

import * as arctic from "arctic";

try {
	const tokens = await gitlab.validateAuthorizationCode(code);
	const accessToken = tokens.accessToken();
	const accessTokenExpiresAt = tokens.accessTokenExpiresAt();
	const refreshToken = tokens.refreshToken();
} catch (e) {
	if (e instanceof arctic.OAuth2RequestError) {
		// Invalid authorization code, credentials, or redirect URI
		const code = e.code;
		// ...
	}
	if (e instanceof arctic.ArcticFetchError) {
		// Failed to call `fetch()`
		const cause = e.cause;
		// ...
	}
	// Parse error
}

Refresh access tokens

Use refreshAccessToken() to get a new access token using a refresh token. This method's behavior is identical to validateAuthorizationCode().

import * as arctic from "arctic";

try {
	const tokens = await gitlab.refreshAccessToken(refreshToken);
	const accessToken = tokens.accessToken();
	const accessTokenExpiresAt = tokens.accessTokenExpiresAt();
	const refreshToken = tokens.refreshToken();
} catch (e) {
	if (e instanceof arctic.OAuth2RequestError) {
		// Invalid authorization code, credentials, or redirect URI
	}
	if (e instanceof arctic.ArcticFetchError) {
		// Failed to call `fetch()`
	}
	// Parse error
}

Get user profile

Add the read_user scope and use the /user endpoint.

const scopes = ["read_user"];
const url = gitlab.createAuthorizationURL(state, scopes);

const response = await fetch("https://gitlab.com/api/v4/user", {
	headers: {
		Authorization: `Bearer ${accessToken}`
	}
});
const user = await response.json();

Revoke tokens

Use revokeToken() to revoke a token. This can throw the same errors as validateAuthorizationCode().

try {
	await gitlab.revokeToken(token);
} catch (e) {
	if (e instanceof arctic.OAuth2RequestError) {
		// Invalid authorization code, credentials, or redirect URI
	}
	if (e instanceof arctic.ArcticFetchError) {
		// Failed to call `fetch()`
	}
	// Parse error
}