You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
-**Confidential**: `No` (required for device flow)
262
+
-**Redirect URI**: `https://your-mcp-server.com/oauth/callback` (required for Authorization Code Flow)
263
+
-**Confidential**: `No` (PKCE provides security without client secret)
264
264
-**Scopes**: Select `api` and `read_user`
265
265
3. Save and copy the **Application ID**
266
266
267
+
> **Note**: The redirect URI is used by Claude.ai Custom Connectors (Authorization Code Flow). CLI clients use Device Flow which doesn't require redirect URI.
268
+
267
269
#### Step 2: Configure gitlab-mcp Server
268
270
269
271
```bash
@@ -399,15 +401,28 @@ For GitLab instances on private networks (not internet-accessible):
399
401
| Security | Token in config | No tokens in config |
400
402
| Best for | Personal use, CI/CD | Teams, shared access |
401
403
404
+
### OAuth Flows
405
+
406
+
The server supports two OAuth flows automatically:
407
+
408
+
| Flow | Trigger | Used By | How It Works |
409
+
|------|---------|---------|--------------|
410
+
|**Authorization Code Flow**|`redirect_uri` present | Claude.ai Custom Connectors | Redirects to GitLab OAuth, then back to client |
411
+
|**Device Flow**| No `redirect_uri`| CLI clients, Claude Desktop | Shows device code page for manual entry |
412
+
413
+
The flow is selected automatically based on the presence of `redirect_uri` in the authorization request.
414
+
402
415
### OAuth Endpoints
403
416
404
417
When OAuth is enabled, the following endpoints are available:
405
418
406
419
| Endpoint | Method | Description |
407
420
|----------|--------|-------------|
408
421
|`/.well-known/oauth-authorization-server`| GET | OAuth metadata discovery |
409
-
|`/authorize`| GET | Start authorization (device flow) |
410
-
|`/oauth/poll`| GET | Poll for authorization completion |
422
+
|`/.well-known/oauth-protected-resource`| GET | Protected resource metadata (RFC 9470) |
423
+
|`/authorize`| GET | Start authorization (auto-selects flow) |
424
+
|`/oauth/callback`| GET | GitLab callback (Auth Code Flow only) |
425
+
|`/oauth/poll`| GET | Poll for completion (Device Flow only) |
0 commit comments