Login with GitLab

To enable GitLab Auth for your project, you need to set up a GitLab OAuth application and add the application credentials to your Supabase Dashboard.


Setting up GitLab logins for your application consists of 3 parts:

Access your GitLab account#

  • Go to gitlab.com.
  • Click on Login at the top right to log in.

GitLab Developer Portal.

Find your callback URL#

The next step requires a callback URL, which looks like this:


  • Go to your Supabase Project Dashboard.
  • Click on the Settings icon at the bottom of the left sidebar.
  • Click on API in the list.
  • Under Config / URL you'll find your API URL, you can click Copy to copy it to the clipboard.
  • Now just add /auth/v1/callback to the end of that to get your full OAuth Redirect URI.

Create your GitLab Application#

  • Click on your profile logo (avatar) in the top-right corner.
  • Select Edit profile.
  • In the left sidebar, select Applications.
  • Enter the name of the application.
  • In the Redirect URI box, type the callback URL of your app.
  • Check the box next to Confidential (make sure it is checked).
  • Check the scope named read_user (this is the only required scope).
  • Click Save Application at the bottom.
  • Copy and save your Application ID (client_id) and Secret (client_secret) which you'll need later.

Add your GitLab credentials into your Supabase Project#

  • Go to your Supabase Project Dashboard.
  • In the left sidebar, click the Authentication icon (near the top).
  • Click Settings from the list to go to the Authentication Settings page.
  • Enter the final (hosted) URL of your app under Site URL (this is important).
  • Under External OAuth Providers turn GitLab Enabled to ON.
  • Enter your client_id and client_secret saved in the previous step.
  • Click Save.

Add login code to your client app#

When your user signs in, call signInWithOAuth() with gitlab as the provider:

1async function signInWithGitLab() {
2  const { data, error } = await supabase.auth.signInWithOAuth({
3    provider: 'gitlab',
4  })

When your user signs out, call signOut() to remove them from the browser session and any objects from localStorage:

1async function signout() {
2  const { error } = await supabase.auth.signOut()