> ## Documentation Index
> Fetch the complete documentation index at: https://docs.heygarth.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# GitLab

> Register a GitLab OAuth application to enable GitLab sign-in for your on-prem Garth Assist deployment.

<Info>
  This page covers **on-prem (self-hosted)** setup. You register your own GitLab
  OAuth application so authentication runs against your GitLab instance. For the
  hosted SaaS integration, see [Setup → GitLab](https://app.heygarth.ai/settings/integrations).
</Info>

<Warning>
  You need permission to create an OAuth application in GitLab — under your
  **User Settings → Applications**, a **Group**, or the **Admin Area** depending
  on how you want to scope the app.
</Warning>

## Register the GitLab OAuth app

<Steps>
  <Step title="Open Applications">
    In GitLab, go to **Settings → Applications** and click **Add new application**.
  </Step>

  <Step title="Fill in the details">
    | Field            | Value                                                       |
    | ---------------- | ----------------------------------------------------------- |
    | **Name**         | `Garth Assist`                                              |
    | **Redirect URI** | `https://<dns-host>/api/garth-assist/oauth/gitlab/callback` |
    | **Confidential** | Enabled                                                     |

    <Tip>
      Replace `<dns-host>` with the DNS host of your on-prem Garth deployment —
      for example `https://app.heygarth.ai/api/garth-assist/oauth/gitlab/callback`.
    </Tip>
  </Step>

  <Step title="Select scopes">
    Grant the following scopes:

    | Scope              | Description                                                               |
    | ------------------ | ------------------------------------------------------------------------- |
    | `api`              | Access the API on your behalf                                             |
    | `read_api`         | Read API                                                                  |
    | `read_user`        | Read your personal information                                            |
    | `read_repository`  | Allows read-only access to the repository                                 |
    | `write_repository` | Allows read-write access to the repository                                |
    | `openid`           | Authenticate using OpenID Connect                                         |
    | `profile`          | Read-only access to the user's personal information using OpenID Connect  |
    | `email`            | Read-only access to the user's primary email address using OpenID Connect |
  </Step>

  <Step title="Save the application">
    Click **Save application**. GitLab shows the **Application ID** and **Secret**.

    <Warning>
      The secret is shown only once. Copy and store it securely before leaving
      the page.
    </Warning>
  </Step>
</Steps>

## Environment variables

Record the following values for your on-prem deployment:

| Environment variable   | Value                                     |
| ---------------------- | ----------------------------------------- |
| `GITLAB_CLIENT_ID`     | The **Application ID** shown after saving |
| `GITLAB_CLIENT_SECRET` | The **Secret** shown after saving         |
