OAuth
OAuth (Open Authorization) is an authorization protocol allowing users to grant limited access to resources without sharing their credentials directly. To gain this access, a user authorizes a third-party application to access specific resources on their behalf; the application receives an access token that allows it to interact with those resources at a particular time and with specific permissions.
| Cloud | Egress IP | Connector |
|---|---|---|
| ✅ | Only for SaaS | Only for SaaS |
We recommend using this method as it is more secure and simple.
The following section describes how to add repositories via OAuth.
Add repositories via OAuth
You can connect directly to code service providers such as GitLab - GitHub - Bitbucket - Azure from the platform via OAuth (Open Authorization), which will allow us to connect Fluid Attacks' platform to the provider, where users authorize the flow of access and thus will be able to access all the repositories that you have in these.
Note: These are the four providers that support Fluid Attacks' platform.
We will now perform a step-by-step example using the GitLab provider.
The first step is to go to the Global Credentials view, where you can select the provider of your convenience that you want to authorize to connect to the platform.
When you click on it, you will be redirected to the provider's authorization page, where you will be asked to authorize the connection between Fluid Attacks' platform and your account. When you click on Authorize, the connection between these two services will be established.
When you authorize, you will be redirected to the platform to the Global Credentials view, where you can see the new credential created as OAuth.
Note: The service you select will no longer be shown in since the connection has already been made.
With this connection with your provider we will be able to access your organization and, with this, to all the repositories that you have there. It will take into account the repositories that have had activity in the last 60 days. To see the list of these, you can do it in the Outside section.
Note: The list of repositories that are listed in this view are repositories that are not associated with any group of that specific organization in the platform. To see these, you must wait about 30 minutes to 1 hour while the service connection is made.