diff --git a/src/main/java/me/zhyd/oauth/enums/scope/AuthGitlabScope.java b/src/main/java/me/zhyd/oauth/enums/scope/AuthGitlabScope.java
new file mode 100644
index 0000000000000000000000000000000000000000..f07115680482a546413cb4806710614297317761
--- /dev/null
+++ b/src/main/java/me/zhyd/oauth/enums/scope/AuthGitlabScope.java
@@ -0,0 +1,56 @@
+package me.zhyd.oauth.enums.scope;
+
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+import java.util.stream.Collectors;
+
+/**
+ * Gitlab 平台 OAuth 授权范围
+ *
+ * @author yadong.zhang (yadong.zhang0415(a)gmail.com)
+ * @version 1.0.0
+ * @since 1.0.0
+ */
+@Getter
+@AllArgsConstructor
+public enum AuthGitlabScope implements AuthScope {
+
+ /**
+ * {@code scope} 含义,以{@code description} 为准
+ */
+ READ_USER("read_user", "Grants read-only access to the authenticated user's profile through the /user API endpoint, which includes username, public email, and full name. Also grants access to read-only API endpoints under /users.", true),
+ OPENID("openid", "Grants permission to authenticate with GitLab using OpenID Connect. Also gives read-only access to the user's profile and group memberships.", true),
+ PROFILE("profile", "Grants read-only access to the user's profile data using OpenID Connect.", true),
+ EMAIL("email", "Grants read-only access to the user's primary email address using OpenID Connect.", true),
+ READ_API("read_api", "Grants read access to the API, including all groups and projects, the container registry, and the package registry.", false),
+ READ_REPOSITORY("read_repository", "Grants read-only access to repositories on private projects using Git-over-HTTP or the Repository Files API.", false),
+ WRITE_REPOSITORY("write_repository", "Grants read-write access to repositories on private projects using Git-over-HTTP (not using the API).", false),
+ READ_REGISTRY("read_registry", "Grants read-only access to container registry images on private projects.", false),
+ WRITE_REGISTRY("write_registry", "Write Registry", false),
+ SUDO("sudo", "Grants permission to perform API actions as any user in the system, when authenticated as an admin user.", false),
+ API("api", "Grants complete read/write access to the API, including all groups and projects, the container registry, and the package registry.", false),
+ ;
+
+ private String scope;
+ private String description;
+ private boolean isDefault;
+
+ public static List getDefaultScopes() {
+ AuthGitlabScope[] scopes = AuthGitlabScope.values();
+ List defaultScopes = new ArrayList<>();
+ for (AuthGitlabScope scope : scopes) {
+ if (scope.isDefault()) {
+ defaultScopes.add(scope);
+ }
+ }
+ return defaultScopes;
+ }
+
+ public static List listScope() {
+ return Arrays.stream(AuthGitlabScope.values()).map(AuthGitlabScope::getScope).collect(Collectors.toList());
+ }
+}
diff --git a/src/main/java/me/zhyd/oauth/request/AuthGitlabRequest.java b/src/main/java/me/zhyd/oauth/request/AuthGitlabRequest.java
index f27e64594cb9d2d308685b1262caf668095bedb7..57e754e76a93cfd6df08d6b44f06ad6e0e96ca6e 100644
--- a/src/main/java/me/zhyd/oauth/request/AuthGitlabRequest.java
+++ b/src/main/java/me/zhyd/oauth/request/AuthGitlabRequest.java
@@ -5,6 +5,7 @@ import me.zhyd.oauth.cache.AuthStateCache;
import me.zhyd.oauth.config.AuthConfig;
import me.zhyd.oauth.config.AuthDefaultSource;
import me.zhyd.oauth.enums.AuthUserGender;
+import me.zhyd.oauth.enums.scope.AuthGitlabScope;
import me.zhyd.oauth.exception.AuthException;
import me.zhyd.oauth.model.AuthCallback;
import me.zhyd.oauth.model.AuthToken;
@@ -88,7 +89,7 @@ public class AuthGitlabRequest extends AuthDefaultRequest {
@Override
public String authorize(String state) {
return UrlBuilder.fromBaseUrl(super.authorize(state))
- .queryParam("scope", "read_user+openid+profile+email")
+ .queryParam("scope", this.getScopes("+", false, AuthGitlabScope.getDefaultScopes()))
.build();
}