Skip to content

openid-configuration not using https host

Overview

While trying to test an OIDC feature, I am unable to add the GDK instance (via gitpod) to an authentication provider. The provider is unable to get the fingerprint from the server. The provider (AWS) requires an https endpoint. If I add gitlab.com there is no problem. Using GDK throws an error and I noticed a difference in the response.

gitlab.com returns HTTPS "authorization_endpoint":"https://gitlab.com/oauth/authorize" where GDK returns HTTP "authorization_endpoint":"http://3000-indigo-llama-g8i5x9pv.ws-us17.gitpod.io/oauth/authorize"

Is there a configuration for this?

Steps to replicate (optional)

$ curl https://gitlab.com/.well-known/openid-configuration
{"issuer":"https://gitlab.com","authorization_endpoint":"https://gitlab.com/oauth/authorize","token_endpoint":"https://gitlab.com/oauth/token","revocation_endpoint":"https://gitlab.com/oauth/revoke","introspection_endpoint":"https://gitlab.com/oauth/introspect","userinfo_endpoint":"https://gitlab.com/oauth/userinfo","jwks_uri":"https://gitlab.com/oauth/discovery/keys","scopes_supported":["api","read_user","read_api","read_repository","write_repository","read_registry","write_registry","sudo","openid","profile","email"],"response_types_supported":["code","token"],"response_modes_supported":["query","fragment"],"grant_types_supported":["authorization_code","implicit","password","client_credentials","refresh_token"],"token_endpoint_auth_methods_supported":["client_secret_basic","client_secret_post"],"subject_types_supported":["public"],"id_token_signing_alg_values_supported":["RS256"],"claim_types_supported":["normal"],"claims_supported":["iss","sub","aud","exp","iat","sub_legacy","name","nickname","email","email_verified","website","profile","picture","groups","groups_direct"]}
$
$
$
$ curl https://3000-indigo-llama-g8i5x9pv.ws-us17.gitpod.io/.well-known/openid-configuration
{"issuer":"https://3000-indigo-llama-g8i5x9pv.ws-us17.gitpod.io","authorization_endpoint":"http://3000-indigo-llama-g8i5x9pv.ws-us17.gitpod.io/oauth/authorize","token_endpoint":"http://3000-indigo-llama-g8i5x9pv.ws-us17.gitpod.io/oauth/token","revocation_endpoint":"http://3000-indigo-llama-g8i5x9pv.ws-us17.gitpod.io/oauth/revoke","introspection_endpoint":"http://3000-indigo-llama-g8i5x9pv.ws-us17.gitpod.io/oauth/introspect","userinfo_endpoint":"http://3000-indigo-llama-g8i5x9pv.ws-us17.gitpod.io/oauth/userinfo","jwks_uri":"http://3000-indigo-llama-g8i5x9pv.ws-us17.gitpod.io/oauth/discovery/keys","scopes_supported":["api","read_user","read_api","read_repository","write_repository","sudo","openid","profile","email"],"response_types_supported":["code","token"],"response_modes_supported":["query","fragment"],"grant_types_supported":["authorization_code","implicit","password","client_credentials","refresh_token"],"token_endpoint_auth_methods_supported":["client_secret_basic","client_secret_post"],"subject_types_supported":["public"],"id_token_signing_alg_values_supported":["RS256"],"claim_types_supported":["normal"],"claims_supported":["iss","sub","aud","exp","iat","sub_legacy","name","nickname","email","email_verified","website","profile","picture","groups","groups_direct"]}

Proposal (optional)

Environment (optional)

  • Operating system: gitpod
  • The contents of your gdk.yml default
  • Ruby version: <!-- output of ruby --version -->
  • GDK version: <!-- output of git rev-parse --short HEAD -->

MR: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/72555