Add OpenID Connect OmniAuth support
What does this merge request do and why?
This commit adds support for enabling OpenID Connect as an OmniAuth provider (https://docs.gitlab.com/ee/administration/auth/oidc.html).
Since there are so many configuration options, just leave
the complexity to the args
hash.
How to set up and validate locally
- Choose your favorite provider (e.g. Google): https://docs.gitlab.com/ee/administration/auth/oidc.html
- Configure it (see
gdk.example.yml
as an enable). - Attempt to login/connect your account with that provider
Sample config:
omniauth:
openid_connect:
enabled: true
args:
name: "openid_connect"
scope: ["openid", "profile", "email"]
response_type: "code"
issuer: "https://accounts.google.com"
client_auth_method: "query"
discovery: true
uid_field: "preferred_username"
pkce: true
client_options:
identifier: "<YOUR OAUTH2 CLIENT ID>"
secret: "<YOUR OAUTH2 SECRET>"
redirect_uri: "https://localhost:3443/users/auth/openid_connect/callback"
Impacted categories
The following categories relate to this merge request:
-
gdk-reliability - e.g. When a GDK action fails to complete. -
gdk-usability - e.g. Improvements or suggestions around how the GDK functions. -
gdk-performance - e.g. When a GDK action is slow or times out.
Merge request checklist
-
This change is backward compatible. If not, please include steps to communicate to our users. -
Tests added for new functionality. If not, please raise an issue to follow-up. -
Documentation added/updated, if needed. -
Announcement added, if change is notable. -
gdk doctor
test added, if needed. -
Add the ~highlight
label if this MR should be included in theCHANGELOG.md
.
Edited by Stan Hu