Add Implicit flow to OpenID Connect provider

Problem to solve

Allow users to authenticate with third-party applications using GitLab as an OpenID Connect provider, via the Implicit flow.

Intended users

Unknown

Further details

A React SPA that tries to authenticate users via GitLab's OpenID Connect endpoint will receive an error, as the id_token response type is not supported ("The authorization server does not support this response type.").

Proposal

According to the doorkeeper-openid_connect documentation implicit_oidc needs to be added to the grant_flows configuration:

https://gitlab.com/gitlab-org/gitlab/blob/master/config/initializers/doorkeeper.rb#L97

The grant_flows configuration currently contains authorization_code implicit password client_credentials.

Permissions and Security

Unknown

Testing

There may be security risks associated with this change.

What does success look like, and how can we measure that?

It should be possible to authenticate via https://gitlab.com/oauth/authorize?response_type=id_token&scope=openid&client_id=***&redirect_uri=***&state=***&nonce=***&context_uri=***