OpenID Connect Identity Support for PKCE Algorithm
Background and Problem to solve
As a developer, I want the GitLab Runner to sign my builds automatically so that I do not need to set up a private key store and do the signing myself.
The simplest way for the GitLab Runner to sign build artifacts by default involves using Fulcio and Cosign to generate a private signing key and to sign the builds for users automatically.
Fulcio allows a private signing key to be generated with an OIDC identity; however, they require the identity provider to support PKCE (see this comment for context).
Proposal
- GitLab OpenID Connect Identity will support the PKCE authentication workflow.
This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.