Skip to content

GitLab OIDC and id_token issuer do not match

Problem to solve

The issuer field is GitLab's OIDC configuration is not the same as the OIDC token generated iss. These should be the same.

Proposal

https://gitlab.com/gitlab-org/gitlab/-/blob/95596d816a1b2543fc6d1f2f8c1781975e149fce/lib/gitlab/ci/jwt_v2.rb#L28 , it should be Gitlab.config.gitlab.url as in config/initializers/doorkeeper_openid_connect.rb