Fix OpenID Connect Endpoint Protocols

Overview

When visiting /.well-known/oauth-authorization-server on GDK, when SSL enabled. Many of the OAuth endpoints are mistakenly using http, instead of https which causes issues for clients that do not automatically redirect to secure counterparts.

Why

This happens because the OpenID Doorkeeper gem uses http by default in all Rails environments except production. Many GitLab team members run GDK using SSL, but in development, causing the issue we see here.

Implementation Plan

Use Gitlab.config.gitlab.protocol to override the value in config/initializers/doorkeeper_openid_connect.rb

Edited Jul 24, 2025 by Max Woolf