Switch to upstream omniauth_openid_connect gem
What does this MR do and why?
We forked the original gem a while ago into to fix a number of issues and add a number of features (https://gitlab.com/gitlab-org/ruby/gems/gitlab-omniauth-openid-connect/-/merge_requests?scope=all&state=merged).
Since then we've upstreamed all the changes into the omniauth_openid_connect (https://github.com/omniauth/omniauth_openid_connect) repository. In addition, the upstream project has added PKCE support and has other contributors.
This commit locks the openid_connect gem to v1.3.0 since upgrading past that version pulls in an updated net-smtp, which cannot be used with Ruby 2.7 due to https://bugs.ruby-lang.org/issues/17761. See https://docs.gitlab.com/ee/development/emails.html#rationale for more details.
Relates to gitlab-org/ruby/gems/gitlab-omniauth-openid-connect#5 (closed)
How to set up and validate locally
- Check out gitlab-development-kit!2942 (merged) for GDK support of OIDC.
- Register an OAuth2 application (e.g. in Google): https://docs.gitlab.com/ee/administration/auth/oidc.html. FYI, Google only allows real top-level domains or private IPs/hosts such as
localhost
. - Enter in the OAuth2 client ID and secret in
client_options.identifier
andclient_options.secret
. - Log into your account, enter
-/profile/account
. - Click on
Connect OpenID Connect
. - Authenticate with Google.
- Sign out and log back in with
OpenID Connect
.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.