Resolve "Bug: .well-known/oauth-protected-resource returns resource as an array (violates RFC 9728)"

Jimmy Apokatanidisrequested to merge
588661-fix-well-known-oauth-response into master

What does this MR do and why?

Fix the response for .well-known/oauth-protected-resource to return resource as URL string instead of an array.

References

https://gitlab.com/gitlab-org/gitlab/-/work_items/588661

Screenshots or screen recordings

Before After
before1.png after1.png
before2.png after2.png
before3.png after3.png

How to set up and validate locally

  1. Using curl or a REST Client, call http://localhost:3000/.well-known/oauth-protected-resource
  2. Observe resource in the response
  3. Clone and checkout this branch
  4. Using curl or a REST Client, call http://localhost:3000/.well-known/oauth-protected-resource
  5. Observe resource in the response

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #588661 Closes https://gitlab.com/gitlab-org/gitlab/-/work_items/588661

Edited by Diana Zubova

Merge request reports