Upgrade omniauth_openid_connect gem to our own fork

https://github.com/m0n9oose/omniauth_openid_connect has received a number of important pull requests over the last year with no comment from the maintainer. Since OpenID Connect (OIDC) is a crucial part of our supported authentication modes, we should maintain it. This forked gem lives in https://gitlab.com/gitlab-org/gitlab-omniauth-openid-connect. This fork fixes a number of items: - Fetch key from JWKS URI if available (for https://gitlab.com/gitlab-org/gitlab/-/issues/225850) - Fix handling of JWT without key ID (for https://gitlab.com/gitlab-org/gitlab/-/issues/326135, https://github.com/m0n9oose/omniauth_openid_connect/issues/72) Changelog: fixed

Upgrade omniauth_openid_connect gem to our own fork
https://github.com/m0n9oose/omniauth_openid_connect has received a number of important pull requests over the last year with no comment from the maintainer. Since OpenID Connect (OIDC) is a crucial part of our supported authentication modes, we should maintain it. This forked gem lives in https://gitlab.com/gitlab-org/gitlab-omniauth-openid-connect. This fork fixes a number of items: - Fetch key from JWKS URI if available (for https://gitlab.com/gitlab-org/gitlab/-/issues/225850) - Fix handling of JWT without key ID (for https://gitlab.com/gitlab-org/gitlab/-/issues/326135, https://github.com/m0n9oose/omniauth_openid_connect/issues/72) Changelog: fixed
db9704d0 · Stan Hu · 2fc93a86 · db9704d0 · db9704d0 · db9704d0
Commit db9704d0 authored Apr 23, 2021 by Stan Hu
Showing with 13 additions and 8 deletions

Gemfile Gemfile +1 -1

Gemfile.lock Gemfile.lock +7 -7

changelogs/unreleased/sh-upgrade-omniauth-openid-connect.yml changelogs/unreleased/sh-upgrade-omniauth-openid-connect.yml +5 -0

No files found.
--- a/Gemfile
+++ b/Gemfile
@@ -49,7 +49,7 @@ gem 'omniauth-shibboleth', '~> 1.3.0'
 gem 'omniauth-twitter', '~> 1.4'
 gem 'omniauth_crowd', '~> 2.4.0'
 gem 'omniauth-authentiq', '~> 0.3.3'
-gem 'omniauth_openid_connect', '~> 0.3.5'
+gem 'gitlab-omniauth-openid-connect', '~> 0.4.0', require: 'omniauth_openid_connect'
 gem 'omniauth-salesforce', '~> 1.0.5'
 gem 'omniauth-atlassian-oauth2', '~> 0.2.0'
 gem 'rack-oauth2', '~> 1.16.0'

--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -477,6 +477,10 @@ GEM
    gitlab-mail_room (0.0.9)
    gitlab-markup (1.7.1)
    gitlab-net-dns (0.9.1)
+    gitlab-omniauth-openid-connect (0.4.0)
+      addressable (~> 2.7)
+      omniauth (~> 1.9)
+      openid_connect (~> 1.2)
    gitlab-pry-byebug (3.9.0)
      byebug (~> 11.0)
      pry (~> 0.13.0)
@@ -874,12 +878,8 @@ GEM
      activesupport
      nokogiri (>= 1.4.4)
      omniauth (~> 1.0)
-    omniauth_openid_connect (0.3.5)
-      addressable (~> 2.5)
-      omniauth (~> 1.9)
-      openid_connect (~> 1.1)
    open4 (1.3.4)
-    openid_connect (1.1.8)
+    openid_connect (1.2.0)
      activemodel
      attr_required (>= 1.0.0)
      json-jwt (>= 1.5.0)
@@ -1232,7 +1232,7 @@ GEM
    state_machines-activerecord (0.8.0)
      activerecord (>= 5.1)
      state_machines-activemodel (>= 0.8.0)
-    swd (1.1.2)
+    swd (1.2.0)
      activesupport (>= 3)
      attr_required (>= 0.0.5)
      httpclient (>= 2.4)
@@ -1456,6 +1456,7 @@ DEPENDENCIES
  gitlab-mail_room (~> 0.0.9)
  gitlab-markup (~> 1.7.1)
  gitlab-net-dns (~> 0.9.1)
+  gitlab-omniauth-openid-connect (~> 0.4.0)
  gitlab-pry-byebug
  gitlab-sidekiq-fetcher (= 0.5.6)
  gitlab-styles (~> 6.2.0)
@@ -1540,7 +1541,6 @@ DEPENDENCIES
  omniauth-shibboleth (~> 1.3.0)
  omniauth-twitter (~> 1.4)
  omniauth_crowd (~> 2.4.0)
-  omniauth_openid_connect (~> 0.3.5)
  org-ruby (~> 0.9.12)
  parallel (~> 1.19)
  parslet (~> 1.8)

--- a/changelogs/unreleased/sh-upgrade-omniauth-openid-connect.yml
+++ b/changelogs/unreleased/sh-upgrade-omniauth-openid-connect.yml
+---
+title: Upgrade omniauth_openid_connect gem to our own fork
+merge_request: 60181
+author:
+type: fixed