Providers such as OpenIDConnect ultimately leverage the rack-oauth2
gem which requires the client_auth_method value to be defined as a
symbol in order to correctly select the authorization method used.
Derivative providers that specify OmniAuth::Strategies::OpenIDConnect as
their strategy_class will also convert this value to a symbol.
Signed-off-by: Vincent Fazio <vfazio@xes-inc.com>
In https://gitlab.com/gitlab-org/gitlab-ce/issues/62208, users were
seeing 404 errors when they configured their OpenID provider without a
name parameter since OmniAuth would use the name `openidconnect` instead
`openid_connect`.
https://github.com/m0n9oose/omniauth_openid_connect/pull/23 makes the
default parameter `openid_connect` so this additional initializer in
GitLab is not necessary. Plus, this change enables users to use multiple
OpenID Connect providers if they desire.
If there is no name argument given, OmniAuth will try to guess the name
by the class name. In
https://github.com/omniauth/omniauth/blob/v1.9.0/lib/omniauth/strategy.rb#L139,
`OmniAuth::Strategies::OpenIDConnect` gets translated to
`openidconnect`.
This leads to an immediate 404 error after clicking the login button
because OmniAuth can't match the current route (/users/auth/openid_connect)
against the expected one (/users/auth/openidconnect).
Other providers, such as Google OAuth2, set this name as the default
option within the OmniAuth Strategy. Until a fix is merged upstream,
let's just set the parameter ourselves.
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/62208
In https://github.com/rails/rails/commit/83b767ce, Rails 5.1 removed
support for using a String to specify a middleware. When the
strategy_class argument is passed from the GitLab YAML config to Devise,
Devise passes the string value straight through to Rails, and GitLab
would crash with a NoMethodError inside ActionDispatch::MiddlewareStack.
To make this OmniAuth strategy work again, we normalize the arguments by
converting the strategy_class value into an actual Class.
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/62216