GitLab Integration and JWT Headers

I’m working on the integration guide on the assumption that we’ll find a solution to the outstanding issue of configuring GitLab to accept the JWT provided in the header.

You can see the source in the pull request, or preview the guide here (this link will stop working once the guide is merged to the live site).

I’ve reached out to the GitLab community for help on their forum, and on the PR that added the JWT auth option.

I’m worried I might come off as spammish, but it seems like a wide net is required to pull in someone who knows how this tooling works.

So the unfortunate answer to this thread is that GitLab, as far as I can tell, cannot be configured to accept a JWT from a header.

I’ve finished the draft for the GitLab integration guide, and in it I documented the next best thing, configuring GitLab to use the same IdP so it can share the session cookie.

If GitLab (hopefully) ever updates their auth method in a sane manner I will update this thread.