From e892113cc00a010490492def7f128bfb5c15b8de Mon Sep 17 00:00:00 2001
From: hackerman <3372410+aeneasr@users.noreply.github.com>
Date: Wed, 4 Jan 2023 13:15:30 +0100
Subject: [PATCH] fix: set accept header for GitLab (#2998)

---
 selfservice/strategy/oidc/provider_gitlab.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/selfservice/strategy/oidc/provider_gitlab.go b/selfservice/strategy/oidc/provider_gitlab.go
index 8526e72fbd3..ee6338ea37d 100644
--- a/selfservice/strategy/oidc/provider_gitlab.go
+++ b/selfservice/strategy/oidc/provider_gitlab.go
@@ -6,6 +6,7 @@ package oidc
 import (
 	"context"
 	"encoding/json"
+	"net/http"
 	"net/url"
 	"path"
 
@@ -85,12 +86,17 @@ func (g *ProviderGitLab) Claims(ctx context.Context, exchange *oauth2.Token, que
 		return nil, errors.WithStack(herodot.ErrInternalServerError.WithReasonf("%s", err))
 	}
 
+	req.Header.Set("Accept", "application/json")
 	resp, err := client.Do(req)
 	if err != nil {
 		return nil, errors.WithStack(herodot.ErrInternalServerError.WithReasonf("%s", err))
 	}
 	defer resp.Body.Close()
 
+	if resp.StatusCode != http.StatusOK {
+		return nil, errors.WithStack(herodot.ErrInternalServerError.WithReasonf("Expected the GitLab userinfo endpoint to return a 200 OK response but got %d instead.", resp.StatusCode))
+	}
+
 	var claims Claims
 	if err := json.NewDecoder(resp.Body).Decode(&claims); err != nil {
 		return nil, errors.WithStack(herodot.ErrInternalServerError.WithReasonf("%s", err))