Configure GitLab to Accept JWT from Header

The scenario I’m trying to solve for is this: I have GitLab running behind an identity-aware proxy which authenticates the user from an IdP before allowing access. The proxy can pass the identity to GitLab in the headers.

I need to configure GitLab to read that header, validate it against the jwks signing key provided by the auth server, and create/associate users based on the claims provided therein.
I’ve looked into the JWT Omniauth provider, but it doesn’t seem to be designed for this use case.

Any help would be appreciated.

We also have a discussion going on this topic on Pomerium’s (the identity-aware proxy in question) forum.

For anyone who finds this thread in the future, it looks like GitLab cannot be configured to accept a JWT from a HTTP header. This is a big disappointment for me. If this behavior changes in the future, I will (if I remember) update this thread.