Docker Omnibus gitlab "500 Internal Server Error" when using omniauth OpenID-Connect

I want to use openid connect to login gitlab, I can post the correct url to openid connect provider and get the code back, however, then the 500 error happend.

==> /var/log/gitlab/gitlab-workhorse/current <== {"correlation_id":"FT8dVCGXg92","duration_ms":231,"host":"192.168.1.2:8081","level":"info","method":"GET","msg":"access","proto":"HTTP/1.1","referrer":"","remote_addr":"127.0.0.1:0","remote_ip":"127.0.0.1","status":500,"system":"http","time":"2019-09-06T14:46:56+08:00","uri":"/users/auth/openid_connect/callback?state=205d1***********bcfa56a\u0026code=1effd7a9b82d4*******44c44321cea","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36","written_bytes":2926}

==> /var/log/gitlab/nginx/gitlab_access.log <==
10.240.173.74 - - [06/Sep/2019:14:46:56 +0800] "GET 
/users/auth/openid_connect/callback?state=205d17efc*******8babcfa56a&code=1effd7a*********321cea HTTP/1.1" 500 2926 "" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36"

==> /var/log/gitlab/gitlab-rails/production.log <==
Started GET "/users/auth/openid_connect/callback?state=205d17efcd***********abcfa56a&code=[FILTERED]" for 10.240.173.74 at 2019-09-06 14:46:55 +0800

JSON::JWK::Set::KidNotFound (JSON::JWK::Set::KidNotFound):

lib/gitlab/middleware/multipart.rb:103:in `call'
lib/gitlab/request_profiler/middleware.rb:17:in `call'
lib/gitlab/middleware/go.rb:20:in `call'
lib/gitlab/etag_caching/middleware.rb:13:in `call'
lib/gitlab/middleware/correlation_id.rb:16:in `block in call'
lib/gitlab/middleware/correlation_id.rb:15:in `call'
lib/gitlab/middleware/read_only/controller.rb:40:in `call'
lib/gitlab/middleware/read_only.rb:18:in `call'
lib/gitlab/middleware/basic_health_check.rb:25:in `call'
lib/gitlab/request_context.rb:26:in `call'
lib/gitlab/metrics/requests_rack_middleware.rb:29:in `call'
lib/gitlab/middleware/release_env.rb:12:in `call'

the config of omniauth openid-connect as below:

gitlab_rails['omniauth_enabled'] = true
gitlab_rails['omniauth_allow_single_sign_on'] = ['openid_connect']
gitlab_rails['omniauth_providers'] = [
  {
    "name" => "openid_connect",
    "label" => "test",
    "args" => {
      "name" => "openid_connect",
      "scope" => ['openid', 'nickname', 'email', 'fullname'],
      "response_type" => "code",
      "issuer" => "OpenID Connect provider Url",
      "discovery"=> true,
      "client_auth_method" => "query",
      "client_options" => {
        "identifier" => "576**********dfd84",
        "secret" => "7e22d33**********5dfd84",
        "redirect_uri" => "http://192.168.1.2:8081/users/auth/openid_connect/callback",
      }
    }
  }
]

It looks like JWK work wrong, but I don’t know why.

Ominibus gitlab run in docker and the version of gitlab is:

System:
Current User:	git
Using RVM:	no
Ruby Version:	2.6.3p62
Gem Version:	2.7.9
Bundler Version:1.17.3
Rake Version:	12.3.2
Redis Version:	3.2.12
Git Version:	2.22.0
Sidekiq Version:5.2.7
Go Version:	unknown

GitLab information
Version:	12.2.3
Revision:	13598699b0a
DB Adapter:	PostgreSQL
DB Version:	10.9
Using LDAP:	no
Using Omniauth:	yes 
Omniauth Providers: openid_connect