Trouble fetching user info for omniauth using oauth2_generic

I want users to sign in through the omniauth provider oauth2_generic against a custom OAuth 2 server.

I was able to configure Gitlab so that it redirects to the authentication page using its app ID and secret. Using this authorization code, Gitlab then fetches an access token. When calling the url provided in user_info_url however, Gitlab does not provide the access token for authentication. So the user info page responds with the HTTP code 401 unauthorized and header www-authenticate: bearer realm="Service". As far as I understand OAuth, Gitlab should try again using the access token. Instead Gitlab presents the error message Could not authenticate you from XYZ because "[]".. So far, I did most of the debugging on the OAuth server… Is there any documentation on how Gitlab expects the user info page to behave? I.e. does it expect a specific realm for the www-authenticate header? What body does it expect to recieve in order to try again using the access token? [] is the body provided along the HTTP code 401. Can I check if Gitlab recieved the access token (so far, I only know that the OAuth server provided one)?

I have a very similar issue I have validated that gitlab is receiving my access_token and returning it to my oauth provider in the “authorization” header. But after this the oauth provider is returning all the information about the user that is necessary to create a new account but I only get the error “Signing in using you custom oauth account without a pre-existing gitlab account is not allowed. Create a gitlab account first, and the connect it to you custom oauth account”. Is there a location in the logging where i can find out more information about this error.

Here is my gitlab.rb file:

Settings

###! Docs: OmniAuth | GitLab

external_url ‘http://gitlab/gitlab

gitlab_rails[‘omniauth_block_auto_created_users’] = false
gitlab_rails[‘omniauth_allow_single_sign_on’] = [‘oauth2_generic’]
gitlab_rails[‘omniauth_providers’] = [{
‘name’ => ‘oauth2_generic’,
‘app_id’ => ‘e110b115-ee5c-4c2d-b2ee-fb41bc32f1a5’,
‘app_secret’ => ‘063587f8-c345-4c1e-81a2-872129a4ec56’,

‘args’ => {
client_options: {
‘authorize_url’ => ‘https://localhost/oauth/authorize’,
‘token_url’ => ‘http://oauth-container/oauth/token’,
‘user_info_url’ => ‘http://oauth-container/oauth/userinfo
},

user_response_structure: {
  id_path: ['email'],
  root_path: [],

  attributes: {
    nickname: 'username',
    email: 'email',
    name: 'name',
    image: 'avatar'
  },

  authorize_params: {
    scope: 'email profile openid'
  },

  approval_prompt: ""
},

redirect_url: 'https://localhost/gitlab/users/auth/CustomOauth/callback',
name: 'CustomOauth',
strategy_class: "OmniAuth::Strategies::OAuth2Generic"

}
}]