What would you like to be added?
I would like to implement the dedicated OpenIdConnectAuthProvider within the auth provider package. This feature should include dynamic endpoint discovery via the standard openid-configuration path, runtime schema validation of discovery documents using Zod, full integration with the existing PKCE-enabled OAuth flow and local callback server, and strict HTTPS enforcement for all authentication endpoints to maintain high security standards.
Why is this needed?
Currently, the openIdConnect provider type is unimplemented and throws an error, preventing Gemini CLI from connecting to agents that require OIDC. This enhancement is critical for enterprise adoption, as it allows Gemini CLI to securely interact with remote agents protected by corporate identity providers like Okta, Auth0, or Microsoft Entra ID.
Additional context
This feature resolves a pending TODO in the auth-provider factory. I have already verified the feasibility through manual smoke tests using real-world OIDC issuers.
What would you like to be added?
I would like to implement the dedicated OpenIdConnectAuthProvider within the auth provider package. This feature should include dynamic endpoint discovery via the standard openid-configuration path, runtime schema validation of discovery documents using Zod, full integration with the existing PKCE-enabled OAuth flow and local callback server, and strict HTTPS enforcement for all authentication endpoints to maintain high security standards.
Why is this needed?
Currently, the openIdConnect provider type is unimplemented and throws an error, preventing Gemini CLI from connecting to agents that require OIDC. This enhancement is critical for enterprise adoption, as it allows Gemini CLI to securely interact with remote agents protected by corporate identity providers like Okta, Auth0, or Microsoft Entra ID.
Additional context
This feature resolves a pending TODO in the auth-provider factory. I have already verified the feasibility through manual smoke tests using real-world OIDC issuers.