diff --git a/Gemfile b/Gemfile
index 47506929b0..97a4841424 100644
--- a/Gemfile
+++ b/Gemfile
@@ -39,7 +39,7 @@ gem 'net-ldap', '~> 0.18'
 
 gem 'omniauth', '~> 2.0'
 gem 'omniauth-cas', '~> 3.0.0.beta.1'
-gem 'omniauth_openid_connect', '~> 0.6.1'
+gem 'omniauth_openid_connect', '~> 0.8.0'
 gem 'omniauth-rails_csrf_protection', '~> 1.0'
 gem 'omniauth-saml', '~> 2.0'
 
diff --git a/Gemfile.lock b/Gemfile.lock
index 1888485af0..7976c451dc 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -220,6 +220,8 @@ GEM
       htmlentities (~> 4.3.3)
       launchy (>= 2.1, < 4.0)
       mail (~> 2.7)
+    email_validator (2.2.4)
+      activemodel
     erubi (1.13.0)
     et-orbi (1.2.11)
       tzinfo
@@ -231,6 +233,8 @@ GEM
       faraday-net_http (>= 2.0, < 3.4)
       json
       logger
+    faraday-follow_redirects (0.3.0)
+      faraday (>= 1, < 3)
     faraday-httpclient (2.0.1)
       httpclient (>= 2.2)
     faraday-net_http (3.3.0)
@@ -332,11 +336,13 @@ GEM
     jmespath (1.6.2)
     json (2.7.4)
     json-canonicalization (1.0.0)
-    json-jwt (1.15.3.1)
+    json-jwt (1.16.7)
       activesupport (>= 4.2)
       aes_key_wrap
+      base64
       bindata
-      httpclient
+      faraday (~> 2.0)
+      faraday-follow_redirects
     json-ld (3.3.2)
       htmlentities (~> 4.3)
       json-canonicalization (~> 1.0)
@@ -447,20 +453,22 @@ GEM
     omniauth-saml (2.2.1)
       omniauth (~> 2.1)
       ruby-saml (~> 1.17)
-    omniauth_openid_connect (0.6.1)
+    omniauth_openid_connect (0.8.0)
       omniauth (>= 1.9, < 3)
-      openid_connect (~> 1.1)
-    openid_connect (1.4.2)
+      openid_connect (~> 2.2)
+    openid_connect (2.3.1)
       activemodel
       attr_required (>= 1.0.0)
-      json-jwt (>= 1.15.0)
-      net-smtp
-      rack-oauth2 (~> 1.21)
-      swd (~> 1.3)
+      email_validator
+      faraday (~> 2.0)
+      faraday-follow_redirects
+      json-jwt (>= 1.16)
+      mail
+      rack-oauth2 (~> 2.2)
+      swd (~> 2.0)
       tzinfo
-      validate_email
       validate_url
-      webfinger (~> 1.2)
+      webfinger (~> 2.0)
     openssl (3.2.0)
     openssl-signature_algorithm (1.3.0)
       openssl (> 2.0)
@@ -593,10 +601,11 @@ GEM
       rack (>= 1.0, < 4)
     rack-cors (2.0.2)
       rack (>= 2.0.0)
-    rack-oauth2 (1.21.3)
+    rack-oauth2 (2.2.1)
       activesupport
       attr_required
-      httpclient
+      faraday (~> 2.0)
+      faraday-follow_redirects
       json-jwt (>= 1.11.0)
       rack (>= 2.1.0)
     rack-protection (3.2.0)
@@ -797,10 +806,11 @@ GEM
     stringio (3.1.1)
     strong_migrations (2.0.2)
       activerecord (>= 6.1)
-    swd (1.3.0)
+    swd (2.0.3)
       activesupport (>= 3)
       attr_required (>= 0.0.5)
-      httpclient (>= 2.4)
+      faraday (~> 2.0)
+      faraday-follow_redirects
     sysexits (1.2.0)
     temple (0.10.3)
     terminal-table (3.0.2)
@@ -838,9 +848,6 @@ GEM
     unicode-display_width (2.6.0)
     uri (0.13.1)
     useragent (0.16.10)
-    validate_email (0.1.6)
-      activemodel (>= 3.0)
-      mail (>= 2.2.5)
     validate_url (1.0.15)
       activemodel (>= 3.0.0)
       public_suffix
@@ -855,9 +862,10 @@ GEM
       openssl (>= 2.2)
       safety_net_attestation (~> 0.4.0)
       tpm-key_attestation (~> 0.12.0)
-    webfinger (1.2.0)
+    webfinger (2.1.3)
       activesupport
-      httpclient (>= 2.4)
+      faraday (~> 2.0)
+      faraday-follow_redirects
     webmock (3.24.0)
       addressable (>= 2.8.0)
       crack (>= 0.3.2)
@@ -955,7 +963,7 @@ DEPENDENCIES
   omniauth-cas (~> 3.0.0.beta.1)
   omniauth-rails_csrf_protection (~> 1.0)
   omniauth-saml (~> 2.0)
-  omniauth_openid_connect (~> 0.6.1)
+  omniauth_openid_connect (~> 0.8.0)
   opentelemetry-api (~> 1.4.0)
   opentelemetry-exporter-otlp (~> 0.29.0)
   opentelemetry-instrumentation-active_job (~> 0.7.1)