With SSO for major services, it might actually be much easier to fork sso-github or similar, instead. Reason being there sometimes are npm packages that help you log in to these services.
Then you can really just change the require from github to gitlab, and hopefully it would just work.
Almost all of the time it actually won't be that easy, but it sure beats doing it from the sso-oauth base!
Since this topic was created such plugin was actually created by someone (Ben Lubar to be exact): https://github.com/BenLubar/nodebb-plugin-pwned-passwords
I'm posting it here mostly because I haven't seen it posted anywhere on this forum, so now it will be easier to find And also in case Duehok still wants it and didn't see that it exists.