Skip to content

Commit

Permalink
fix: Use discoveryURL when fetching third-party OIDC config (#2655)
Browse files Browse the repository at this point in the history 
When fetching the well-known configuration for an OIDC third-party auth provider, we used the issuerURL which is just the baseURL instead of the discoveryURL as seems intended. This caused Auth0 configurations to try to parse HTML instead of the correct configuration, and I suspect this is the case for all the other providers as well.

With this bugfix it should work as expected for at least Auth0.
  • Loading branch information
@dagingaa
dagingaa authored Sep 9, 2024
1 parent 8a50b02 commit 304a494
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion pkg/config/config.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1144,7 +1144,7 @@ func (a *auth) ResolveJWKS(ctx context.Context) (string, error) {

t := &http.Client{Timeout: 10 * time.Second}
client := fetcher.NewFetcher(
issuerURL,
discoveryURL,
fetcher.WithHTTPClient(t),
fetcher.WithExpectedStatus(http.StatusOK),
)
Expand Down

0 comments on commit 304a494

Please sign in to comment.