From 3a52722ed4f828da7246b0bec55469d7b5da92ae Mon Sep 17 00:00:00 2001 From: Venktesh Date: Thu, 21 Nov 2024 11:27:04 +0000 Subject: [PATCH 1/2] update oidc.conf --- internal/configs/oidc/oidc.conf | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/internal/configs/oidc/oidc.conf b/internal/configs/oidc/oidc.conf index 7384e3b651..9d63e7d201 100644 --- a/internal/configs/oidc/oidc.conf +++ b/internal/configs/oidc/oidc.conf @@ -39,8 +39,7 @@ internal; proxy_ssl_server_name on; # For SNI to the IdP proxy_set_header Content-Type "application/x-www-form-urlencoded"; - proxy_set_body "grant_type=authorization_code&client_id=$oidc_client&$args&redirect_uri=$redirect_base$redir_location"; - proxy_method POST; + proxy_set_header Authorization $arg_secret_basic; proxy_pass $oidc_token_endpoint; } @@ -51,8 +50,7 @@ internal; proxy_ssl_server_name on; # For SNI to the IdP proxy_set_header Content-Type "application/x-www-form-urlencoded"; - proxy_set_body "grant_type=refresh_token&refresh_token=$arg_token&client_id=$oidc_client&client_secret=$oidc_client_secret"; - proxy_method POST; + proxy_set_header Authorization $arg_secret_basic; proxy_pass $oidc_token_endpoint; } From 49d9f56244f7eee94a1caa370cbf78aa002788bb Mon Sep 17 00:00:00 2001 From: Venktesh Date: Thu, 21 Nov 2024 12:18:17 +0000 Subject: [PATCH 2/2] update oidc_template --- internal/configs/version2/nginx-plus.virtualserver.tmpl | 1 + 1 file changed, 1 insertion(+) diff --git a/internal/configs/version2/nginx-plus.virtualserver.tmpl b/internal/configs/version2/nginx-plus.virtualserver.tmpl index 7b2977892f..06c9347328 100644 --- a/internal/configs/version2/nginx-plus.virtualserver.tmpl +++ b/internal/configs/version2/nginx-plus.virtualserver.tmpl @@ -90,6 +90,7 @@ server { include oidc/oidc.conf; set $oidc_pkce_enable 0; + set $oidc_client_auth_method "client_secret_post"; set $oidc_logout_redirect "{{ $oidc.PostLogoutRedirectURI }}"; set $oidc_hmac_key "{{ $s.VSName }}"; set $zone_sync_leeway {{ $oidc.ZoneSyncLeeway }};