From 304a494335cdda2d9574e320cf137c9c5136b47c Mon Sep 17 00:00:00 2001
From: Dag-Inge Aas <284996+dagingaa@users.noreply.github.com>
Date: Mon, 9 Sep 2024 18:08:41 +0200
Subject: [PATCH] fix: Use discoveryURL when fetching third-party OIDC config
 (#2655)

When fetching the well-known configuration for an OIDC third-party auth provider, we used the issuerURL which is just the baseURL instead of the discoveryURL as seems intended. This caused Auth0 configurations to try to parse HTML instead of the correct configuration, and I suspect this is the case for all the other providers as well.

With this bugfix it should work as expected for at least Auth0.
---
 pkg/config/config.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pkg/config/config.go b/pkg/config/config.go
index f7e4d85a6..3d3be2f27 100644
--- a/pkg/config/config.go
+++ b/pkg/config/config.go
@@ -1144,7 +1144,7 @@ func (a *auth) ResolveJWKS(ctx context.Context) (string, error) {
 
 		t := &http.Client{Timeout: 10 * time.Second}
 		client := fetcher.NewFetcher(
-			issuerURL,
+			discoveryURL,
 			fetcher.WithHTTPClient(t),
 			fetcher.WithExpectedStatus(http.StatusOK),
 		)