feat: don't use openidconnect discovery url

formancehq · Dec 22, 2023 · e9b3f97 · e9b3f97
1 parent 562120a
commit e9b3f97
Showing 1 changed file with 8 additions and 9 deletions.
diff --git a/ee/gateway/pkg/plugins/auth.go b/ee/gateway/pkg/plugins/auth.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 	"net/http"
+	"os"
 	"strconv"
 	"strings"
 
@@ -15,7 +16,6 @@ import (
 	"github.com/caddyserver/caddy/v2/modules/caddyhttp"
 	"github.com/caddyserver/caddy/v2/modules/caddyhttp/caddyauth"
 	"github.com/hashicorp/go-retryablehttp"
-	"github.com/zitadel/oidc/v2/pkg/client"
 	"github.com/zitadel/oidc/v2/pkg/client/rp"
 	"github.com/zitadel/oidc/v2/pkg/oidc"
 	"github.com/zitadel/oidc/v2/pkg/op"
@@ -158,16 +158,15 @@ func (ja *JWTAuth) Authenticate(w http.ResponseWriter, r *http.Request) (caddyau
 // Helpers
 //------------------------------------------------------------------------------
 
-func (ja *JWTAuth) getAccessTokenVerifier(
-	ctx context.Context,
-) (op.AccessTokenVerifier, error) {
+func (ja *JWTAuth) getAccessTokenVerifier(ctx context.Context) (op.AccessTokenVerifier, error) {
 	if ja.accessTokenVerifier == nil {
-		discoveryConfiguration, err := client.Discover(ja.Issuer, ja.httpClient)
-		if err != nil {
-			return nil, err
-		}
+		//discoveryConfiguration, err := client.Discover(ja.Issuer, ja.httpClient)
+		//if err != nil {
+		//	return nil, err
+		//}
 
-		keySet := rp.NewRemoteKeySet(ja.httpClient, discoveryConfiguration.JwksURI)
+		// todo: ugly quick fix
+		keySet := rp.NewRemoteKeySet(ja.httpClient, fmt.Sprintf("http://auth:%d/keys", os.Getenv("AUTH_SERVICE_PORT")))
 
 		ja.accessTokenVerifier = op.NewAccessTokenVerifier(
 			ja.Issuer,