feat: don't use openidconnect discovery url

components/operator/apis/stack/v1beta3/stack_types.go

@@ -207,7 +207,7 @@ func (s *Stack) GetScheme() string {
 }
 
 func (s *Stack) URL() string {
-	return fmt.Sprintf("%s://%s", s.GetScheme(), s.Spec.Host)
+	return "http://gateway:8000"
 }
 
 func (in *Stack) GetServiceNamespacedName(service string) types.NamespacedName {

ee/gateway/pkg/plugins/auth.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 	"net/http"
+	"os"
 	"strconv"
 	"strings"
 
@@ -15,7 +16,6 @@ import (
 	"github.com/caddyserver/caddy/v2/modules/caddyhttp"
 	"github.com/caddyserver/caddy/v2/modules/caddyhttp/caddyauth"
 	"github.com/hashicorp/go-retryablehttp"
-	"github.com/zitadel/oidc/v2/pkg/client"
 	"github.com/zitadel/oidc/v2/pkg/client/rp"
 	"github.com/zitadel/oidc/v2/pkg/oidc"
 	"github.com/zitadel/oidc/v2/pkg/op"
@@ -158,16 +158,19 @@ func (ja *JWTAuth) Authenticate(w http.ResponseWriter, r *http.Request) (caddyau
 // Helpers
 //------------------------------------------------------------------------------
 
-func (ja *JWTAuth) getAccessTokenVerifier(
-	ctx context.Context,
-) (op.AccessTokenVerifier, error) {
+func (ja *JWTAuth) getAccessTokenVerifier(ctx context.Context) (op.AccessTokenVerifier, error) {
 	if ja.accessTokenVerifier == nil {
-		discoveryConfiguration, err := client.Discover(ja.Issuer, ja.httpClient)
-		if err != nil {
-			return nil, err
+		//discoveryConfiguration, err := client.Discover(ja.Issuer, ja.httpClient)
+		//if err != nil {
+		//	return nil, err
+		//}
+
+		// todo: ugly quick fix
+		authServicePort := "8080"
+		if fromEnv := os.Getenv("AUTH_SERVICE_PORT"); fromEnv != "" {
+			authServicePort = fromEnv
 		}
-
-		keySet := rp.NewRemoteKeySet(ja.httpClient, discoveryConfiguration.JwksURI)
+		keySet := rp.NewRemoteKeySet(ja.httpClient, fmt.Sprintf("http://auth:%s/keys", authServicePort))
 
 		ja.accessTokenVerifier = op.NewAccessTokenVerifier(
 			ja.Issuer,