From 1357d783de4e182c57d227fdae286717297f30aa Mon Sep 17 00:00:00 2001
From: Brad Stein <Brad.Stein@gmail.com>
Date: Fri, 19 Dec 2025 17:36:56 -0300
Subject: [PATCH] jenkins: fix oidc with wellknown config

---
 services/jenkins/helmrelease.yaml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/services/jenkins/helmrelease.yaml b/services/jenkins/helmrelease.yaml
index 80f3604..e0d8fbb 100644
--- a/services/jenkins/helmrelease.yaml
+++ b/services/jenkins/helmrelease.yaml
@@ -180,17 +180,17 @@ spec:
             clientId: "${OIDC_CLIENT_ID}"
             clientSecret: "${OIDC_CLIENT_SECRET}"
             serverConfiguration:
-              wellKnownOpenIDConfigurationUrl: "${OIDC_ISSUER}/.well-known/openid-configuration"
-            logoutFromOpenIdProvider: true
+              wellKnown:
+                wellKnownOpenIDConfigurationUrl: "${OIDC_ISSUER}/.well-known/openid-configuration"
+                scopesOverride: "openid profile email"
+          logoutFromOpenIdProvider: true
             postLogoutRedirectUrl: "https://ci.bstein.dev"
-            scopes: "openid profile email"
             sendScopesInTokenRequest: true
             rootURLFromRequest: true
             userNameField: "preferred_username"
             fullNameFieldName: "name"
             emailFieldName: "email"
             groupsFieldName: "groups"
-            escapeHatchEnabled: false
         authorizationStrategy: |
           loggedInUsersCanDoAnything:
             allowAnonymousRead: false