From f4fa44c842b051d120089538168cd96abd383a38 Mon Sep 17 00:00:00 2001
From: Brad Stein <Brad.Stein@gmail.com>
Date: Fri, 19 Dec 2025 16:44:24 -0300
Subject: [PATCH] jenkins: fix oidc jcasc schema

---
 services/jenkins/helmrelease.yaml | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/services/jenkins/helmrelease.yaml b/services/jenkins/helmrelease.yaml
index df75acc..80f3604 100644
--- a/services/jenkins/helmrelease.yaml
+++ b/services/jenkins/helmrelease.yaml
@@ -179,19 +179,18 @@ spec:
           oic:
             clientId: "${OIDC_CLIENT_ID}"
             clientSecret: "${OIDC_CLIENT_SECRET}"
-            tokenServerUrl: "${OIDC_TOKEN_URL}"
-            authorizationServerUrl: "${OIDC_AUTH_URL}"
-            userInfoUrl: "${OIDC_USERINFO_URL}"
+            serverConfiguration:
+              wellKnownOpenIDConfigurationUrl: "${OIDC_ISSUER}/.well-known/openid-configuration"
             logoutFromOpenIdProvider: true
             postLogoutRedirectUrl: "https://ci.bstein.dev"
             scopes: "openid profile email"
+            sendScopesInTokenRequest: true
             rootURLFromRequest: true
             userNameField: "preferred_username"
             fullNameFieldName: "name"
             emailFieldName: "email"
             groupsFieldName: "groups"
             escapeHatchEnabled: false
-            maxClockSkew: 120
         authorizationStrategy: |
           loggedInUsersCanDoAnything:
             allowAnonymousRead: false