services/jenkins/helmrelease.yaml

@@ -179,19 +179,18 @@ spec:
           oic:
             clientId: "${OIDC_CLIENT_ID}"
             clientSecret: "${OIDC_CLIENT_SECRET}"
-            tokenServerUrl: "${OIDC_TOKEN_URL}"
-            authorizationServerUrl: "${OIDC_AUTH_URL}"
-            userInfoUrl: "${OIDC_USERINFO_URL}"
+            serverConfiguration:
+              wellKnownOpenIDConfigurationUrl: "${OIDC_ISSUER}/.well-known/openid-configuration"
             logoutFromOpenIdProvider: true
             postLogoutRedirectUrl: "https://ci.bstein.dev"
             scopes: "openid profile email"
+            sendScopesInTokenRequest: true
             rootURLFromRequest: true
             userNameField: "preferred_username"
             fullNameFieldName: "name"
             emailFieldName: "email"
             groupsFieldName: "groups"
             escapeHatchEnabled: false
-            maxClockSkew: 120
         authorizationStrategy: |
           loggedInUsersCanDoAnything:
             allowAnonymousRead: false