diff --git a/charts/cofide-connect/templates/configmap-envoy.yaml b/charts/cofide-connect/templates/configmap-envoy.yaml index e4b6aef..c67cd19 100644 --- a/charts/cofide-connect/templates/configmap-envoy.yaml +++ b/charts/cofide-connect/templates/configmap-envoy.yaml @@ -87,6 +87,7 @@ data: filter_chain_match: application_protocols: - h2 + - http/1.1 server_names: - connect.{{ .Values.connect.urlBase }} transport_socket: @@ -96,6 +97,7 @@ data: common_tls_context: alpn_protocols: - h2 + - http/1.1 tls_certificates: - certificate_chain: filename: /etc/envoy/tls/tls.crt @@ -128,6 +130,27 @@ data: allow_credentials: true max_age: "7200" routes: + - match: + path: "/.well-known/oauth-protected-resource" + direct_response: + status: 200 + body: + inline_string: | + { + "resource": "https://connect.{{ .Values.connect.urlBase }}", + "authorization_servers": ["{{ .Values.envoy.auth.issuer }}"], + "scopes_supported": ["openid", "profile", "offline_access"], + "bearer_methods_supported": ["header"] + } + response_headers_to_add: + - header: + key: "content-type" + value: "application/json" + # Explicitly disable JWT auth for this public discovery endpoint + typed_per_filter_config: + envoy.filters.http.jwt_authn: + "@type": type.googleapis.com/envoy.extensions.filters.http.jwt_authn.v3.PerRouteConfig + disabled: true - match: prefix: /proto.connect route: