update oidc_template and conf (#6838)

vepatel · web-flow · commit c42185d715cc · 2024-11-22T11:26:49.000Z
diff --git a/internal/configs/oidc/oidc.conf b/internal/configs/oidc/oidc.conf
@@ -39,8 +39,7 @@
         internal;
         proxy_ssl_server_name on; # For SNI to the IdP
         proxy_set_header      Content-Type "application/x-www-form-urlencoded";
-        proxy_set_body        "grant_type=authorization_code&client_id=$oidc_client&$args&redirect_uri=$redirect_base$redir_location";
-        proxy_method          POST;
+        proxy_set_header      Authorization $arg_secret_basic;
         proxy_pass            $oidc_token_endpoint;
    }
 
@@ -51,8 +50,7 @@
         internal;
         proxy_ssl_server_name on; # For SNI to the IdP
         proxy_set_header      Content-Type "application/x-www-form-urlencoded";
-        proxy_set_body        "grant_type=refresh_token&refresh_token=$arg_token&client_id=$oidc_client&client_secret=$oidc_client_secret";
-        proxy_method          POST;
+        proxy_set_header      Authorization $arg_secret_basic;
         proxy_pass            $oidc_token_endpoint;
     }
 
diff --git a/internal/configs/version2/nginx-plus.virtualserver.tmpl b/internal/configs/version2/nginx-plus.virtualserver.tmpl
@@ -90,6 +90,7 @@ server {
     include oidc/oidc.conf;
 
     set $oidc_pkce_enable 0;
+    set $oidc_client_auth_method "client_secret_post";
     set $oidc_logout_redirect "{{ $oidc.PostLogoutRedirectURI }}";
     set $oidc_hmac_key "{{ $s.VSName }}";
     set $zone_sync_leeway {{ $oidc.ZoneSyncLeeway }};
