Pass allowPrivateIP into createOIDCConfig (#1470)

jhrozek · web-flow · commit ac326efad781 · 2025-08-19T08:45:45.000+02:00
diff --git a/cmd/thv/app/run_flags.go b/cmd/thv/app/run_flags.go
@@ -254,7 +254,7 @@ func setupOIDCConfiguration(cmd *cobra.Command, runFlags *RunFlags) (*auth.Token
 	}
 
 	return createOIDCConfig(oidcIssuer, oidcAudience, oidcJwksURL, oidcIntrospectionURL,
-		oidcClientID, oidcClientSecret, runFlags.ResourceURL), nil
+		oidcClientID, oidcClientSecret, runFlags.ResourceURL, runFlags.JWKSAllowPrivateIP), nil
 }
 
 // setupTelemetryConfiguration sets up telemetry configuration with config fallbacks
@@ -442,7 +442,7 @@ func getTelemetryFromFlags(cmd *cobra.Command, config *cfg.Config, otelEndpoint
 
 // createOIDCConfig creates an OIDC configuration if any OIDC parameters are provided
 func createOIDCConfig(oidcIssuer, oidcAudience, oidcJwksURL, oidcIntrospectionURL,
-	oidcClientID, oidcClientSecret, resourceURL string) *auth.TokenValidatorConfig {
+	oidcClientID, oidcClientSecret, resourceURL string, allowPrivateIP bool) *auth.TokenValidatorConfig {
 	if oidcIssuer != "" || oidcAudience != "" || oidcJwksURL != "" || oidcIntrospectionURL != "" ||
 		oidcClientID != "" || oidcClientSecret != "" || resourceURL != "" {
 		return &auth.TokenValidatorConfig{
@@ -453,6 +453,7 @@ func createOIDCConfig(oidcIssuer, oidcAudience, oidcJwksURL, oidcIntrospectionUR
 			ClientID:         oidcClientID,
 			ClientSecret:     oidcClientSecret,
 			ResourceURL:      resourceURL,
+			AllowPrivateIP:   allowPrivateIP,
 		}
 	}
 	return nil

Original file line number	Diff line number	Diff line change
`@@ -254,7 +254,7 @@ func setupOIDCConfiguration(cmd cobra.Command, runFlags RunFlags) (*auth.Token`
`254`	`254`	`}`
`255`	`255`
`256`	`256`	`return createOIDCConfig(oidcIssuer, oidcAudience, oidcJwksURL, oidcIntrospectionURL,`
`257`		`- oidcClientID, oidcClientSecret, runFlags.ResourceURL), nil`
	`257`	`+ oidcClientID, oidcClientSecret, runFlags.ResourceURL, runFlags.JWKSAllowPrivateIP), nil`
`258`	`258`	`}`
`259`	`259`
`260`	`260`	`// setupTelemetryConfiguration sets up telemetry configuration with config fallbacks`
`@@ -442,7 +442,7 @@ func getTelemetryFromFlags(cmd cobra.Command, config cfg.Config, otelEndpoint`
`442`	`442`
`443`	`443`	`// createOIDCConfig creates an OIDC configuration if any OIDC parameters are provided`
`444`	`444`	`func createOIDCConfig(oidcIssuer, oidcAudience, oidcJwksURL, oidcIntrospectionURL,`
`445`		`- oidcClientID, oidcClientSecret, resourceURL string) *auth.TokenValidatorConfig {`
	`445`	`+ oidcClientID, oidcClientSecret, resourceURL string, allowPrivateIP bool) *auth.TokenValidatorConfig {`
`446`	`446`	`if oidcIssuer != "" \|\| oidcAudience != "" \|\| oidcJwksURL != "" \|\| oidcIntrospectionURL != "" \|\|`
`447`	`447`	`oidcClientID != "" \|\| oidcClientSecret != "" \|\| resourceURL != "" {`
`448`	`448`	`return &auth.TokenValidatorConfig{`
`@@ -453,6 +453,7 @@ func createOIDCConfig(oidcIssuer, oidcAudience, oidcJwksURL, oidcIntrospectionUR`
`453`	`453`	`ClientID: oidcClientID,`
`454`	`454`	`ClientSecret: oidcClientSecret,`
`455`	`455`	`ResourceURL: resourceURL,`
	`456`	`+ AllowPrivateIP: allowPrivateIP,`
`456`	`457`	`}`
`457`	`458`	`}`
`458`	`459`	`return nil`