func (op *OIDCProvider) FetchCustomProviderConfig(discoveryURL string) (*oidc.ProviderConfig, error) { var customConfig OidcProviderConfiguration // If discovery URL is empty, use the standard discovery URL if discoveryURL == "" { discoveryURL = strings.TrimSuffix(op.Issuer, "/") + discoveryConfigPath } base.LogTo("OIDC+", "Fetching custom provider config from %s", discoveryURL) req, err := http.NewRequest("GET", discoveryURL, nil) if err != nil { base.LogTo("OIDC+", "Error building new request for URL %s: %v", discoveryURL, err) return nil, err } resp, err := http.DefaultClient.Do(req) if err != nil { base.LogTo("OIDC+", "Error invoking calling discovery URL %s: %v", discoveryURL, err) return nil, err } defer resp.Body.Close() if err := json.NewDecoder(resp.Body).Decode(&customConfig); err != nil { base.LogTo("OIDC+", "Error parsing body %s: %v", discoveryURL, err) return nil, err } var oidcConfig oidc.ProviderConfig oidcConfig, err = customConfig.AsProviderConfig() if err != nil { base.LogTo("OIDC+", "Error invoking calling discovery URL %s: %v", discoveryURL, err) return nil, err } // Set expiry on config, if defined in response header var ttl time.Duration var ok bool ttl, ok, err = phttp.Cacheable(resp.Header) if err != nil { return nil, err } else if ok { oidcConfig.ExpiresAt = time.Now().UTC().Add(ttl) } base.LogTo("OIDC+", "Returning config: %v", oidcConfig) return &oidcConfig, nil }