func (s *Server) ProviderConfig() oidc.ProviderConfig { authEndpoint := s.absURL(httpPathAuth) tokenEndpoint := s.absURL(httpPathToken) keysEndpoint := s.absURL(httpPathKeys) cfg := oidc.ProviderConfig{ Issuer: &s.IssuerURL, AuthEndpoint: &authEndpoint, TokenEndpoint: &tokenEndpoint, KeysEndpoint: &keysEndpoint, GrantTypesSupported: []string{oauth2.GrantTypeAuthCode, oauth2.GrantTypeClientCreds}, ResponseTypesSupported: []string{"code"}, SubjectTypesSupported: []string{"public"}, IDTokenSigningAlgValues: []string{"RS256"}, TokenEndpointAuthMethodsSupported: []string{"client_secret_basic"}, } if s.EnableClientRegistration { regEndpoint := s.absURL(httpPathClientRegistration) cfg.RegistrationEndpoint = ®Endpoint } return cfg }