# HG changeset patch
# User drewp@bigasterisk.com
# Date 1663218269 25200
# Node ID b605b92e89b8de8e71b7fc37dbc0a52c0dcac7e8
# Parent  9d3a9e524ad3e5c2832418d6d92b174b1a6d2ec5
change provider to oidc to try to stop failed user directory syncs

diff -r 9d3a9e524ad3 -r b605b92e89b8 kube/10-pomerium.yaml
--- a/kube/10-pomerium.yaml	Tue Sep 13 22:32:50 2022 -0700
+++ b/kube/10-pomerium.yaml	Wed Sep 14 22:04:29 2022 -0700
@@ -7,11 +7,15 @@
   authenticate:
     url: https://authenticate.bigasterisk.com
   identityProvider:
-    provider: google
+    provider: oidc
+    url: https://accounts.google.com
+    scopes:
+      - openid
+      - email
+      # adds name+locale to user details
+      - profile
     secret: pomerium/idp
-    refreshDirectory:
-      interval: "10h"
-      timeout: "10s"
+
   # Note pom won't start up if this cert doesn't exist, so you have to run once
   # with it commented out, then after cert success, run again with it enabled.
   certificates: [pomerium/pomerium-proxy-tls]