Mercurial > code > home > repos > pomerium

changeset 2:b605b92e89b8 main

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
change provider to oidc to try to stop failed user directory syncs
author drewp@bigasterisk.com
date Wed, 14 Sep 2022 22:04:29 -0700
parents 9d3a9e524ad3
children f7dea43be3a5
files kube/10-pomerium.yaml
diffstat 1 files changed, 8 insertions(+), 4 deletions(-) [+]
line wrap: on
line diff
--- a/kube/10-pomerium.yaml	Tue Sep 13 22:32:50 2022 -0700
+++ b/kube/10-pomerium.yaml	Wed Sep 14 22:04:29 2022 -0700
@@ -7,11 +7,15 @@
   authenticate:
     url: https://authenticate.bigasterisk.com
   identityProvider:
-    provider: google
+    provider: oidc
+    url: https://accounts.google.com
+    scopes:
+      - openid
+      - email
+      # adds name+locale to user details
+      - profile
     secret: pomerium/idp
-    refreshDirectory:
-      interval: "10h"
-      timeout: "10s"
+
   # Note pom won't start up if this cert doesn't exist, so you have to run once
   # with it commented out, then after cert success, run again with it enabled.
   certificates: [pomerium/pomerium-proxy-tls]