# HG changeset patch
# User drewp@bigasterisk.com
# Date 2022-09-15 05:04:29
# Node ID b605b92e89b8de8e71b7fc37dbc0a52c0dcac7e8
# Parent  9d3a9e524ad3e5c2832418d6d92b174b1a6d2ec5

change provider to oidc to try to stop failed user directory syncs

diff --git a/kube/10-pomerium.yaml b/kube/10-pomerium.yaml
--- a/kube/10-pomerium.yaml
+++ b/kube/10-pomerium.yaml
@@ -7,11 +7,15 @@ spec:
   authenticate:
     url: https://authenticate.bigasterisk.com
   identityProvider:
-    provider: google
+    provider: oidc
+    url: https://accounts.google.com
+    scopes:
+      - openid
+      - email
+      # adds name+locale to user details
+      - profile
     secret: pomerium/idp
-    refreshDirectory:
-      interval: "10h"
-      timeout: "10s"
+
   # Note pom won't start up if this cert doesn't exist, so you have to run once
   # with it commented out, then after cert success, run again with it enabled.
   certificates: [pomerium/pomerium-proxy-tls]