From 4ac3d7e568a867b0666744df6087f2ee050d41b5 Mon Sep 17 00:00:00 2001
From: Addison Higham <addisonj@gmail.com>
Date: Tue, 15 Feb 2022 22:55:29 -0700
Subject: [PATCH] Add audience to token generator

Certain implementations of oauth2, such as auth0, require the audience
parameter to be send to the token generation endpoint.

This commit adds an additional parameter to, by default, send the
audience parameter.

This should be be broadly compatible and ignored by other
implementations. Otherwise, we can consider an additional configuration
option
---
 pkg/auth/oidc.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/pkg/auth/oidc.go b/pkg/auth/oidc.go
index 981f7589..de548a3d 100644
--- a/pkg/auth/oidc.go
+++ b/pkg/auth/oidc.go
@@ -93,6 +93,9 @@ func NewOidcAuthSetter(baseCfg BaseConfig, cfg OidcClientConfig) *OidcAuthProvid
 		ClientSecret: cfg.OidcClientSecret,
 		Scopes:       []string{cfg.OidcAudience},
 		TokenURL:     cfg.OidcTokenEndpointURL,
+		EndpointParams: map[string][]string{
+			"audience": {cfg.OidcAudience},
+		},
 	}
 
 	return &OidcAuthProvider{