Sienna Meridian Satterwhite
8113e504ba
Django backends call the OIDC token, userinfo, and JWKS endpoints server-side. Pointing these at the public auth.DOMAIN_SUFFIX URL caused an SSLError in pods because mkcert CA certificates are not trusted inside containers. Split the configmap entries: - OIDC_OP_AUTHORIZATION_ENDPOINT and OIDC_OP_LOGOUT_ENDPOINT remain as public HTTPS URLs -- the browser navigates to these. - OIDC_OP_TOKEN_ENDPOINT, OIDC_OP_USER_ENDPOINT, OIDC_OP_JWKS_ENDPOINT now point to http://hydra-public.ory.svc.cluster.local:4444 -- Django calls these directly, bypassing the proxy and its TLS certificate. Affects all La Suite apps (docs, people) that use lasuite-oidc-provider.