From 5dbaf01a99bbd16b94add368be71501f95df2e83 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Szak=C3=A1ts=20Alp=C3=A1r=20Zsolt?= Date: Sun, 17 Aug 2025 00:18:39 +0200 Subject: [PATCH] Fix the fix --- Source/ProofOfConcept/Program.cs | 90 ++++++++++++++++---------------- 1 file changed, 45 insertions(+), 45 deletions(-) diff --git a/Source/ProofOfConcept/Program.cs b/Source/ProofOfConcept/Program.cs index 2282c7f..eb14095 100644 --- a/Source/ProofOfConcept/Program.cs +++ b/Source/ProofOfConcept/Program.cs @@ -43,54 +43,54 @@ builder.Services { // Point directly at the third-party metadata // Metadata is wrong... it sets non-existing uris like: "jwks_uri": "https://fleet-auth.tesla.com/oauth2/v3/discovery/thirdparty/keys" - //o.MetadataAddress = "https://fleet-auth.prd.vn.cloud.tesla.com/oauth2/v3/thirdparty/.well-known/openid-configuration"; - - // === Use Fleet-Auth third-party OIDC config === - o.Authority = "https://fleet-auth.tesla.com/oauth2/v3/nts"; - - o.Configuration ??= new OpenIdConnectConfiguration(); - o.Configuration.AuthorizationEndpoint = "https://fleet-auth.prd.vn.cloud.tesla.com/oauth2/v3/authorize"; - o.Configuration.TokenEndpoint = "https://fleet-auth.prd.vn.cloud.tesla.com/oauth2/v3/token"; - o.Configuration.JwksUri = "https://fleet-auth.prd.vn.cloud.tesla.com/oauth2/v3/discovery/thirdparty/keys"; - o.Configuration.EndSessionEndpoint = "https://fleet-auth.prd.vn.cloud.tesla.com/oauth2/v3/logout"; - o.Configuration.UserInfoEndpoint = "https://fleet-auth.prd.vn.cloud.tesla.com/oauth2/v3/userinfo"; - - o.Configuration.TokenEndpointAuthMethodsSupported.Clear(); - o.Configuration.TokenEndpointAuthMethodsSupported.Add("client_secret_post"); + // o.MetadataAddress = "https://fleet-auth.prd.vn.cloud.tesla.com/oauth2/v3/thirdparty/.well-known/openid-configuration"; + // + // // === Use Fleet-Auth third-party OIDC config === + // o.Authority = "https://fleet-auth.tesla.com/oauth2/v3/nts"; + // + // o.Configuration ??= new OpenIdConnectConfiguration(); + // o.Configuration.AuthorizationEndpoint = "https://fleet-auth.prd.vn.cloud.tesla.com/oauth2/v3/authorize"; + // o.Configuration.TokenEndpoint = "https://fleet-auth.prd.vn.cloud.tesla.com/oauth2/v3/token"; + // o.Configuration.JwksUri = "https://fleet-auth.prd.vn.cloud.tesla.com/oauth2/v3/discovery/thirdparty/keys"; + // o.Configuration.EndSessionEndpoint = "https://fleet-auth.prd.vn.cloud.tesla.com/oauth2/v3/logout"; + // o.Configuration.UserInfoEndpoint = "https://fleet-auth.prd.vn.cloud.tesla.com/oauth2/v3/userinfo"; + // + // o.Configuration.TokenEndpointAuthMethodsSupported.Clear(); + // o.Configuration.TokenEndpointAuthMethodsSupported.Add("client_secret_post"); + // + // o.Configuration.ResponseModesSupported.Clear(); + // o.Configuration.ResponseModesSupported.Add("query"); + // + // o.Configuration.GrantTypesSupported.Clear(); + // o.Configuration.GrantTypesSupported.Add("authorization_code"); + // + // o.Configuration.SubjectTypesSupported.Clear(); + // o.Configuration.SubjectTypesSupported.Add("public"); + // + // o.Configuration.ScopesSupported.Clear(); + // o.Configuration.ScopesSupported.Add("openid"); + // o.Configuration.ScopesSupported.Add("email"); + // o.Configuration.ScopesSupported.Add("profile"); + // o.Configuration.ScopesSupported.Add("metadata"); + // + // o.Configuration.IdTokenSigningAlgValuesSupported.Clear(); + // o.Configuration.IdTokenSigningAlgValuesSupported.Add("RS256"); + // + // o.Configuration.TokenEndpointAuthSigningAlgValuesSupported.Clear(); + // o.Configuration.TokenEndpointAuthSigningAlgValuesSupported.Add("RS256"); + // + // o.Configuration.ClaimsSupported.Clear(); + // o.Configuration.ClaimsSupported.Add("iss"); + // o.Configuration.ClaimsSupported.Add("iat"); + // o.Configuration.ClaimsSupported.Add("exp"); + // o.Configuration.ClaimsSupported.Add("nonce"); + // o.Configuration.ClaimsSupported.Add("sub"); + // o.Configuration.ClaimsSupported.Add("aud"); - o.Configuration.ResponseModesSupported.Clear(); - o.Configuration.ResponseModesSupported.Add("query"); - - o.Configuration.GrantTypesSupported.Clear(); - o.Configuration.GrantTypesSupported.Add("authorization_code"); - - o.Configuration.SubjectTypesSupported.Clear(); - o.Configuration.SubjectTypesSupported.Add("public"); - - o.Configuration.ScopesSupported.Clear(); - o.Configuration.ScopesSupported.Add("openid"); - o.Configuration.ScopesSupported.Add("email"); - o.Configuration.ScopesSupported.Add("profile"); - o.Configuration.ScopesSupported.Add("metadata"); - - o.Configuration.IdTokenSigningAlgValuesSupported.Clear(); - o.Configuration.IdTokenSigningAlgValuesSupported.Add("RS256"); - - o.Configuration.TokenEndpointAuthSigningAlgValuesSupported.Clear(); - o.Configuration.TokenEndpointAuthSigningAlgValuesSupported.Add("RS256"); - - o.Configuration.ClaimsSupported.Clear(); - o.Configuration.ClaimsSupported.Add("iss"); - o.Configuration.ClaimsSupported.Add("iat"); - o.Configuration.ClaimsSupported.Add("exp"); - o.Configuration.ClaimsSupported.Add("nonce"); - o.Configuration.ClaimsSupported.Add("sub"); - o.Configuration.ClaimsSupported.Add("aud"); - - o.ConfigurationManager = + o.ConfigurationManager = new TeslaOIDCConfigurationManager("https://fleet-auth.prd.vn.cloud.tesla.com/oauth2/v3/thirdparty/.well-known/openid-configuration"); // Standard OIDC web app settings - o.ResponseType = OpenIdConnectResponseType.Code; + o.ResponseType = "code"; o.UsePkce = true; o.SaveTokens = true;