OIDC connector option to override jwksURI

Signed-off-by: sohgaura <tiwari.dk1@gmail.com>

connector/oidc/oidc.go

@@ -107,10 +107,13 @@ type ProviderDiscoveryOverrides struct {
 	// AuthURL provides a way to user overwrite the Auth URL
 	// from the .well-known/openid-configuration authorization_endpoint
 	AuthURL string `json:"authURL"`
+	// JWKSURL provides a way to user overwrite the JWKS URL
+	// from the .well-known/openid-configuration jwks_uri
+	JWKSURL string `json:"jwksURL"
 }
 
 func (o *ProviderDiscoveryOverrides) Empty() bool {
-	return o.TokenURL == "" && o.AuthURL == ""
+	return o.TokenURL == "" && o.AuthURL == "" && o.JWKSURL == ""
 }
 
 func getProvider(ctx context.Context, issuer string, overrides ProviderDiscoveryOverrides) (*oidc.Provider, error) {
@@ -151,7 +154,9 @@ func getProvider(ctx context.Context, issuer string, overrides ProviderDiscovery
 	if overrides.AuthURL != "" {
 		config.AuthURL = overrides.AuthURL
 	}
-
+	if overrides.JWKSURL != "" {
+		config.JWKSURL = overrides.JWKSURL
+	}
 	return config.NewProvider(context.Background()), nil
 }
 

connector/oidc/oidc_test.go

@@ -652,7 +652,7 @@ func TestProviderOverride(t *testing.T) {
 		conn, err := newConnector(Config{
 			Issuer:                     testServer.URL,
 			Scopes:                     []string{"openid", "groups"},
-			ProviderDiscoveryOverrides: ProviderDiscoveryOverrides{TokenURL: "/test1", AuthURL: "/test2"},
+			ProviderDiscoveryOverrides: ProviderDiscoveryOverrides{TokenURL: "/test1", AuthURL: "/test2", JWKSURL:"/test3"},
 		})
 		if err != nil {
 			t.Fatal("failed to create new connector", err)
@@ -667,6 +667,11 @@ func TestProviderOverride(t *testing.T) {
 		if conn.provider.Endpoint().TokenURL != expToken {
 			t.Fatalf("unexpected token URL: %s, expected: %s\n", conn.provider.Endpoint().TokenURL, expToken)
 		}
+
+		expJWKS := "/test3"
+		if conn.provider.Endpoint().JWKSURL != expJWKS {
+			t.Fatalf("unexpected JWKS URL: %s, expected: %s\n", conn.provider.Endpoint().JWKSURL, expJWKS)
+		}
 	})
 }