probably the same configuration can be used for discovery url or a different parameter can be provided (openid-provider-ca-certificate)
Why?
This will be helpful when identity provider is hosted with a certificate from custom CA, not publicly available.
This option will be better than disabling checking entirely with skip-openid-provider-tls-verify
Additional CA for identity provider
Summary
https://github.com/louketo/louketo-proxy/issues/256 seems to add support for custom CA for upstream, but the same is not considered for identify provider
probably the same configuration can be used for discovery url or a different parameter can be provided (openid-provider-ca-certificate)
Why?
This will be helpful when identity provider is hosted with a certificate from custom CA, not publicly available. This option will be better than disabling checking entirely with skip-openid-provider-tls-verify
How
It would be more or less similar to https://github.com/louketo/louketo-proxy/issues/256
Acceptance criteria
Additional Information