@@ -37,11 +37,19 @@ type Config struct {
3737
3838// AuthConfig holds JWT authentication configuration
3939type AuthConfig struct {
40- JWKSUrl string `mapstructure:"jwks_url"`
4140 Issuer string `mapstructure:"issuer"`
41+ JwksUrl string `mapstructure:"jwks_url"`
4242 ClockSkew int `mapstructure:"clock_skew"`
4343}
4444
45+ // JWKSUrl returns the JWKS URL - uses explicit jwks_url if set, otherwise derives from issuer
46+ func (a * AuthConfig ) JWKSUrl () string {
47+ if a .JwksUrl != "" {
48+ return a .JwksUrl
49+ }
50+ return a .Issuer + "/.well-known/jwks"
51+ }
52+
4553// ServerConfig holds HTTP server configuration
4654type ServerConfig struct {
4755 Port string `mapstructure:"port"`
@@ -229,14 +237,14 @@ func setDefaults() {
229237 viper .SetDefault ("logging.level" , "info" )
230238 viper .SetDefault ("logging.format" , "json" )
231239
232- // Auth defaults
233- viper .SetDefault ("auth.jwks_url" , "http://user-management:8080/.well-known/jwks" )
240+ // Auth defaults - JWKS URL can be set separately from issuer for Docker networking
234241 viper .SetDefault ("auth.issuer" , "http://user-management:8080" )
242+ viper .SetDefault ("auth.jwks_url" , "" ) // Empty means derive from issuer
235243 viper .SetDefault ("auth.clock_skew" , 30 )
236244
237245 // Explicit env var bindings for auth config
238- _ = viper .BindEnv ("auth.jwks_url" , "JWKS_URI" )
239246 _ = viper .BindEnv ("auth.issuer" , "OAUTH_ISSUER" )
247+ _ = viper .BindEnv ("auth.jwks_url" , "OAUTH_JWKS_URL" )
240248}
241249
242250// ConnectionString returns the database connection string
0 commit comments