Activities of "rogercprops"

I think this fixed it.

Thank you.

I just granted you access to the Token service and auth-server GitHub repositories

I made the change to the token service passing var policy = new DiscoveryPolicy

{
    RequireHttps = false
};

and am now getting this error

{
    "error": {
        "code": null,
        "message": "Error retrieving discovery document: Invalid base address for endpoint http://authserver.mydomain.dev/connect/authorize. Valid base addresses: https://authserver.mydomain.dev.",
        "details": null,
        "data": {},
        "validationErrors": null
    }
}

This answer still doesn't make sense. We have not touched the Token service since 8/27. But I just made a change to the authserver and redeployed. It's now working again (not throwing a http error and successfully returning a token).

So something else must be happening.

Set it where?

DiscoveryCache is from the Duende.IdentityModel package

// Copyright (c) Duende Software. All rights reserved.
// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.

using Duende.IdentityModel.Internal;

namespace Duende.IdentityModel.Client;

/// <summary>
/// Helper for caching discovery documents.
/// </summary>
public class DiscoveryCache : IDiscoveryCache
{
    private DateTime _nextReload = DateTime.MinValue;
    private AsyncLazy<DiscoveryDocumentResponse>? _lazyResponse;

    private readonly DiscoveryPolicy _policy;
    private readonly Func<HttpMessageInvoker> _getHttpClient;
    private readonly string _authority;

    /// <summary>
    /// Initialize instance of DiscoveryCache with passed authority.
    /// </summary>
    /// <param name="authority">Base address or discovery document endpoint.</param>
    /// <param name="policy">The policy.</param>
    public DiscoveryCache(string authority, DiscoveryPolicy? policy = null)
    {
        _authority = authority;
        _policy = policy ?? new DiscoveryPolicy();
        _getHttpClient = () => new HttpClient();
    }

    /// <summary>
    /// Initialize instance of DiscoveryCache with passed authority.
    /// </summary>
    /// <param name="authority">Base address or discovery document endpoint.</param>
    /// <param name="httpClientFunc">The HTTP client function.</param>
    /// <param name="policy">The policy.</param>
    public DiscoveryCache(string authority, Func<HttpMessageInvoker> httpClientFunc, DiscoveryPolicy? policy = null)
    {
        _authority = authority;
        _policy = policy ?? new DiscoveryPolicy();
        _getHttpClient = httpClientFunc ?? throw new ArgumentNullException(nameof(httpClientFunc));
    }

    /// <summary>
    /// Frequency to refresh discovery document. Defaults to 24 hours.
    /// </summary>
    public TimeSpan CacheDuration { get; set; } = TimeSpan.FromHours(24);

    /// <summary>
    /// Get the DiscoveryResponse either from cache or from discovery endpoint.
    /// </summary>
    /// <returns></returns>
    public Task<DiscoveryDocumentResponse> GetAsync()
    {
        if (_nextReload <= DateTime.UtcNow)
        {
            Refresh();
        }

        return _lazyResponse!.Value;
    }

    /// <summary>
    /// Marks the discovery document as stale and will trigger a request to the discovery endpoint on the next request to get the DiscoveryResponse.
    /// </summary>
    public void Refresh()
    {
        _lazyResponse = new AsyncLazy<DiscoveryDocumentResponse>(GetResponseAsync);
    }

    private async Task<DiscoveryDocumentResponse> GetResponseAsync()
    {
        var result = await _getHttpClient().GetDiscoveryDocumentAsync(new DiscoveryDocumentRequest
        {
            Address = _authority,
            Policy = _policy
        }).ConfigureAwait();

        if (result.IsError)
        {
            Refresh();
            _nextReload = DateTime.MinValue;
        }
        else
        {
            _nextReload = DateTime.UtcNow.Add(CacheDuration);
        }

        return result;
    }
}

I have no idea what has changed but it's giving the Error retrieving discovery document: Endpoint does not use HTTPS: http://authserver.mydomain.dev/connect/authorize.

It was working yesterday and now it's not.

Don't know what I did but just redeployed and it worked

Updated authserver initialization

public override void OnApplicationInitialization(ApplicationInitializationContext context)
    {
        var app = context.GetApplicationBuilder();
        var env = context.GetEnvironment();
        var configuration = context.ServiceProvider.GetRequiredService<IConfiguration>();

        app.UseForwardedHeaders(new ForwardedHeadersOptions
        {
            ForwardedHeaders = ForwardedHeaders.XForwardedProto | ForwardedHeaders.XForwardedFor,
            // Optionally, set KnownProxies or KnownNetworks if needed for security
        });

        app.Use(async (context, next) =>
        {
            context.Request.Scheme = "https";
            await next();
        });

Updated ingress

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: "{{ .Release.Name }}-{{ .Chart.Name }}"
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: "/"
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
    nginx.ingress.kubernetes.io/proxy-buffer-size: "32k"
    nginx.ingress.kubernetes.io/proxy-buffers-number: "8"
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/use-forwarded-headers: "true"
    nginx.ingress.kubernetes.io/enable-real-ip: "true"
    nginx.ingress.kubernetes.io/proxy-real-ip-cidr: "0.0.0.0/0"
    cert-manager.io/cluster-issuer: "letsencrypt"

The above changes didn't solve the problem