Turn off issuer, client id check for refresh token

pkg/keycloak/proxy/handlers.go

@@ -237,8 +237,8 @@ func (r *OauthProxy) oauthCallbackHandler(writer http.ResponseWriter, req *http.
 			r.Provider,
 			refreshToken,
 			r.Config.ClientID,
-			r.Config.SkipAccessTokenClientIDCheck,
-			r.Config.SkipAccessTokenIssuerCheck,
+			true,
+			true,
 		)
 
 		if err != nil {

pkg/keycloak/proxy/middleware.go

@@ -274,8 +274,8 @@ func (r *OauthProxy) authenticationMiddleware() func(http.Handler) http.Handler
 						r.Provider,
 						refresh,
 						r.Config.ClientID,
-						r.Config.SkipAccessTokenClientIDCheck,
-						r.Config.SkipAccessTokenIssuerCheck,
+						true,
+						true,
 					)
 					if err != nil {
 						lLog.Error(

pkg/keycloak/proxy/misc.go

@@ -637,22 +637,28 @@ func verifyToken(
 	// we want to know if we are using valid token
 	// bad is that Verify method doesn't check first signatures, so
 	// we have to do it like this
-	oidcConf := &oidc3.Config{
-		ClientID:          clientID,
-		SkipClientIDCheck: skipClientIDCheck,
-		SkipIssuerCheck:   skipIssuerCheck,
-		SkipExpiryCheck:   true,
-	}
-
-	verifier := provider.Verifier(oidcConf)
+	verifier := provider.Verifier(
+		&oidc3.Config{
+			ClientID:          clientID,
+			SkipClientIDCheck: true,
+			SkipIssuerCheck:   true,
+			SkipExpiryCheck:   true,
+		},
+	)
 	_, err := verifier.Verify(ctx, rawToken)
 	if err != nil {
 		return nil, errors.Join(apperrors.ErrTokenSignature, err)
 	}
 
 	// Now doing expiration check
-	oidcConf.SkipExpiryCheck = false
-	verifier = provider.Verifier(oidcConf)
+	verifier = provider.Verifier(
+		&oidc3.Config{
+			ClientID:          clientID,
+			SkipClientIDCheck: skipClientIDCheck,
+			SkipIssuerCheck:   skipIssuerCheck,
+			SkipExpiryCheck:   true,
+		},
+	)
 
 	oToken, err := verifier.Verify(ctx, rawToken)
 	if err != nil {