Merge branch 'main' into deps/image-update-main-01d2dc20

Author: AlexFenlon

internal/configs/oidc/oidc.conf

@@ -45,7 +45,7 @@
         proxy_set_header      Content-Type "application/x-www-form-urlencoded";
         proxy_set_header      Authorization $arg_secret_basic;
         proxy_pass            $oidc_token_endpoint;
-   }
+    }
 
     location = /_refresh {
         # This location is called by oidcAuth() when performing a token refresh. We
@@ -62,13 +62,12 @@
         proxy_pass            $oidc_token_endpoint;
     }
 
-    location = /_id_token_validation {
-        # This location is called by oidcCodeExchange() and oidcRefreshRequest(). We use
-        # the auth_jwt_module to validate the OpenID Connect token response, as per:
-        #  https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation
+    location = /_token_validation {
+        # Internal location to verify any JWT (e.g., id_token, logout_token)
+        # using the auth_jwt module. Extracts the claims and returns them as JSON.
         internal;
         auth_jwt "" token=$arg_token;
-        js_content oidc.validateIdToken;
+        js_content oidc.extractTokenClaims;
         error_page 500 502 504 @oidc_error;
     }