From d941763daa67eb8a94962782f21d0acce158791d Mon Sep 17 00:00:00 2001
From: ibizaman <ibizapeanut@gmail.com>
Date: Tue, 21 Feb 2023 00:12:35 -0800
Subject: [PATCH] [vaultwarden] allow no auth for other endpoint

---
 vaultwarden/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/vaultwarden/default.nix b/vaultwarden/default.nix
index 5c1dacb..96018c3 100644
--- a/vaultwarden/default.nix
+++ b/vaultwarden/default.nix
@@ -189,7 +189,7 @@ rec {
       egress = [ "http://127.0.0.1:${toString serviceIngress}" ];
       realm = sso.realm;
       allowed_roles = [ "user" "/admin|admin" ];
-      skip_auth_routes = [ "^/api" ];
+      skip_auth_routes = [ "^/api" "^/identity/connect/token" ];
       inherit metricsPort;
       keys = {
         cookieSecret = "${serviceName}_oauth2proxy_cookiesecret";