Lance Rushing

I tracked down a bug with X-Forwarded-Proto. When using "--cert" X-Forwarded-Proto gets set to "http" (should be "https") Steps to reproduce: 1. start web server to show X-Forwarded-Proto header 2....

Something like this is needed: (not tested) ```ruby JWT.decode(token, nil, true, algorithm: 'RS256', jwks: JSON.load(URI.open(JSON.load(URI.open(authorization_server_path) + "/.well-known/openid-configuration"))['jwks_uri'])), verify_iss: true, iss: authorization_server_path, verify_aud: true, aud: authorization_server_audience, verify_sub: true, verify_expiration: true, verify_not_before:...

I submitted #448 , which is almost a duplicate of this (minor formatting difference). RFC: https://tools.ietf.org/html/rfc6749#section-6 ``` scope OPTIONAL. The scope of the access request as described by Section 3.3....

> @lancerushing can you please rebase and force push. @stefanprodan done. Thank you!

+1 Having the same issue on a fresh install. My guess is one of the dependencies has a bug. :man_shrugging: ```shell $ go version go version go1.19.5 linux/amd64 ```

There are a few things I want to add, but I wanted to get your input before I add too much polish. 1) Which pattern to use to inject the...