From f3b1421cb689bd190010e3dbb62a5f97011d9842 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9bastien=20OUDRY?=
 <107411+seboudry@users.noreply.github.com>
Date: Mon, 29 Jan 2024 15:37:40 +0100
Subject: [PATCH 1/2] fix rockspec name and plugin version

---
 ...kspec => kong-plugin-oidc-1.4.0-1.rockspec | 19 +++++++++----------
 kong/plugins/oidc/handler.lua                 |  2 +-
 2 files changed, 10 insertions(+), 11 deletions(-)
 rename kong-oidc.rockspec => kong-plugin-oidc-1.4.0-1.rockspec (69%)

diff --git a/kong-oidc.rockspec b/kong-plugin-oidc-1.4.0-1.rockspec
similarity index 69%
rename from kong-oidc.rockspec
rename to kong-plugin-oidc-1.4.0-1.rockspec
index f58f7468..fd7a6b7b 100644
--- a/kong-oidc.rockspec
+++ b/kong-plugin-oidc-1.4.0-1.rockspec
@@ -1,9 +1,8 @@
-package = "kong-oidc"
+package = "kong-plugin-oidc"
 version = "1.4.0-1"
 source = {
-    url = "git://github.com/revomatico/kong-oidc",
-    tag = "master",
-    dir = "kong-oidc"
+    url = "git://github.com/revomatico/kong-oidc.git",
+    tag = "master"
 }
 description = {
     summary = "A Kong plugin for implementing the OpenID Connect Relying Party (RP) functionality",
@@ -18,7 +17,7 @@ description = {
 
         It can be used as a reverse proxy terminating OAuth/OpenID Connect in front of an origin server so that the origin server/services can be protected with the relevant standards without implementing those on the server itself.
     ]],
-    homepage = "https://github.com/nokia/kong-oidc",
+    homepage = "https://github.com/revomatico/kong-oidc",
     license = "Apache 2.0"
 }
 dependencies = {
@@ -27,10 +26,10 @@ dependencies = {
 build = {
     type = "builtin",
     modules = {
-    ["kong.plugins.oidc.filter"] = "kong/plugins/oidc/filter.lua",
-    ["kong.plugins.oidc.handler"] = "kong/plugins/oidc/handler.lua",
-    ["kong.plugins.oidc.schema"] = "kong/plugins/oidc/schema.lua",
-    ["kong.plugins.oidc.session"] = "kong/plugins/oidc/session.lua",
-    ["kong.plugins.oidc.utils"] = "kong/plugins/oidc/utils.lua"
+        ["kong.plugins.oidc.filter"]  = "kong/plugins/oidc/filter.lua",
+        ["kong.plugins.oidc.handler"] = "kong/plugins/oidc/handler.lua",
+        ["kong.plugins.oidc.schema"]  = "kong/plugins/oidc/schema.lua",
+        ["kong.plugins.oidc.session"] = "kong/plugins/oidc/session.lua",
+        ["kong.plugins.oidc.utils"]   = "kong/plugins/oidc/utils.lua"
     }
 }
diff --git a/kong/plugins/oidc/handler.lua b/kong/plugins/oidc/handler.lua
index abd6710b..b9923745 100644
--- a/kong/plugins/oidc/handler.lua
+++ b/kong/plugins/oidc/handler.lua
@@ -1,5 +1,5 @@
 local OidcHandler = {
-    VERSION = "1.3.0",
+    VERSION = "1.4.0",
     PRIORITY = 1000,
 }
 local utils = require("kong.plugins.oidc.utils")

From f78fff485405d9cab48688bc8dc0931cf9c2b0b4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9bastien=20OUDRY?=
 <107411+seboudry@users.noreply.github.com>
Date: Mon, 29 Jan 2024 17:28:26 +0100
Subject: [PATCH 2/2] make secrets fields referenceable to be handle by vault
 secret management

---
 kong/plugins/oidc/handler.lua | 2 ++
 kong/plugins/oidc/schema.lua  | 9 ++++++---
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/kong/plugins/oidc/handler.lua b/kong/plugins/oidc/handler.lua
index b9923745..af940153 100644
--- a/kong/plugins/oidc/handler.lua
+++ b/kong/plugins/oidc/handler.lua
@@ -95,6 +95,7 @@ function make_oidc(oidcConfig)
   local res, err = require("resty.openidc").authenticate(oidcConfig, ngx.var.request_uri, unauth_action)
 
   if err then
+    kong.log.err("Authentication failed: " .. err)
     if err == 'unauthorized request' then
       return kong.response.error(ngx.HTTP_UNAUTHORIZED)
     else
@@ -117,6 +118,7 @@ function introspect(oidcConfig)
       res, err = require("resty.openidc").introspect(oidcConfig)
     end
     if err then
+      kong.log.err("Introspect failed: " .. err)
       if oidcConfig.bearer_only == "yes" then
         ngx.header["WWW-Authenticate"] = 'Bearer realm="' .. oidcConfig.realm .. '",error="' .. err .. '"'
         return kong.response.error(ngx.HTTP_UNAUTHORIZED)
diff --git a/kong/plugins/oidc/schema.lua b/kong/plugins/oidc/schema.lua
index 976720be..2afef331 100644
--- a/kong/plugins/oidc/schema.lua
+++ b/kong/plugins/oidc/schema.lua
@@ -18,13 +18,15 @@ return {
           {
             client_id = {
               type = "string",
-              required = true
+              required = true,
+              referenceable = true
             }
           },
           {
             client_secret = {
               type = "string",
-              required = true
+              required = true,
+              referenceable = true
             }
           },
           {
@@ -123,7 +125,8 @@ return {
           {
             session_secret = {
               type = "string",
-              required = false
+              required = false,
+              referenceable = true
             }
           },
           {