From 84d82b04945078c18a99a42472b9bebbc0e6eb5f Mon Sep 17 00:00:00 2001
From: Raul Sampedro <5142014+rsrdesarrollo@users.noreply.github.com>
Date: Thu, 11 Sep 2025 14:43:27 +0200
Subject: [PATCH] fix: NewRemoteKeySet is not using DefaultHTTPClient

Signed-off-by: Jan Larwig <jan@larwig.com>
---
 pkg/providers/oidc/provider_verifier.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/pkg/providers/oidc/provider_verifier.go b/pkg/providers/oidc/provider_verifier.go
index b6b9a970..eac80a8c 100644
--- a/pkg/providers/oidc/provider_verifier.go
+++ b/pkg/providers/oidc/provider_verifier.go
@@ -10,6 +10,7 @@ import (
 	"os"
 
 	"github.com/coreos/go-oidc/v3/oidc"
+	"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/requests"
 	k8serrors "k8s.io/apimachinery/pkg/util/errors"
 )
 
@@ -127,6 +128,8 @@ func NewProviderVerifier(ctx context.Context, opts ProviderVerifierOptions) (Pro
 type verifierBuilder func(*oidc.Config) *oidc.IDTokenVerifier
 
 func getVerifierBuilder(ctx context.Context, opts ProviderVerifierOptions) (verifierBuilder, DiscoveryProvider, error) {
+	ctx = oidc.ClientContext(ctx, requests.DefaultHTTPClient)
+
 	if opts.SkipDiscovery {
 		var keySet oidc.KeySet
 		var err error