From 0d5aae3f1b05554580cc3546fa57df87ee249e94 Mon Sep 17 00:00:00 2001
From: Sean O'Connor <sean@soconnor.dev>
Date: Wed, 14 Jan 2026 03:14:55 -0500
Subject: [PATCH] fix: adding explicit JWKS URI to bypass discovery issues

---
 src/lib/auth.ts | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/lib/auth.ts b/src/lib/auth.ts
index 219f746..324050b 100644
--- a/src/lib/auth.ts
+++ b/src/lib/auth.ts
@@ -49,6 +49,11 @@ export const auth = betterAuth({
                                 clientId: process.env.AUTHENTIK_CLIENT_ID,
                                 clientSecret: process.env.AUTHENTIK_CLIENT_SECRET,
                                 discoveryEndpoint: `${process.env.AUTHENTIK_ISSUER}/.well-known/openid-configuration`,
+                                // Explicit endpoints to bypass discovery issues
+                                authorizationEndpoint: "https://auth.soconnor.dev/application/o/authorize/",
+                                tokenEndpoint: "https://auth.soconnor.dev/application/o/token/",
+                                userInfoEndpoint: "https://auth.soconnor.dev/application/o/userinfo/",
+                                jwksEndpoint: "https://auth.soconnor.dev/application/o/beenvoice/jwks/",
                                 scopes: ["openid", "email", "profile"],
                                 pkce: true,
                             },