From 6157363f49fbd461911e1670cf5d28f993328e7d Mon Sep 17 00:00:00 2001
From: Caleb Doxsey <cdoxsey@pomerium.com>
Date: Thu, 13 Feb 2025 15:25:18 -0700
Subject: [PATCH] allow overriding with policy option

---
 config/identity.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/config/identity.go b/config/identity.go
index b31576100..644f58605 100644
--- a/config/identity.go
+++ b/config/identity.go
@@ -57,6 +57,11 @@ func (o *Options) GetIdentityProviderForPolicy(policy *Policy) (*identity.Provid
 		if policy.IDPClientSecret != "" {
 			idp.ClientSecret = policy.IDPClientSecret
 		}
+		if v := policy.IDPAccessTokenAllowedAudiences; v != nil {
+			idp.AccessTokenAllowedAudiences = &identity.Provider_StringList{
+				Values: slices.Clone(*v),
+			}
+		}
 	}
 	idp.Id = idp.Hash()
 	return idp, nil