MY application and IDP can work together, but I want to add them to the pomerium

I want to use my application running at localhost:3000 in pomerium with my IDP. The application and IDP can work together, but I want to add them to the pomerium.I’m using console.pomerium…app with my docker.

it’s docker file :


services:
  pomerium:
    image: pomerium/pomerium:v0.27.0
    ports:
      - 443:443
    restart: always
    environment:
      POMERIUM_ZERO_TOKEN: ***my-token**
      XDG_CACHE_HOME: /var/cache

      # IdP ayarları
    
    volumes:
      - pomerium-cache:/var/cache
    networks:
      main:
        aliases:
        - verify.popular-bengal-5714.pomerium.app
  verify:
    image: cr.pomerium.com/pomerium/verify:latest
    networks:
      main:
        aliases:
        - verify
  nodeserver:
    networks:
      main: {}
    build:
      context: ./app
    ports:
      - 5001:5001
networks:
  main: {}

volumes:
  pomerium-cache:

Hi,

If you are using Pomerium Zero then you must configure custom IdP settings from the pomerium zero console: Pomerium Zero.


note : I added it by deliberately changing the provider url and clientId values ​​in the screenshot.
My app already runs on provider healty.I want to add to pmerium.
I’m getting this error :

error_description: The authorization server does not support obtaining a token using this method. The client is not allowed to request response_type 'code'.

I also tried it as client_secret_basic. and below is my client in hydra. :

{
    "client_id": "099f70b0-0d46-43b6-9f6a-caa24ccc6df3",
    "client_name": "pomerium-client",
    "redirect_uris": [
        "http://localhost:3000/callback",
        "http://localhost:3000",
        "https://authenticate.popular-bengal-5714.pomerium.app/oauth2/callback"
    ],
    "grant_types": ["authorization_code"],
    "response_types": ["code"],
    "scope": "openid email offline_access profile",
    "audience": [],
    "owner": "",
    "policy_uri": "",
    "allowed_cors_origins": [
        "http://localhost:3000"
    ],
    "tos_uri": "",
    "client_uri": "",
    "logo_uri": "",
    "contacts": [],
    "client_secret_expires_at": 0,
    "subject_type": "public",
    "jwks": {},
    "token_endpoint_auth_method": "client_secret_post",
    "userinfo_signed_response_alg": "none",
    "created_at": "2024-11-25T12:45:13Z",
    "updated_at": "2024-11-25T13:15:55.988451Z",
    "post_logout_redirect_uris": [
        "http://localhost:3000",
        "http://localhost:3000/callback"
    ],
    "metadata": {},
    "skip_consent": false,
    "skip_logout_consent": null,
    "authorization_code_grant_access_token_lifespan": null,
    "authorization_code_grant_id_token_lifespan": null,
    "authorization_code_grant_refresh_token_lifespan": null,
    "client_credentials_grant_access_token_lifespan": null,
    "implicit_grant_access_token_lifespan": null,
    "implicit_grant_id_token_lifespan": null,
    "jwt_bearer_grant_access_token_lifespan": null,
    "refresh_token_grant_id_token_lifespan": null,
    "refresh_token_grant_access_token_lifespan": null,
    "refresh_token_grant_refresh_token_lifespan": null
}