LoadModule auth_openidc_module modules/mod_auth_openidc.so

OIDCProviderMetadataURL ${SP_OIDC_PROVIDER_METADATA_URL} 
OIDCClientID ${SP_OIDC_CLIENT_NAME} 
OIDCClientSecret ${SP_OIDC_CLIENT_SECRET} 
OIDCProviderTokenEndpointAuth client_secret_basic
OIDCCookieSameSite On
OIDCSessionType client-cookie
OIDCXForwardedHeaders X-Forwarded-Host
# OIDCRedirectURI is a vanity URL that must point to a path protected by this module but must NOT point to any content
OIDCRedirectURI  ${SP_OIDC_REDIRECT_URI} 
OIDCCryptoPassphrase ${SP_OIDC_CRYPTO_PASSPHRASE} 
OIDCOAuthAcceptTokenAs header
OIDCUnAutzAction 302 ${SP_OIDC_ERROR_URI}