fix: sso and livekit networking

compose.yaml

@@ -111,14 +111,10 @@ services:
     container_name: livekit
     profiles: ['voice']
     restart: unless-stopped
+    network_mode: host
     command: ['--config', '/etc/livekit/livekit.yaml']
     volumes:
       - ./config/livekit.yaml:/etc/livekit/livekit.yaml:ro
-    ports:
-      - '${LIVEKIT_PORT:-7880}:7880'
-      - '7881:7881'
-      - '3478:3478/udp'
-      - '50000-50100:50000-50100/udp'
     healthcheck:
       test: ['CMD-SHELL', 'wget -qO- http://127.0.0.1:7880 || exit 1']
       interval: 15s

packages/api/src/auth/services/SsoService.tsx

@@ -454,8 +454,7 @@ export class SsoService {
 		};
 
 		if (config.clientSecret) {
-			const encoded = Buffer.from(`${config.clientId}:${config.clientSecret}`, 'utf8').toString('base64');
+			body.set('client_secret', config.clientSecret);
-			headers['Authorization'] = `Basic ${encoded}`;
 		}
 
 		const resp = await FetchUtils.sendRequest({
@@ -520,7 +519,7 @@ export class SsoService {
 	}
 
 	private async getResolvedConfig(): Promise<ResolvedSsoConfig> {
-		const stored = await this.instanceConfigRepository.getSsoConfig();
+		const stored = await this.instanceConfigRepository.getSsoConfig({ includeSecret: true });
 		const redirectUri = stored.redirectUri ?? `${Config.endpoints.webApp}/auth/sso/callback`;
 		const scope = stored.scope?.trim() || 'openid email profile';
 		const providerId = stored.issuer || stored.authorizationUrl || 'sso';

packages/http_client/src/HttpClientRequestInternals.tsx

@@ -100,6 +100,9 @@ export function resolveRequestBody(body: unknown, headers: Record<string, string
 		return undefined;
 	}
 
+	if (body instanceof URLSearchParams) {
+		return body.toString();
+	}
 	if (typeof body === 'string') {
 		return body;
 	}