diff --git a/hosts/VEGAS/modules/oauth2-proxy/default.nix b/hosts/VEGAS/modules/oauth2-proxy/default.nix
index f998cb7..9724b49 100644
--- a/hosts/VEGAS/modules/oauth2-proxy/default.nix
+++ b/hosts/VEGAS/modules/oauth2-proxy/default.nix
@@ -1,4 +1,4 @@
-{ config, inputs, lib, pkgs, tools, ... }:
+{ config, lib, pkgs, tools, ... }:
 let
   inherit (tools.meta) domain;
   login = x: "https://login.${domain}/auth/realms/master/protocol/openid-connect/${x}";
@@ -17,7 +17,6 @@ in
 
   services.oauth2_proxy = {
     enable = true;
-    package = inputs.self.packages.${pkgs.system}.oauth2-proxy;
     approvalPrompt = "auto";
     provider = "keycloak";
     scope = "openid";
diff --git a/packages/patched-derivations.nix b/packages/patched-derivations.nix
index 10df021..4897fd2 100644
--- a/packages/patched-derivations.nix
+++ b/packages/patched-derivations.nix
@@ -33,8 +33,6 @@ super: rec {
     jre = jre17_standard;
   };
 
-  oauth2-proxy = patch super.oauth2-proxy "patches/base/oauth2-proxy";
-
   tempo = super.tempo.overrideAttrs (_: {
     version = builtins.substring 1 (-1) pins.tempo.version;
     src = super.npins.mkSource pins.tempo;
diff --git a/patches/base/oauth2-proxy/GHPR_1502-Unbreak-oauth2-proxy-for-keycloak-provider-after-2c668a.patch b/patches/base/oauth2-proxy/GHPR_1502-Unbreak-oauth2-proxy-for-keycloak-provider-after-2c668a.patch
deleted file mode 100644
index 87b6f48..0000000
--- a/patches/base/oauth2-proxy/GHPR_1502-Unbreak-oauth2-proxy-for-keycloak-provider-after-2c668a.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From 0c932b61febe8a458d4bf4ff075feeffb02efc02 Mon Sep 17 00:00:00 2001
-From: Cullen Walsh <ckwalsh@cullenwalsh.com>
-Date: Mon, 3 Jan 2022 17:32:33 -0800
-Subject: [PATCH 1/2] Unbreak oauth2-proxy for keycloak provider after 2c668a
-
-With 2c668a, oauth2-proxy fails a request if the token validation fails.
-Token validation always fails with the keycloak provider, due to the
-valudation request passing the token via the URL, and keycloak not
-parsing the url for tokens.
-
-This is fixed by forcing the validation request to pass the token via a
-header.
-
-This code taken from the DigitalOcean provider, which presumably forcing
-the token to be passed via header for the same reason.
-
-Test plan: I was unable to build a docker image to test the fix, but I
-believe it is relatively simple, and it passes the "looks good to me"
-test plan.
----
- providers/keycloak.go | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/providers/keycloak.go b/providers/keycloak.go
-index c1a873529..4a8af231a 100644
---- a/providers/keycloak.go
-+++ b/providers/keycloak.go
-@@ -100,3 +100,8 @@ func (p *KeycloakProvider) EnrichSession(ctx context.Context, s *sessions.Sessio
- 
- 	return nil
- }
-+
-+// ValidateSession validates the AccessToken
-+func (p *KeycloakProvider) ValidateSession(ctx context.Context, s *sessions.SessionState) bool {
-+	return validateToken(ctx, p, s.AccessToken, makeOIDCHeader(s.AccessToken))
-+}