Konfigurerbar auth-flow + redeem redirect (#1191)

navikt · Sep 27, 2022 · 46e430c · 46e430c
1 parent 6c4684d
commit 46e430c
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 3 deletions.
diff --git a/.../sikkerhet/src/main/java/no/nav/vedtak/isso/ressurs/AzureAuthorizationRequestBuilder.java b/.../sikkerhet/src/main/java/no/nav/vedtak/isso/ressurs/AzureAuthorizationRequestBuilder.java
@@ -5,7 +5,6 @@
 import java.nio.charset.StandardCharsets;
 import java.security.SecureRandom;
 
-import no.nav.vedtak.isso.config.ServerInfo;
 import no.nav.vedtak.sikkerhet.oidc.config.ConfigProvider;
 import no.nav.vedtak.sikkerhet.oidc.config.OpenIDProvider;
 
@@ -30,7 +29,7 @@ public String buildRedirectString() {
         var scopes = AzureConfigProperties.getAzureScopes();
         var providerConfig = ConfigProvider.getOpenIDConfiguration(OpenIDProvider.AZUREAD).orElseThrow();
         var clientId = providerConfig.clientId();
-        var redirectUrl = ServerInfo.instance().getCallbackUrl();
+        var redirectUrl = AzureConfigProperties.getAzureCallback();
 
         return providerConfig.authorizationEndpoint().toString() +
             "?response_type=code" +

diff --git a/felles/sikkerhet/src/main/java/no/nav/vedtak/isso/ressurs/AzureConfigProperties.java b/felles/sikkerhet/src/main/java/no/nav/vedtak/isso/ressurs/AzureConfigProperties.java
@@ -3,6 +3,7 @@
 import java.util.Optional;
 
 import no.nav.foreldrepenger.konfig.Environment;
+import no.nav.vedtak.isso.config.ServerInfo;
 
 public final class AzureConfigProperties {
 
@@ -15,6 +16,7 @@ public final class AzureConfigProperties {
 
     // Sett = true for å aktivere
     private static final String AZURE_TRIAL_ENABLED = "fp.trial.azure.enabled";
+    private static final String AZURE_TRIAL_CALLBACK = "fp.trial.azure.callback";
 
     private static final String OPENID_SCOPE = "openid offline_access";
 
@@ -34,4 +36,8 @@ public static boolean isAzureEnabled() {
     public static String getAzureScopes() {
         return AZURE_SCOPES;
     }
+
+    public static String getAzureCallback() {
+        return  Optional.ofNullable(ENV.getProperty(AZURE_TRIAL_CALLBACK)).orElseGet(() -> ServerInfo.instance().getCallbackUrl());
+    }
 }
diff --git a/felles/sikkerhet/src/main/java/no/nav/vedtak/isso/ressurs/RelyingPartyCallback.java b/felles/sikkerhet/src/main/java/no/nav/vedtak/isso/ressurs/RelyingPartyCallback.java
@@ -58,7 +58,7 @@ public Response getLogin(@QueryParam("code") String authorizationCode, @QueryPar
 
         OpenIDToken token;
         if (AzureConfigProperties.isAzureEnabled()) {
-            token = AzureADTokenProvider.exhangeAzureAuthCode(authorizationCode, ServerInfo.instance().getCallbackUrl());
+            token = AzureADTokenProvider.exhangeAzureAuthCode(authorizationCode, AzureConfigProperties.getAzureCallback());
             if (!OidcTokenValidatorConfig.instance().getValidator(OpenIDProvider.AZUREAD).validate(token.primary()).isValid()) {
                 return status(FORBIDDEN).build();
             }