From 46e430caf5beaa6f5b767462db9bdbdf28dd12b1 Mon Sep 17 00:00:00 2001 From: Jens-Otto Larsen <46576810+jolarsen@users.noreply.github.com> Date: Tue, 27 Sep 2022 19:41:04 +0200 Subject: [PATCH] Konfigurerbar auth-flow + redeem redirect (#1191) --- .../isso/ressurs/AzureAuthorizationRequestBuilder.java | 3 +-- .../no/nav/vedtak/isso/ressurs/AzureConfigProperties.java | 6 ++++++ .../no/nav/vedtak/isso/ressurs/RelyingPartyCallback.java | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/felles/sikkerhet/src/main/java/no/nav/vedtak/isso/ressurs/AzureAuthorizationRequestBuilder.java b/felles/sikkerhet/src/main/java/no/nav/vedtak/isso/ressurs/AzureAuthorizationRequestBuilder.java index 68be52f70..f33fc007c 100644 --- a/felles/sikkerhet/src/main/java/no/nav/vedtak/isso/ressurs/AzureAuthorizationRequestBuilder.java +++ b/felles/sikkerhet/src/main/java/no/nav/vedtak/isso/ressurs/AzureAuthorizationRequestBuilder.java @@ -5,7 +5,6 @@ import java.nio.charset.StandardCharsets; import java.security.SecureRandom; -import no.nav.vedtak.isso.config.ServerInfo; import no.nav.vedtak.sikkerhet.oidc.config.ConfigProvider; import no.nav.vedtak.sikkerhet.oidc.config.OpenIDProvider; @@ -30,7 +29,7 @@ public String buildRedirectString() { var scopes = AzureConfigProperties.getAzureScopes(); var providerConfig = ConfigProvider.getOpenIDConfiguration(OpenIDProvider.AZUREAD).orElseThrow(); var clientId = providerConfig.clientId(); - var redirectUrl = ServerInfo.instance().getCallbackUrl(); + var redirectUrl = AzureConfigProperties.getAzureCallback(); return providerConfig.authorizationEndpoint().toString() + "?response_type=code" + diff --git a/felles/sikkerhet/src/main/java/no/nav/vedtak/isso/ressurs/AzureConfigProperties.java b/felles/sikkerhet/src/main/java/no/nav/vedtak/isso/ressurs/AzureConfigProperties.java index 40ec0d7fa..f8781c021 100644 --- a/felles/sikkerhet/src/main/java/no/nav/vedtak/isso/ressurs/AzureConfigProperties.java +++ b/felles/sikkerhet/src/main/java/no/nav/vedtak/isso/ressurs/AzureConfigProperties.java @@ -3,6 +3,7 @@ import java.util.Optional; import no.nav.foreldrepenger.konfig.Environment; +import no.nav.vedtak.isso.config.ServerInfo; public final class AzureConfigProperties { @@ -15,6 +16,7 @@ public final class AzureConfigProperties { // Sett = true for å aktivere private static final String AZURE_TRIAL_ENABLED = "fp.trial.azure.enabled"; + private static final String AZURE_TRIAL_CALLBACK = "fp.trial.azure.callback"; private static final String OPENID_SCOPE = "openid offline_access"; @@ -34,4 +36,8 @@ public static boolean isAzureEnabled() { public static String getAzureScopes() { return AZURE_SCOPES; } + + public static String getAzureCallback() { + return Optional.ofNullable(ENV.getProperty(AZURE_TRIAL_CALLBACK)).orElseGet(() -> ServerInfo.instance().getCallbackUrl()); + } } diff --git a/felles/sikkerhet/src/main/java/no/nav/vedtak/isso/ressurs/RelyingPartyCallback.java b/felles/sikkerhet/src/main/java/no/nav/vedtak/isso/ressurs/RelyingPartyCallback.java index 5c938d5f6..ee948fc9c 100644 --- a/felles/sikkerhet/src/main/java/no/nav/vedtak/isso/ressurs/RelyingPartyCallback.java +++ b/felles/sikkerhet/src/main/java/no/nav/vedtak/isso/ressurs/RelyingPartyCallback.java @@ -58,7 +58,7 @@ public Response getLogin(@QueryParam("code") String authorizationCode, @QueryPar OpenIDToken token; if (AzureConfigProperties.isAzureEnabled()) { - token = AzureADTokenProvider.exhangeAzureAuthCode(authorizationCode, ServerInfo.instance().getCallbackUrl()); + token = AzureADTokenProvider.exhangeAzureAuthCode(authorizationCode, AzureConfigProperties.getAzureCallback()); if (!OidcTokenValidatorConfig.instance().getValidator(OpenIDProvider.AZUREAD).validate(token.primary()).isValid()) { return status(FORBIDDEN).build(); }