Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump nav-token-support 3.2.0 -> 4.1.0 #183

Merged
merged 2 commits into from
Jan 17, 2024
Merged

Bump nav-token-support 3.2.0 -> 4.1.0 #183

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
1d76631
Bumped nav-token-support 3.2.0 -> 4.1.0
ingleivj Jan 17, 2024
2e1fa28
Bumped etterlatte-libs
ingleivj Jan 17, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
53 changes: 29 additions & 24 deletions apps/etterlatte-proxy/src/main/kotlin/auth/ClientCredentialAuthProvider.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
package no.nav.etterlatte.auth

import com.nimbusds.oauth2.sdk.GrantType
import com.nimbusds.oauth2.sdk.auth.ClientAuthenticationMethod
import io.ktor.client.plugins.auth.Auth
import io.ktor.client.plugins.auth.AuthProvider
Expand All @@ -9,9 +10,10 @@ import io.ktor.http.auth.HttpAuthHeader
import no.nav.security.token.support.client.core.ClientAuthenticationProperties
import no.nav.security.token.support.client.core.ClientProperties
import no.nav.security.token.support.client.core.OAuth2CacheFactory
import no.nav.security.token.support.client.core.OAuth2GrantType
import no.nav.security.token.support.client.core.oauth2.ClientCredentialsTokenClient
import no.nav.security.token.support.client.core.oauth2.OAuth2AccessTokenService
import no.nav.security.token.support.client.core.oauth2.OnBehalfOfTokenClient
import no.nav.security.token.support.client.core.oauth2.TokenExchangeClient
import java.net.URI
import java.time.Duration

Expand All @@ -30,19 +32,22 @@ class ClientCredentialAuthProvider(config: Map<String, String>) : AuthProvider {
override val sendWithoutRequest: Boolean = true

private val clientPropertiesConfig = ClientProperties(
null, // URI(conf["token_endpoint_url"]!!),
config["AZURE_APP_WELL_KNOWN_URL"]?.let { URI(it) },
OAuth2GrantType("client_credentials"),
config["AZURE_APP_OUTBOUND_SCOPE"]?.split(",") ?: emptyList(),
ClientAuthenticationProperties(
config["AZURE_APP_CLIENT_ID"],
ClientAuthenticationMethod.PRIVATE_KEY_JWT,
null,
config["AZURE_APP_JWK"]
),
null, // conf["resource_url"]?.let { URI(it) },
null
tokenEndpointUrl = null, // URI(conf["token_endpoint_url"]!!),
wellKnownUrl = config["AZURE_APP_WELL_KNOWN_URL"]?.let { URI(it) },
grantType = GrantType.CLIENT_CREDENTIALS,
scope = config["AZURE_APP_OUTBOUND_SCOPE"]?.split(",") ?: emptyList(),
authentication = ClientAuthenticationProperties.builder(
clientId = config.getOrThrow("AZURE_APP_CLIENT_ID"),
clientAuthMethod = ClientAuthenticationMethod.PRIVATE_KEY_JWT,
).clientJwk(config.getOrThrow("AZURE_APP_JWK"))
.build(),
resourceUrl = null, // conf["resource_url"]?.let { URI(it) },
tokenExchange = null
)
private fun Map<String, String>.getOrThrow(key: String) =
this[key]
?: throw IllegalArgumentException("Missing configuration property '$key'")

private val httpClient = DefaultOAuth2HttpClient()
private val accessTokenService = setupOAuth2AccessTokenService(httpClient = httpClient)

Expand All @@ -51,22 +56,22 @@ class ClientCredentialAuthProvider(config: Map<String, String>) : AuthProvider {
}

override suspend fun addRequestHeaders(request: HttpRequestBuilder, authHeader: HttpAuthHeader?) {
accessTokenService.getAccessToken(clientPropertiesConfig).accessToken.also {
accessTokenService.getAccessToken(clientPropertiesConfig)?.accessToken.also {
request.headers[HttpHeaders.Authorization] = "Bearer $it"
}
}
}

internal fun setupOAuth2AccessTokenService(httpClient: DefaultOAuth2HttpClient): OAuth2AccessTokenService {
return OAuth2AccessTokenService(
null,
null,
ClientCredentialsTokenClient(httpClient),
null
).also {
it.clientCredentialsGrantCache = OAuth2CacheFactory.accessTokenResponseCache(
10,
Duration.ofMinutes(50L).toSeconds()
)
}
tokenResolver = { throw IllegalArgumentException("Skal ikke kalle denne") },
onBehalfOfTokenClient = OnBehalfOfTokenClient(httpClient),
clientCredentialsTokenClient = ClientCredentialsTokenClient(httpClient),
clientCredentialsGrantCache =
OAuth2CacheFactory.accessTokenResponseCache(
maximumSize = 10,
skewInSeconds = Duration.ofMinutes(50L).toSeconds(),
),
tokenExchangeClient = TokenExchangeClient(httpClient),
)
}
6 changes: 3 additions & 3 deletions apps/etterlatte-proxy/src/main/kotlin/auth/DefaultOauth2HttpClient.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,12 +27,12 @@ class DefaultOAuth2HttpClient : OAuth2HttpClient {
}

// Override default POST with other form parameters specified for Idp request
override fun post(oAuth2HttpRequest: OAuth2HttpRequest): OAuth2AccessTokenResponse {
override fun post(request: OAuth2HttpRequest): OAuth2AccessTokenResponse {
return runBlocking {
defaultHttpClient.submitForm(
url = oAuth2HttpRequest.tokenEndpointUrl.toString(),
url = request.tokenEndpointUrl.toString(),
formParameters = Parameters.build {
oAuth2HttpRequest.formParameters.forEach {
request.formParameters.forEach {
append(it.key, it.value)
}
}
Expand Down
8 changes: 4 additions & 4 deletions gradle/libs.versions.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ cutterslade-analyze = { id = "ca.cutterslade.analyze", version = "1.9.1" }


[versions]
navfelles-token-version = "3.2.0"
navfelles-token-version = "4.1.0"
ktor-version = "2.3.7"
jupiter-version = "5.10.1"
cxf-version = "4.0.2"
Expand All @@ -18,9 +18,9 @@ navFellesTokenClientCore = { module = "no.nav.security:token-client-core", versi
tjenestespesifikasjonerTilbakekreving = { module = "com.github.navikt.pensjon-etterlatte-tjenestespesifikasjoner:tilbakekreving-v1-tjenestespesifikasjon", version = "1.78ffd1e"}

#Etterlatte
etterlatte-common = { module = "pensjon-etterlatte-libs:common", version = "2024.01.05-09.38.6f5ada710f9f"}
etterlatte-commonTest = { module = "pensjon-etterlatte-libs:common-test", version = "2024.01.05-09.38.6f5ada710f9f"}
etterlatte-ktorClientAuth = { module = "no.nav.etterlatte:ktor-client-auth", version = "2022.09.28-10.09.cce630926582"}
etterlatte-common = { module = "pensjon-etterlatte-libs:common", version = "2024.01.17-13.26.695db1c36957"}
etterlatte-commonTest = { module = "pensjon-etterlatte-libs:common-test", version = "2024.01.17-13.25.695db1c36957"}
etterlatte-ktorClientAuth = { module = "pensjon-etterlatte-libs:ktor-client-auth", version = "2024.01.17-13.28.695db1c36957"}

#Ktor
ktor-callLogging = { module = "io.ktor:ktor-server-call-logging", version.ref = "ktor-version"}
Expand Down