Legger til texas

navikt · Jan 22, 2025 · e9958bb · e9958bb
1 parent 2731f1e
commit e9958bb
Show file tree

Hide file tree

Showing 2 changed files with 43 additions and 38 deletions.
diff --git a/src/main/kotlin/no/nav/syfo/koin/ExternalSystemsModule.kt b/src/main/kotlin/no/nav/syfo/koin/ExternalSystemsModule.kt
@@ -92,7 +92,7 @@ fun Module.externalSystemClients(config: ApplicationConfig) {
         val azureClient: AuthClient = get()
         OppgaveClient(
             url = config.getString("oppgavebehandling_url"),
-            getToken = azureClient.fetchToken(IdentityProvider.AZURE_AD, config.getString("oppgavescope")),
+            getToken = azureClient.fetchToken(IdentityProvider.AZURE_AD, config.getString("auth.oppgavescope")),
         )
     }
     single {
@@ -107,7 +107,7 @@ fun Module.externalSystemClients(config: ApplicationConfig) {
         SafJournalpostClient(
             httpClient = get(),
             basePath = config.getString("saf_journal_url"),
-            getAccessToken = azureClient.fetchToken(IdentityProvider.AZURE_AD, config.getString("safscope")),
+            getAccessToken = azureClient.fetchToken(IdentityProvider.AZURE_AD, config.getString("auth.safscope")),
         )
     }
 
@@ -116,7 +116,7 @@ fun Module.externalSystemClients(config: ApplicationConfig) {
         SafDokumentClient(
             url = config.getString("saf_dokument_url"),
             httpClient = get(),
-            getAccessToken = azureClient.fetchToken(IdentityProvider.AZURE_AD, config.getString("safscope")),
+            getAccessToken = azureClient.fetchToken(IdentityProvider.AZURE_AD, config.getString("auth.safscope")),
         )
     }
 
@@ -125,7 +125,7 @@ fun Module.externalSystemClients(config: ApplicationConfig) {
         DokArkivClient(
             url = config.getString("dokarkiv_url"),
             httpClient = get(),
-            getAccessToken = azureClient.fetchToken(IdentityProvider.AZURE_AD, config.getString("docarkivscope")),
+            getAccessToken = azureClient.fetchToken(IdentityProvider.AZURE_AD, config.getString("auth.docarkivscope")),
         )
     }
 }

diff --git a/src/main/resources/application.conf b/src/main/resources/application.conf
@@ -37,43 +37,43 @@ database {
 
 no.nav.security.jwt {
 
-// config for tokenValidationSupport
-issuers = [
-  {
-    issuer_name = hagproxy
-    discoveryurl = "https://login.microsoftonline.com/966ac572-f5b7-4bbe-aa88-c76419c0f851/v2.0/.well-known/openid-configuration"
-    discoveryurl = ${?AZURE_APP_WELL_KNOWN_URL}
-    accepted_audience = 02db9652-2a29-455d-80e4-8dc2c0949026
-    accepted_audience = ${?AZURE_APP_CLIENT_ID}
-  }
-]
-
-// config for token support client
-client {
-  registration {
-    clients = [
-      {
-        client_name: "azure_ad"
-        well_known_url: "https://login.microsoftonline.com/966ac572-f5b7-4bbe-aa88-c76419c0f851/v2.0/.well-known/openid-configuration"
-        well_known_url: ${?AZURE_APP_WELL_KNOWN_URL}
-        token_endpoint_url: "https://login.microsoftonline.com/966ac572-f5b7-4bbe-aa88-c76419c0f851/oauth2/v2.0/token"
-        token_endpoint_url: ${?AZURE_OPENID_CONFIG_TOKEN_ENDPOINT}
-        grant_type: client_credentials
-        oppgavescope: ${?OPPGAVE_SCOPE}
-        dokarkivscope: ${?DOKARKIV_SCOPE}
-        safscope: ${?SAF_SCOPE}
-        pdlscope: ${?PDL_SCOPE}
-        authentication: {
-          client_id: ${?AZURE_APP_CLIENT_ID}
-          client_secret: "secret-injected-by-nais"
-          client_secret: ${?AZURE_APP_CLIENT_SECRET}
-          client_auth_method: client_secret_post
+  // config for tokenValidationSupport
+  issuers = [
+    {
+      issuer_name = hagproxy
+      discoveryurl = "https://login.microsoftonline.com/966ac572-f5b7-4bbe-aa88-c76419c0f851/v2.0/.well-known/openid-configuration"
+      discoveryurl = ${?AZURE_APP_WELL_KNOWN_URL}
+      accepted_audience = 02db9652-2a29-455d-80e4-8dc2c0949026
+      accepted_audience = ${?AZURE_APP_CLIENT_ID}
+    }
+  ]
+
+  // config for token support client
+  client {
+    registration {
+      clients = [
+        {
+          client_name: "azure_ad"
+          well_known_url: "https://login.microsoftonline.com/966ac572-f5b7-4bbe-aa88-c76419c0f851/v2.0/.well-known/openid-configuration"
+          well_known_url: ${?AZURE_APP_WELL_KNOWN_URL}
+          token_endpoint_url: "https://login.microsoftonline.com/966ac572-f5b7-4bbe-aa88-c76419c0f851/oauth2/v2.0/token"
+          token_endpoint_url: ${?AZURE_OPENID_CONFIG_TOKEN_ENDPOINT}
+          grant_type: client_credentials
+          oppgavescope: ${?OPPGAVE_SCOPE}
+          dokarkivscope: ${?DOKARKIV_SCOPE}
+          safscope: ${?SAF_SCOPE}
+          pdlscope: ${?PDL_SCOPE}
+          authentication: {
+            client_id: ${?AZURE_APP_CLIENT_ID}
+            client_secret: "secret-injected-by-nais"
+            client_secret: ${?AZURE_APP_CLIENT_SECRET}
+            client_auth_method: client_secret_post
+          }
         }
-      }
-    ]
+      ]
+    }
   }
 }
-}
 
 aad_preauthorized_apps = "[{\"clientId\":\"appId\",\"name\":\"thisapp\"},{\"clientId\":\"appId2\",\"name\":\"otherapp\"}]}"
 aad_preauthorized_apps = ${?AZURE_APP_PRE_AUTHORIZED_APPS}
@@ -117,4 +117,9 @@ auth {
 
   token_introspection_endpoint: "mock"
   token_introspection_endpoint: ${?NAIS_TOKEN_INTROSPECTION_ENDPOINT}
+
+  oppgavescope: ${?OPPGAVE_SCOPE}
+  dokarkivscope: ${?DOKARKIV_SCOPE}
+  safscope: ${?SAF_SCOPE}
+  pdlscope: ${?PDL_SCOPE}
 }