Bugfix/idporten (#3358)

* Oppdatert pakker og lagt på error print dersom login gir feil
* Oppdatert assets og libs
* Oppdatert pakker i diverse frontend applikasjoner
* Satt PKCE required for idporten login
* Lagt til PKCE support for idporten login gjennom spring

apps/dolly-frontend/src/main/java/no/nav/dolly/web/config/IdportenSecurityConfig.java

@@ -14,6 +14,10 @@
 import org.springframework.http.HttpMethod;
 import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
 import org.springframework.security.config.web.server.ServerHttpSecurity;
+import org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository;
+import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestCustomizers;
+import org.springframework.security.oauth2.client.web.server.DefaultServerOAuth2AuthorizationRequestResolver;
+import org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizationRequestResolver;
 import org.springframework.security.web.server.SecurityWebFilterChain;
 import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers;
 
@@ -40,11 +44,18 @@ public IdportenSecurityConfig(
         this.postLogoutRedirectUri = postLogoutRedirectUri;
     }
 
+    @Bean
+    public ServerOAuth2AuthorizationRequestResolver pkceResolver(ReactiveClientRegistrationRepository repo) {
+        var resolver = new DefaultServerOAuth2AuthorizationRequestResolver(repo);
+        resolver.setAuthorizationRequestCustomizer(OAuth2AuthorizationRequestCustomizers.withPkce());
+        return resolver;
+    }
+
     @SneakyThrows
     @Bean
-    public SecurityWebFilterChain configure(ServerHttpSecurity http) {
+    public SecurityWebFilterChain configure(ServerHttpSecurity http, ServerOAuth2AuthorizationRequestResolver requestResolver) {
         var authenticationSuccessHandler = new DollyAuthenticationSuccessHandler();
-        var authenticationManger = new AuthorizationCodeReactiveAuthenticationManger(JWK.parse(jwk));
+        var authenticationManager = new AuthorizationCodeReactiveAuthenticationManger(JWK.parse(jwk));
         var logoutSuccessHandler = new LogoutSuccessHandler();
         logoutSuccessHandler.applyOn("idporten", new IdportenOcidLogoutUrlResolver(wellKnownUrl, postLogoutRedirectUri));
 
@@ -67,7 +78,8 @@ public SecurityWebFilterChain configure(ServerHttpSecurity http) {
                         ).permitAll()
                         .anyExchange().authenticated())
                 .oauth2Login(oAuth2LoginSpec -> oAuth2LoginSpec
-                        .authenticationManager(authenticationManger)
+                        .authenticationManager(authenticationManager)
+                        .authorizationRequestResolver(requestResolver)
                         .authenticationSuccessHandler(authenticationSuccessHandler))
                 .formLogin(formLoginSpec -> formLoginSpec.loginPage(LOGIN))
                 .logout(logoutSpec -> logoutSpec

apps/dolly-frontend/src/main/js/package.json

@@ -1,6 +1,6 @@
 {
   "name": "dolly",
-  "version": "2.5.34",
+  "version": "2.5.35",
   "description": "",
   "main": "index.js",
   "scripts": {
@@ -119,7 +119,7 @@
     "swr": "^2.0.0",
     "ts-node": "^10.9.1",
     "typescript": "^5.0.2",
-    "vite": "^4.0.3",
+    "vite": "^5.0.8",
     "vite-plugin-environment": "^1.1.3",
     "vite-plugin-svgr": "^4.0.0",
     "vite-tsconfig-paths": "^4.0.0"

apps/dolly-frontend/src/main/js/src/app/App.tsx

@@ -8,7 +8,6 @@ import './App.less'
 import { Forbedring } from '@/components/feedback/Forbedring'
 import ToastConnector from '@/components/ui/toast/ToastConnector'
 import { Breadcrumbs } from '@/components/layout/breadcrumb/Breadcrumb'
-import { InfoStripe } from '@/components/infostripe/InfoStripe'
 import { useBrukerProfil, useCurrentBruker } from '@/utils/hooks/useBruker'
 import { useDollyEnvironments } from '@/utils/hooks/useEnvironments'
 import {
@@ -18,6 +17,7 @@ import {
 import { runningCypressE2E } from '@/service/services/Request'
 import { navigateToLogin } from '@/components/utlogging/navigateToLogin'
 import { FaroErrorBoundary } from '@grafana/faro-react'
+import { ErrorBoundary } from '@/components/ui/appError/ErrorBoundary'
 
 const logout = (feilmelding: string) => {
 	if (!runningCypressE2E()) {
@@ -44,6 +44,7 @@ export const App = () => {
 
 	useEffect(() => {
 		if (criticalError && !runningCypressE2E()) {
+			console.error(criticalError)
 			logout(criticalError.stack)
 		}
 	}, [criticalError])
@@ -59,17 +60,19 @@ export const App = () => {
 			<Breadcrumbs />
 			{/*<InfoStripe />*/}
 			<main>
-				<Suspense fallback={<Loading label="Laster inn" />}>
-					<Routes>
-						{allRoutes.map((route: { element: any; path: string }, idx: React.Key) =>
-							route.element ? (
-								<Route key={idx} path={route.path} element={<route.element />} />
-							) : (
-								<React.Fragment key={idx} />
-							),
-						)}
-					</Routes>
-				</Suspense>
+				<ErrorBoundary>
+					<Suspense fallback={<Loading label="Laster inn" />}>
+						<Routes>
+							{allRoutes.map((route: { element: any; path: string }, idx: React.Key) =>
+								route.element ? (
+									<Route key={idx} path={route.path} element={<route.element />} />
+								) : (
+									<React.Fragment key={idx} />
+								),
+							)}
+						</Routes>
+					</Suspense>
+				</ErrorBoundary>
 			</main>
 			<Forbedring />
 			<ToastConnector />

apps/dolly-frontend/src/main/resources/application-idporten.yml

@@ -14,6 +14,8 @@ spring:
             post-logout-redirect-uri: ${POST_LOGOUT_REDIRECT_URI}
             scope: openid
             client-authentication-method: private_key_jwt
+            require-authorization-consent: true
+            require-proof-key: true
         provider:
           idporten:
             issuer-uri: ${IDPORTEN_ISSUER_PROD}