Justere levetid assertions og cache-evict

navikt · Aug 21, 2024 · af19901 · af19901
1 parent 20bb106
commit af19901
Show file tree

Hide file tree

Showing 5 changed files with 6 additions and 6 deletions.
diff --git a/...src/main/java/no/nav/vedtak/sikkerhet/oidc/token/impl/MaskinportenAssertionGenerator.java b/...src/main/java/no/nav/vedtak/sikkerhet/oidc/token/impl/MaskinportenAssertionGenerator.java
@@ -30,7 +30,7 @@ final class MaskinportenAssertionGenerator {
     String assertion(String scope, String resource) {
         try {
             var expirationTime = NumericDate.now();
-            expirationTime.addSeconds(90);
+            expirationTime.addSeconds(60);
             JwtClaims claims = new JwtClaims();
             claims.setIssuer(clientId);
             claims.setAudience(issuer);

diff --git a/...s/oidc/src/main/java/no/nav/vedtak/sikkerhet/oidc/token/impl/MaskinportenTokenKlient.java b/...s/oidc/src/main/java/no/nav/vedtak/sikkerhet/oidc/token/impl/MaskinportenTokenKlient.java
@@ -47,7 +47,7 @@ private MaskinportenTokenKlient() {
         this.tokenEndpoint = URI.create(getMaskinportenProperty(MaskinportenProperty.MASKINPORTEN_TOKEN_ENDPOINT));
         this.scopes = Arrays.stream(getMaskinportenProperty(MaskinportenProperty.MASKINPORTEN_SCOPES)
             .split("\\s+")).toList();
-        this.obocache = new LRUCache<>(200, TimeUnit.MILLISECONDS.convert(1, TimeUnit.HOURS));
+        this.obocache = new LRUCache<>(200, TimeUnit.MILLISECONDS.convert(60, TimeUnit.MINUTES));
         this.proxyUrl = ProxyProperty.getProxyIfFSS();
     }
 

diff --git a/.../oidc/src/main/java/no/nav/vedtak/sikkerhet/oidc/token/impl/TokenXAssertionGenerator.java b/.../oidc/src/main/java/no/nav/vedtak/sikkerhet/oidc/token/impl/TokenXAssertionGenerator.java
@@ -42,7 +42,7 @@ final class TokenXAssertionGenerator {
     String assertion() {
         try {
             var expirationTime = NumericDate.now();
-            expirationTime.addSeconds(90);
+            expirationTime.addSeconds(60);
 
             JwtClaims claims = new JwtClaims();
             claims.setSubject(clientId);

diff --git a/felles/oidc/src/main/java/no/nav/vedtak/sikkerhet/oidc/token/impl/TokenXExchangeKlient.java b/felles/oidc/src/main/java/no/nav/vedtak/sikkerhet/oidc/token/impl/TokenXExchangeKlient.java
@@ -38,7 +38,7 @@ private TokenXExchangeKlient() {
         var provider = ConfigProvider.getOpenIDConfiguration(OpenIDProvider.TOKENX);
         this.assertionGenerator = new TokenXAssertionGenerator(provider.orElse(null));
         this.tokenEndpoint = provider.map(OpenIDConfiguration::tokenEndpoint).orElse(null);
-        this.obocache = new LRUCache<>(2500, TimeUnit.MILLISECONDS.convert(110, TimeUnit.SECONDS));
+        this.obocache = new LRUCache<>(2500, TimeUnit.MILLISECONDS.convert(60, TimeUnit.MINUTES));
     }
 
     public static synchronized TokenXExchangeKlient instance() {

diff --git a/integrasjon/rest-klient/src/main/java/no/nav/vedtak/felles/integrasjon/rest/TokenFlow.java b/integrasjon/rest-klient/src/main/java/no/nav/vedtak/felles/integrasjon/rest/TokenFlow.java
@@ -1,9 +1,9 @@
 package no.nav.vedtak.felles.integrasjon.rest;
 
 public enum TokenFlow {
-    ADAPTIVE, // DWIM for targets accepting both azuread, sts tokens, and tokenx. STS->AzureCC
+    ADAPTIVE, // DWIM for kall til endepunkt velger azuread eller tokenx ut fra kontekst.
     AZUREAD_CC, // Mot endepunkt som bare støtter AzureCC, ikke AzureOBO-flow
-    NO_AUTH_NEEDED;
+    NO_AUTH_NEEDED; // Enten endepunkt som ikke krever autentisering eller otherAuthorizationSupplier (Maskinporten)
 
     // Does the endpoint require an Azure AD token?
     public boolean isAzureAD() {