Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Skru på tokenx validering i api #635

Draft
wants to merge 13 commits into
base: main
Choose a base branch
from
Prev Previous commit
Next Next commit
Bruk konstanter for issuername og validationname
b162214 committed Jul 26, 2024

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
commit 07e4c8936f564ba1da56e2b715a774836bb1750d
Original file line number Diff line number Diff line change
@@ -111,7 +111,7 @@ fun Application.apiModule(
call.respondText("helsearbeidsgiver inntektsmelding")
}

authenticate("idporten-validation", "tokenx-validation") {
authenticate(Auth.IDPORTEN_VALIDATION, Auth.TOKENX_VALIDATION) {
route(Routes.PREFIX) {
hentForespoerselRoute(rapid, tilgangskontroll, redisConnection)
inntektRoute(rapid, tilgangskontroll, redisConnection)
Original file line number Diff line number Diff line change
@@ -8,17 +8,20 @@ import no.nav.security.token.support.v2.TokenSupportConfig
import no.nav.security.token.support.v2.tokenValidationSupport

object Auth {
const val ISSUER = "idporten-issuer"
const val IDPORTEN_ISSUER = "idporten-issuer"
const val TOKENX_ISSUER = "tokenx-issuer"
const val CLAIM_PID = "pid"
const val IDPORTEN_VALIDATION = "idporten-validation"
const val TOKENX_VALIDATION = "tokenx-validation"
}

private val pidRegex = Regex("\\d{11}")

fun Application.customAuthentication() {
val config =
val idportenConfig =
TokenSupportConfig(
IssuerConfig(
name = Auth.ISSUER,
name = Auth.IDPORTEN_ISSUER,
discoveryUrl = Env.Auth.discoveryUrl,
acceptedAudience = Env.Auth.acceptedAudience,
),
@@ -27,32 +30,29 @@ fun Application.customAuthentication() {
val tokenXConfig =
TokenSupportConfig(
IssuerConfig(
name = "tokenx-issuer",
name = Auth.TOKENX_ISSUER,
discoveryUrl = Env.Auth.TokenX.discoveryUrl,
acceptedAudience = Env.Auth.TokenX.acceptedAudience,
),
)

authentication {
tokenValidationSupport(
"idporten-validation",
config = config,
name = Auth.IDPORTEN_VALIDATION,
config = idportenConfig,
additionalValidation = TokenValidationContext::containsPid,
)
tokenValidationSupport(
"tokenx-validation",
name = Auth.TOKENX_VALIDATION,
config = tokenXConfig,
additionalValidation = TokenValidationContext::containsPidTokenx,
additionalValidation = {
it.containsPid(Auth.TOKENX_ISSUER)
},
)
}
}

private fun TokenValidationContext.containsPidTokenx(): Boolean =
getClaims("tokenx-issuer")
.getStringClaim(Auth.CLAIM_PID)
.matches(pidRegex)

private fun TokenValidationContext.containsPid(): Boolean =
getClaims(Auth.ISSUER)
private fun TokenValidationContext.containsPid(issuer: String = Auth.IDPORTEN_ISSUER): Boolean =
getClaims(issuer)
.getStringClaim(Auth.CLAIM_PID)
.matches(pidRegex)
Original file line number Diff line number Diff line change
@@ -16,7 +16,7 @@ abstract class MockAuthToken {
fun mockAuthToken(): String =
mockOAuth2Server
.issueToken(
issuerId = Auth.ISSUER,
issuerId = Auth.IDPORTEN_ISSUER,
subject = "mockSubject",
audience = "aud-localhost",
claims =
1 change: 1 addition & 0 deletions config/api/prod-gcp.yml
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
kafkaPool: nav-prod
idportenEnabled: true
sidecarEnabled: true
tokenxEnabled: true
azure:
enabled: true
ingress: https://helsearbeidsgiver-im-api.intern.nav.no