Merge pull request #1913 from navikt/legg-til-auth-for-frikort

ramnav990 · web-flow · commit 7581c3b26c9b · 2024-09-24T14:16:57.000Z
Legg til azure  auth for frikort
diff --git a/web/src/main/kotlin/no/nav/su/se/bakover/web/AuthenticationConfig.kt b/web/src/main/kotlin/no/nav/su/se/bakover/web/AuthenticationConfig.kt
@@ -95,5 +95,24 @@ internal fun Application.configureAuthentication(
                 }
             }
         }
+        jwt("frikort2") {
+            verifier(jwkProvider, azureAd.issuer)
+            realm = "su-se-bakover"
+            validate { credentials ->
+                try {
+                    requireNotNull(credentials.payload.audience) { "Auth: Missing audience in token" }
+                    require(credentials.payload.audience.any { it == applicationConfig.azure.clientId }) {
+                        "Auth: Valid audience not found in claims"
+                    }
+                    require(getGroupsFromJWT(applicationConfig, credentials).any { it == "frikort" }) {
+                        "Auth: Valid group not found in claims. Required: [frikort]"
+                    }
+                    JWTPrincipal(credentials.payload)
+                } catch (e: Throwable) {
+                    log.debug("Auth: Validation error during authentication", e)
+                    null
+                }
+            }
+        }
     }
 }
diff --git a/web/src/main/kotlin/no/nav/su/se/bakover/web/Routes.kt b/web/src/main/kotlin/no/nav/su/se/bakover/web/Routes.kt
@@ -57,7 +57,7 @@ internal fun Application.setupKtorRoutes(
     distribuerDokumentService: DistribuerDokumentService,
 ) {
     routing {
-        authenticate("frikort") {
+        authenticate("frikort", "frikort2") {
             frikortVedtakRoutes(services.vedtakService, clock)
         }
 

Original file line number	Diff line number	Diff line change
`@@ -95,5 +95,24 @@ internal fun Application.configureAuthentication(`
`95`	`95`	`}`
`96`	`96`	`}`
`97`	`97`	`}`
	`98`	`+ jwt("frikort2") {`
	`99`	`+ verifier(jwkProvider, azureAd.issuer)`
	`100`	`+ realm = "su-se-bakover"`
	`101`	`+ validate { credentials ->`
	`102`	`+ try {`
	`103`	`+ requireNotNull(credentials.payload.audience) { "Auth: Missing audience in token" }`
	`104`	`+ require(credentials.payload.audience.any { it == applicationConfig.azure.clientId }) {`
	`105`	`+ "Auth: Valid audience not found in claims"`
	`106`	`+ }`
	`107`	`+ require(getGroupsFromJWT(applicationConfig, credentials).any { it == "frikort" }) {`
	`108`	`+ "Auth: Valid group not found in claims. Required: [frikort]"`
	`109`	`+ }`
	`110`	`+ JWTPrincipal(credentials.payload)`
	`111`	`+ } catch (e: Throwable) {`
	`112`	`+ log.debug("Auth: Validation error during authentication", e)`
	`113`	`+ null`
	`114`	`+ }`
	`115`	`+ }`
	`116`	`+ }`
`98`	`117`	`}`
`99`	`118`	`}`
Original file line number	Diff line number	Diff line change
`@@ -57,7 +57,7 @@ internal fun Application.setupKtorRoutes(`
`57`	`57`	`distribuerDokumentService: DistribuerDokumentService,`
`58`	`58`	`) {`
`59`	`59`	`routing {`
`60`		`- authenticate("frikort") {`
	`60`	`+ authenticate("frikort", "frikort2") {`
`61`	`61`	`frikortVedtakRoutes(services.vedtakService, clock)`
`62`	`62`	`}`
`63`	`63`