diff --git a/felles/oidc/src/main/java/no/nav/vedtak/sikkerhet/oidc/token/impl/AzureBrukerTokenKlient.java b/felles/oidc/src/main/java/no/nav/vedtak/sikkerhet/oidc/token/impl/AzureBrukerTokenKlient.java index 11889f828..b0d1741d8 100644 --- a/felles/oidc/src/main/java/no/nav/vedtak/sikkerhet/oidc/token/impl/AzureBrukerTokenKlient.java +++ b/felles/oidc/src/main/java/no/nav/vedtak/sikkerhet/oidc/token/impl/AzureBrukerTokenKlient.java @@ -58,7 +58,6 @@ public OpenIDToken exhangeAuthCode(String authorizationCode, String callback, St "&code=" + authorizationCode + "&redirect_uri=" + URLEncoder.encode(callback, UTF_8) + "&grant_type=authorization_code" + - //"&code_verifier=" + "ThisIsntRandomButItNeedsToBe43CharactersLong" + "&client_secret=" + clientSecret; var request = lagRequest(data); var response = GeneriskTokenKlient.hentToken(request, azureProxy); diff --git a/felles/sikkerhet/src/main/java/no/nav/vedtak/isso/ressurs/AzureAuthorizationRequestBuilder.java b/felles/sikkerhet/src/main/java/no/nav/vedtak/isso/ressurs/AzureAuthorizationRequestBuilder.java index a51142819..e16b2b7ac 100644 --- a/felles/sikkerhet/src/main/java/no/nav/vedtak/isso/ressurs/AzureAuthorizationRequestBuilder.java +++ b/felles/sikkerhet/src/main/java/no/nav/vedtak/isso/ressurs/AzureAuthorizationRequestBuilder.java @@ -32,11 +32,6 @@ public String buildRedirectString() { var clientId = providerConfig.clientId(); var redirectUrl = ServerInfo.instance().getCallbackUrl(); - //TODO - sjekke ut PKCE - //&code_challenge=YTFjNj...... - //&code_challenge_method=S256 - - // KCD? "?session=winssochain&authIndexType=service&authIndexValue=winssochain"; return providerConfig.authorizationEndpoint().toString() + "&response_type=code" + "&response_mode=query" + diff --git a/felles/sikkerhet/src/main/java/no/nav/vedtak/isso/ressurs/AzureConfigProperties.java b/felles/sikkerhet/src/main/java/no/nav/vedtak/isso/ressurs/AzureConfigProperties.java index b2daacf2c..a3d9ec8b8 100644 --- a/felles/sikkerhet/src/main/java/no/nav/vedtak/isso/ressurs/AzureConfigProperties.java +++ b/felles/sikkerhet/src/main/java/no/nav/vedtak/isso/ressurs/AzureConfigProperties.java @@ -8,9 +8,9 @@ public final class AzureConfigProperties { private static final Environment ENV = Environment.current(); - // En *-separert liste over scopes man ønsker inkludert i token - i starten brukes openid - // Fx api://::fplos/default*api://::fpsak/default - // NB: dersom denne settes - så vurder å begynne med openid*offline_access*api://.... + // En mellomrom-separert liste over scopes man ønsker inkludert i token - i starten brukes openid + // NB: dersom denne settes - så begynn med openid offline_access api://.... + // Fx openid offline_access api://..fplos/.default api://..fpsak/.default private static final String AZURE_SCOPES_PROPERTY_NAME = "fp.trial.azure.scopes"; // Sett = true for å aktivere @@ -19,8 +19,7 @@ public final class AzureConfigProperties { private static final String OPENID_SCOPE = "openid offline_access"; - private static final String AZURE_SCOPES = Optional.ofNullable(ENV.getProperty(AZURE_SCOPES_PROPERTY_NAME)) - .map(s -> s.replace("\\*", " ")).orElse(OPENID_SCOPE); + private static final String AZURE_SCOPES = Optional.ofNullable(ENV.getProperty(AZURE_SCOPES_PROPERTY_NAME)).orElse(OPENID_SCOPE); private static final boolean AZURE_ENABLED = Optional.ofNullable(ENV.getProperty(AZURE_TRIAL_ENABLED)).filter("true"::equals).isPresent(); private AzureConfigProperties() {