Merge remote-tracking branch 'origin/issues/54_issuer-url-with-discov…

…ery' into develop * origin/issues/54_issuer-url-with-discovery: rename oauth validation env variable fix description of env variable add option for lenient oidc configuration validation fix typo use oidc discovery to resolve token endpoint
medizininformatik-initiative · Jan 28, 2025 · 847afee · 847afee
2 parents 97977cf + 8b8c901
commit 847afee
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 5 deletions.
diff --git a/pom.xml b/pom.xml
@@ -45,7 +45,7 @@
 		<dependency>
 			<groupId>de.medizininformatik-initiative</groupId>
 			<artifactId>mii-processes-common</artifactId>
-			<version>1.0.3.0</version>
+			<version>1.0.4.0-SNAPSHOT</version>
 		</dependency>
 		<dependency>
 			<groupId>org.springframework</groupId>

diff --git a/...n/java/de/medizininformatik_initiative/process/report/spring/config/FhirClientConfig.java b/...n/java/de/medizininformatik_initiative/process/report/spring/config/FhirClientConfig.java
@@ -103,10 +103,15 @@ public class FhirClientConfig
 	private String fhirStoreProxyPassword;
 
 	@ProcessDocumentation(processNames = {
-			"medizininformatik-initiativede_reportSend" }, description = "The url of the oidc provider to request access tokens (token endpoint)", example = "http://foo.baz/realms/fhir-realm/protocol/openid-connect/token")
+			"medizininformatik-initiativede_reportSend" }, description = "The base url of the oidc provider", example = "http://foo.baz/realms/fhir-realm")
 	@Value("${de.medizininformatik.initiative.report.dic.fhir.server.oauth2.issuer.url:#{null}}")
 	private String fhirStoreOAuth2IssuerUrl;
 
+	@ProcessDocumentation(processNames = {
+			"medizininformatik-initiativede_reportSend" }, description = "The path for oidc discovery protocol", recommendation = "Change default value only if path differs from the oidc specification")
+	@Value("${de.medizininformatik.initiative.report.dic.fhir.server.oauth2.discovery.path:/.well-known/openid-configuration}")
+	private String fhirStoreOAuth2DiscoveryPath;
+
 	@ProcessDocumentation(processNames = {
 			"medizininformatik-initiativede_reportSend" }, description = "Identifier of the client (username) used for authentication when accessing the oidc provider token endpoint")
 	@Value("${de.medizininformatik.initiative.report.dic.fhir.server.oauth2.client.id:#{null}}")
@@ -147,6 +152,11 @@ public class FhirClientConfig
 	@Value("${de.medizininformatik.initiative.report.dic.fhir.server.oauth2.proxy.password:#{null}}")
 	private String fhirStoreOAuth2ProxyPassword;
 
+	@ProcessDocumentation(processNames = {
+			"medizininformatik-initiativede_reportSend" }, description = "If set to true, OIDC validation will only log a warning and not throw an illegal state exception")
+	@Value("${de.medizininformatik.initiative.report.dic.fhir.server.oauth2.discovery.validation.lenient:false}")
+	private boolean fhirStoreOAuth2DiscoveryValidationLenient;
+
 	@ProcessDocumentation(processNames = {
 			"medizininformatik-initiativede_reportSend" }, description = "To enable debug logging of FHIR resources set to `true`")
 	@Value("${de.medizininformatik.initiative.report.dic.fhir.dataLoggingEnabled:false}")
@@ -198,9 +208,10 @@ public TokenClient tokenClient()
 					: new String(api.getProxyConfig().getPassword());
 		}
 
-		return new OAuth2TokenClient(fhirStoreOAuth2IssuerUrl, fhirStoreOAuth2ClientId, fhirStoreOAuth2ClientSecret,
-				fhirStoreOAuth2ConnectTimeout, fhirStoreOAuth2SocketTimeout, trustStoreOAuth2Path, proxyUrl,
-				proxyUsername, proxyPassword);
+		return new OAuth2TokenClient(fhirStoreOAuth2IssuerUrl, fhirStoreOAuth2DiscoveryPath, fhirStoreOAuth2ClientId,
+				fhirStoreOAuth2ClientSecret, fhirStoreOAuth2ConnectTimeout, fhirStoreOAuth2SocketTimeout,
+				trustStoreOAuth2Path, proxyUrl, proxyUsername, proxyPassword,
+				fhirStoreOAuth2DiscoveryValidationLenient);
 	}
 
 	public DataLogger dataLogger()