From 91461534b25fae58a83196010f5d16dcdcd184f1 Mon Sep 17 00:00:00 2001
From: Reto Wettstein <Reto.Wettstein@med.uni-heidelberg.de>
Date: Wed, 15 Jan 2025 11:36:06 +0100
Subject: [PATCH 1/5] use oidc discovery to resolve token endpoint

---
 pom.xml                                             |  2 +-
 .../report/spring/config/FhirClientConfig.java      | 13 +++++++++----
 2 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/pom.xml b/pom.xml
index 2d2956e..4c6c311 100644
--- a/pom.xml
+++ b/pom.xml
@@ -45,7 +45,7 @@
 		<dependency>
 			<groupId>de.medizininformatik-initiative</groupId>
 			<artifactId>mii-processes-common</artifactId>
-			<version>1.0.3.0</version>
+			<version>1.0.4.0-SNAPSHOT</version>
 		</dependency>
 		<dependency>
 			<groupId>org.springframework</groupId>
diff --git a/src/main/java/de/medizininformatik_initiative/process/report/spring/config/FhirClientConfig.java b/src/main/java/de/medizininformatik_initiative/process/report/spring/config/FhirClientConfig.java
index 2d9d03f..c9cc75f 100644
--- a/src/main/java/de/medizininformatik_initiative/process/report/spring/config/FhirClientConfig.java
+++ b/src/main/java/de/medizininformatik_initiative/process/report/spring/config/FhirClientConfig.java
@@ -103,10 +103,15 @@ public class FhirClientConfig
 	private String fhirStoreProxyPassword;
 
 	@ProcessDocumentation(processNames = {
-			"medizininformatik-initiativede_reportSend" }, description = "The url of the oidc provider to request access tokens (token endpoint)", example = "http://foo.baz/realms/fhir-realm/protocol/openid-connect/token")
+			"medizininformatik-initiativede_reportSend" }, description = "The base url of the oidc provider", example = "http://foo.baz/realms/fhir-realm")
 	@Value("${de.medizininformatik.initiative.report.dic.fhir.server.oauth2.issuer.url:#{null}}")
 	private String fhirStoreOAuth2IssuerUrl;
 
+	@ProcessDocumentation(processNames = {
+			"medizininformatik-initiativede_reportSend" }, description = "The path for oidc discovery protocol", recommendation = "Change default value only if path is differs from the oidc specification")
+	@Value("${de.medizininformatik.initiative.report.dic.fhir.server.oauth2.discovery.path:/.well-known/openid-configuration}")
+	private String fhirStoreOAuth2DiscoveryPath;
+
 	@ProcessDocumentation(processNames = {
 			"medizininformatik-initiativede_reportSend" }, description = "Identifier of the client (username) used for authentication when accessing the oidc provider token endpoint")
 	@Value("${de.medizininformatik.initiative.report.dic.fhir.server.oauth2.client.id:#{null}}")
@@ -198,9 +203,9 @@ public TokenClient tokenClient()
 					: new String(api.getProxyConfig().getPassword());
 		}
 
-		return new OAuth2TokenClient(fhirStoreOAuth2IssuerUrl, fhirStoreOAuth2ClientId, fhirStoreOAuth2ClientSecret,
-				fhirStoreOAuth2ConnectTimeout, fhirStoreOAuth2SocketTimeout, trustStoreOAuth2Path, proxyUrl,
-				proxyUsername, proxyPassword);
+		return new OAuth2TokenClient(fhirStoreOAuth2IssuerUrl, fhirStoreOAuth2DiscoveryPath, fhirStoreOAuth2ClientId,
+				fhirStoreOAuth2ClientSecret, fhirStoreOAuth2ConnectTimeout, fhirStoreOAuth2SocketTimeout,
+				trustStoreOAuth2Path, proxyUrl, proxyUsername, proxyPassword);
 	}
 
 	public DataLogger dataLogger()

From fed94e02271fa4e20725ae0681232b442734867f Mon Sep 17 00:00:00 2001
From: Reto Wettstein <Reto.Wettstein@med.uni-heidelberg.de>
Date: Thu, 16 Jan 2025 08:24:06 +0100
Subject: [PATCH 2/5] fix typo

---
 .../process/report/spring/config/FhirClientConfig.java          | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/de/medizininformatik_initiative/process/report/spring/config/FhirClientConfig.java b/src/main/java/de/medizininformatik_initiative/process/report/spring/config/FhirClientConfig.java
index c9cc75f..90cca26 100644
--- a/src/main/java/de/medizininformatik_initiative/process/report/spring/config/FhirClientConfig.java
+++ b/src/main/java/de/medizininformatik_initiative/process/report/spring/config/FhirClientConfig.java
@@ -108,7 +108,7 @@ public class FhirClientConfig
 	private String fhirStoreOAuth2IssuerUrl;
 
 	@ProcessDocumentation(processNames = {
-			"medizininformatik-initiativede_reportSend" }, description = "The path for oidc discovery protocol", recommendation = "Change default value only if path is differs from the oidc specification")
+			"medizininformatik-initiativede_reportSend" }, description = "The path for oidc discovery protocol", recommendation = "Change default value only if path differs from the oidc specification")
 	@Value("${de.medizininformatik.initiative.report.dic.fhir.server.oauth2.discovery.path:/.well-known/openid-configuration}")
 	private String fhirStoreOAuth2DiscoveryPath;
 

From dd7cab9d0ab654ff55f6e978c7609ca9919a9fc8 Mon Sep 17 00:00:00 2001
From: Reto Wettstein <Reto.Wettstein@med.uni-heidelberg.de>
Date: Mon, 27 Jan 2025 15:38:14 +0100
Subject: [PATCH 3/5] add option for lenient oidc configuration validation

---
 .../process/report/spring/config/FhirClientConfig.java    | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/main/java/de/medizininformatik_initiative/process/report/spring/config/FhirClientConfig.java b/src/main/java/de/medizininformatik_initiative/process/report/spring/config/FhirClientConfig.java
index 90cca26..a992d9f 100644
--- a/src/main/java/de/medizininformatik_initiative/process/report/spring/config/FhirClientConfig.java
+++ b/src/main/java/de/medizininformatik_initiative/process/report/spring/config/FhirClientConfig.java
@@ -152,6 +152,11 @@ public class FhirClientConfig
 	@Value("${de.medizininformatik.initiative.report.dic.fhir.server.oauth2.proxy.password:#{null}}")
 	private String fhirStoreOAuth2ProxyPassword;
 
+	@ProcessDocumentation(processNames = {
+			"medizininformatik-initiativede_reportSend" }, description = "If set to false, OIDC validation will only log a warning and not throw an illegal state exception")
+	@Value("${de.medizininformatik.initiative.report.dic.fhir.server.oauth2.validation.lenient:false}")
+	private boolean fhirStoreOAuth2ConfigurationValidationLenient;
+
 	@ProcessDocumentation(processNames = {
 			"medizininformatik-initiativede_reportSend" }, description = "To enable debug logging of FHIR resources set to `true`")
 	@Value("${de.medizininformatik.initiative.report.dic.fhir.dataLoggingEnabled:false}")
@@ -205,7 +210,8 @@ public TokenClient tokenClient()
 
 		return new OAuth2TokenClient(fhirStoreOAuth2IssuerUrl, fhirStoreOAuth2DiscoveryPath, fhirStoreOAuth2ClientId,
 				fhirStoreOAuth2ClientSecret, fhirStoreOAuth2ConnectTimeout, fhirStoreOAuth2SocketTimeout,
-				trustStoreOAuth2Path, proxyUrl, proxyUsername, proxyPassword);
+				trustStoreOAuth2Path, proxyUrl, proxyUsername, proxyPassword,
+				fhirStoreOAuth2ConfigurationValidationLenient);
 	}
 
 	public DataLogger dataLogger()

From c671239de4a8e022aad758cfb4e62ff9b12c5501 Mon Sep 17 00:00:00 2001
From: Reto Wettstein <Reto.Wettstein@med.uni-heidelberg.de>
Date: Mon, 27 Jan 2025 15:42:05 +0100
Subject: [PATCH 4/5] fix description of env variable

---
 .../process/report/spring/config/FhirClientConfig.java          | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/de/medizininformatik_initiative/process/report/spring/config/FhirClientConfig.java b/src/main/java/de/medizininformatik_initiative/process/report/spring/config/FhirClientConfig.java
index a992d9f..db401e3 100644
--- a/src/main/java/de/medizininformatik_initiative/process/report/spring/config/FhirClientConfig.java
+++ b/src/main/java/de/medizininformatik_initiative/process/report/spring/config/FhirClientConfig.java
@@ -153,7 +153,7 @@ public class FhirClientConfig
 	private String fhirStoreOAuth2ProxyPassword;
 
 	@ProcessDocumentation(processNames = {
-			"medizininformatik-initiativede_reportSend" }, description = "If set to false, OIDC validation will only log a warning and not throw an illegal state exception")
+			"medizininformatik-initiativede_reportSend" }, description = "If set to true, OIDC validation will only log a warning and not throw an illegal state exception")
 	@Value("${de.medizininformatik.initiative.report.dic.fhir.server.oauth2.validation.lenient:false}")
 	private boolean fhirStoreOAuth2ConfigurationValidationLenient;
 

From 8b8c901764cc07505588a81f943fa177bf6cf7ae Mon Sep 17 00:00:00 2001
From: Reto Wettstein <Reto.Wettstein@med.uni-heidelberg.de>
Date: Tue, 28 Jan 2025 08:00:15 +0100
Subject: [PATCH 5/5] rename oauth validation env variable

---
 .../process/report/spring/config/FhirClientConfig.java      | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/main/java/de/medizininformatik_initiative/process/report/spring/config/FhirClientConfig.java b/src/main/java/de/medizininformatik_initiative/process/report/spring/config/FhirClientConfig.java
index db401e3..7448d1c 100644
--- a/src/main/java/de/medizininformatik_initiative/process/report/spring/config/FhirClientConfig.java
+++ b/src/main/java/de/medizininformatik_initiative/process/report/spring/config/FhirClientConfig.java
@@ -154,8 +154,8 @@ public class FhirClientConfig
 
 	@ProcessDocumentation(processNames = {
 			"medizininformatik-initiativede_reportSend" }, description = "If set to true, OIDC validation will only log a warning and not throw an illegal state exception")
-	@Value("${de.medizininformatik.initiative.report.dic.fhir.server.oauth2.validation.lenient:false}")
-	private boolean fhirStoreOAuth2ConfigurationValidationLenient;
+	@Value("${de.medizininformatik.initiative.report.dic.fhir.server.oauth2.discovery.validation.lenient:false}")
+	private boolean fhirStoreOAuth2DiscoveryValidationLenient;
 
 	@ProcessDocumentation(processNames = {
 			"medizininformatik-initiativede_reportSend" }, description = "To enable debug logging of FHIR resources set to `true`")
@@ -211,7 +211,7 @@ public TokenClient tokenClient()
 		return new OAuth2TokenClient(fhirStoreOAuth2IssuerUrl, fhirStoreOAuth2DiscoveryPath, fhirStoreOAuth2ClientId,
 				fhirStoreOAuth2ClientSecret, fhirStoreOAuth2ConnectTimeout, fhirStoreOAuth2SocketTimeout,
 				trustStoreOAuth2Path, proxyUrl, proxyUsername, proxyPassword,
-				fhirStoreOAuth2ConfigurationValidationLenient);
+				fhirStoreOAuth2DiscoveryValidationLenient);
 	}
 
 	public DataLogger dataLogger()