fix(token-validation-ktor): support optional claims in IssuerConfig c…

…onstructor (#839)
navikt · Jan 19, 2024 · 093a28e · 093a28e
1 parent cb33892
commit 093a28e
Showing 1 changed file with 18 additions and 4 deletions.
diff --git a/...v2/src/main/kotlin/no/nav/security/token/support/v2/TokenSupportAuthenticationProvider.kt b/...v2/src/main/kotlin/no/nav/security/token/support/v2/TokenSupportAuthenticationProvider.kt
@@ -90,14 +90,22 @@ fun AuthenticationConfig.tokenValidationSupport(name: String? = null, config: Ap
 
 data class RequiredClaims(val issuer: String, val claimMap: Array<String>, val combineWithOr: Boolean = false)
 
-data class IssuerConfig(val name: String, val discoveryUrl: String, val acceptedAudience: List<String>)
+data class IssuerConfig(
+    val name: String,
+    val discoveryUrl: String,
+    val acceptedAudience: List<String> = emptyList(),
+    val optionalClaims: List<String> = emptyList(),
+)
 
 class TokenSupportConfig(vararg issuers: IssuerConfig) : MapApplicationConfig(
     *(issuers.mapIndexed { index, issuerConfig ->
         listOf(
             "no.nav.security.jwt.issuers.$index.issuer_name" to issuerConfig.name,
             "no.nav.security.jwt.issuers.$index.discoveryurl" to issuerConfig.discoveryUrl,
-            "no.nav.security.jwt.issuers.$index.accepted_audience" to issuerConfig.acceptedAudience.joinToString(",")//,
+            "no.nav.security.jwt.issuers.$index.accepted_audience" to
+                issuerConfig.acceptedAudience.joinToString(","),
+            "no.nav.security.jwt.issuers.$index.validation.optional_claims" to
+                issuerConfig.optionalClaims.joinToString(","),
         )
     }.flatten().plus("no.nav.security.jwt.issuers.size" to issuers.size.toString()).toTypedArray())
 )
@@ -136,9 +144,15 @@ fun ApplicationConfig.asIssuerProps(): Map<String, IssuerProperties> = configLis
     .associate {
         it.property("issuer_name").getString() to IssuerProperties(
             URI.create(it.property("discoveryurl").getString()).toURL(),
-            it.propertyOrNull("accepted_audience")?.getString()?.split(",") ?: emptyList(),
+            it.propertyOrNull("accepted_audience")?.getString()
+                ?.split(",")
+                ?.filter { aud -> aud.isNotEmpty() }
+                ?: emptyList(),
            null,
             it.propertyOrNull("header_name")?.getString() ?: AUTHORIZATION_HEADER,
-            Validation(it.propertyOrNull("validation.optional_claims")?.getString()?.split(",") ?: emptyList()),
+            Validation(it.propertyOrNull("validation.optional_claims")?.getString()
+                ?.split(",")
+                ?.filter { claim -> claim.isNotEmpty() }
+                ?: emptyList()),
             JwksCache(it.propertyOrNull("jwks_cache.lifespan")?.getString()?.toLong() ?: 15, it.propertyOrNull("jwks_cache.refreshtime")?.getString()?.toLong() ?: 5))
     }