IDPorten token exchange fails (because of outdated IdPortenWellKnownConfigEndpoint ?)

[mariusbu]

Description of the bug

Hi :slightly_smiling_face:

I'm getting a failure (401 unauthorized) when trying to exchange a token from test.idporten.no.

It looks like it might be an exception thrown by ValidateAndExtractOidcToken and I found what looks like outdated urls for the idporten endpoints listed in appsettings.json - at least the servers don't respond to pings:

"IdPortenWellKnownConfigEndpoint": "https://oidc-ver2.difi.no/idporten-oidc-provider/.well-known/openid-configuration",
"IdPortenAlternativeWellKnownConfigEndpoint": "https://oidc-test.difi.no/idporten-oidc-provider/.well-known/openid-configuration",

Steps To Reproduce

1. Authenticate with test.idporten.no
2. Try to exchange the access-token with 'Authentication':'Bearer <access-token>' in the request header

   GET https://platform.tt02.altinn.no/authentication/api/v1/exchange/id-porten

3. Receive the response (with different traceId)

   {
   "type": "https://tools.ietf.org/html/rfc9110#section-15.5.2",
   "title": "Unauthorized",
   "status": 401,
   "traceId": "00-ca65d053f6f474a8159f0e7ed99e3720-34781eee3ebd375e-00"
   }

Additional Information

See this comment on a similar issue for context.

[mariusbu]

It looks like this might be a duplicate of https://github.com/Altinn/altinn-authentication/issues/254

[TheTechArch]

@mariusbu is still a issue for you. In our enviroment config this was changed April 23 in tt02