Closed deduper closed 2 years ago
The configuration is done through helm, specifying an environment variable at runtime. Relevant line of this repo is https://github.com/ministryofjustice/prison-api/blob/main/helm_deploy/values-t3.yaml#L15, which defines the SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWK_SET_URI
environment variable. This translates the spring configuration path spring.security.oauth2.resourceserver.jwt.jwk-set-uri
How does the prison-api specify hmpps-auth as its OAuth 2.0 authorization server? Where exactly in the code or configuration files I mean?
Or if you're doing it by Spring Security's auto-configuration, can you share a link to the Spring Security documentation that describes that auto-configuration? Please? I've Googled. But I couldn't find anything.
I'm aware of a few different ways provided by Spring Security for a resource server to configure what authorization server it will delegate OAuth 2.0 authorization to.
I can't see anywhere in any prison-api file where the authorization server is set. Apart from this dev profile configurations I found in the project:
And this test resource:
Thank you in advance.