Skip to content

Feature/magic token trivia#4260

Merged
krharum merged 23 commits into
masterfrom
feature/magic-token-trivia
Jun 15, 2026
Merged

Feature/magic token trivia#4260
krharum merged 23 commits into
masterfrom
feature/magic-token-trivia

Conversation

@krharum

@krharum krharum commented Jun 15, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

This pull request updates access policies across multiple service configuration files. The main change is the replacement of references to the team-dolly-lokal-app (and one instance of localauth) application with dolly-auth-local. This ensures that access rules consistently point to the correct local authentication application.

Access policy updates:

  • Replaced team-dolly-lokal-app with dolly-auth-local in inbound rules for several services including adresse-service, altinn3-tilgang-service (dev and prod), api-oversikt-service, app-tilgang-analyse-service, batch-bestilling-service, bruker-service, budpro-service, dolly-backend, dolly-search-service (test and prod), endringsmelding-service, generer-navn-service, inntektsmelding-generator-service, inntektsmelding-service (test and prod), jenkins-batch-status-service, joark-dokument-service, and levende-arbeidsforhold-ansettelse ([[1]](https://github.com/navikt/testnorge/pull/4260/files#diff-dc19901cfe1dc36af090fe1509e846cb6a2930b3aeea0caac1ea21a29549c45bL59-R59), [[2]](https://github.com/navikt/testnorge/pull/4260/files#diff-16cd32ae31a6709f001edd75d6521da8a682e31ca489a2035056c03910f410ffL34-R34), [[3]](https://github.com/navikt/testnorge/pull/4260/files#diff-af020eec8d07d974559936c6b5f8362210d17b2db776b063016024f04a47cdd5L40-R40), [[4]](https://github.com/navikt/testnorge/pull/4260/files#diff-cc3a22126be503b4b048f245e95e45ec96e8bf420ebd61558236e22f32646795L56-R56), [[5]](https://github.com/navikt/testnorge/pull/4260/files#diff-4ef8335852f82a0433829e4e321de9bb16ea1aefad983d212645cfec06fac5a3L24-R24), [[6]](https://github.com/navikt/testnorge/pull/4260/files#diff-787b884b24ae3f9db3f3af0fdc202dca8d1cdb4ba04b6bc2c5527cfb528e9261L20-R20), [[7]](https://github.com/navikt/testnorge/pull/4260/files#diff-85c2437b38fe2c8b67780aa02add548a5bc0aaa64426e10bb3b5044faa9a26e3L25-R25), [[8]](https://github.com/navikt/testnorge/pull/4260/files#diff-040b1d12d8f589b348a467535d283ac88f2893bb5c06137b9742ed3ee0cdbe91L13-R13), [[9]](https://github.com/navikt/testnorge/pull/4260/files#diff-4233b6c2c5f8abba10ddad695af9db496675d6424dc12ac23484a452a3bc8bfdL22-R22), [[10]](https://github.com/navikt/testnorge/pull/4260/files#diff-4497c98ba9fcc28cddc76fb9233f92a38390b9f6e4a1e3b87b4f83f8ad84fab6L31-R31), [[11]](https://github.com/navikt/testnorge/pull/4260/files#diff-562e421c53250598b6db91506025740d3d5516b08c61ead0132f886365a6f099L31-R31), [[12]](https://github.com/navikt/testnorge/pull/4260/files#diff-319aa9bff25e01c3192d7b75de3252b51f8dac16b8290518df63290c33488e86L25-R25), [[13]](https://github.com/navikt/testnorge/pull/4260/files#diff-7489483087e8318e4b3e4714214183a25a399290d1c06464cbccaa4dba9cd285L23-R23), [[14]](https://github.com/navikt/testnorge/pull/4260/files#diff-04d5bc4f8aafe24b2f2dfe8856fd7b24ab6e1981149b177cc003a3e648ebaf7fL24-R24), [[15]](https://github.com/navikt/testnorge/pull/4260/files#diff-0710ea908b3a8bdd32ded0762799f0d9cb328e080de8c5eab6e6a5d57c50a3c7L19-R19), [[16]](https://github.com/navikt/testnorge/pull/4260/files#diff-88de555ebd097f9d169fcf81c68691b650d365764abde168e18a663c0bb309e0L24-R24), [[17]](https://github.com/navikt/testnorge/pull/4260/files#diff-961696326a55e7916dfd86ebec0765e4af3385cfe512cd41ea774ed77c9ce490L18-R18), [[18]](https://github.com/navikt/testnorge/pull/4260/files#diff-a4d0ab9542b5e6e390da180a04730c20bba795cd0a8f8807abc9ae2bcb09fbf8L20-R20), [[19]](https://github.com/navikt/testnorge/pull/4260/files#diff-5ab825fc64dc8b4019ad211efd0306f2c0a98af46e3eebf2ec2c4d7645b41019L17-R17)).

  • Replaced localauth with dolly-auth-local in the inbound rules for kodeverk-service ([apps/kodeverk-service/config.ymlL22-R22](https://github.com/navikt/testnorge/pull/4260/files#diff-61d538c96f18fc2853466d75eec5989432e5e3bd685c4d2ab8078d20cf58b245L22-R22)).

krharum added 19 commits June 8, 2026 15:18
@krharum
feature: Add localauth configuration for application deployment
580a522
@krharum
feature: Rename localauth configuration and update paths in deploymen…
21a9502 
…t files
@krharum
feature: Rename dolly-local-auth to dolly-auth-local and update relat…
c0ced43 
…ed deployment configurations
@krharum
feature: Update file paths in dolly-auth-local configuration
768301a
@krharum
feature: Update OAuth2 client configuration for Entra integration #de…
224fdd4 
…ploy-oversikt-frontend
@krharum
feature: Update OAuth2 resourceserver configuration in application.ym…
261341f 
…l #deploy-oversikt-frontend
@krharum
feature: Un-comment Azure OAuth2 configuration in application.yml #de…
9bbc4ae 
…ploy-oversikt-frontend
@krharum
feature: Update OAuth2 configuration and local application settings #…
d30ec7c 
…deploy-oversikt-frontend
@krharum
Merge branch 'master' into feature/magic-token-trivia
032d616
@krharum
Refactor application.yml to use environment variables for Azure confi…
888d6e4 
…guration #deploy-oversikt-frontend
@krharum
Update application name in config.yml from team-dolly-lokal-app to lo…
d983b74 
…calauth #deploy-kodeverk-service
@krharum
Update application name in config.yml from team-dolly-lokal-app to lo…
28bd67b 
…calauth #deploy-kodeverk-service
@krharum
Refactor application.yml and update application starter to use Nais e…
85a6c24 
…nvironment initializer #deploy-oversikt-frontend
@krharum
Remove hardcoded authentication values from application.yml #deploy-o…
440d451 
…versikt-frontend
@krharum
Add tenant configuration to dolly-local-auth.yml
c57f0a5
@krharum
Refactor authentication properties in NaisEnvironmentApplicationConte…
7fc66dd 
…xtInitializer and update application-local.yml for improved security handling
@krharum
Rename application references from team-dolly-lokal-app to dolly-auth…
de8fa96 
…-local in configuration files #deploy-miljoer-service
@krharum
Add tenant configuration to dolly-auth-local.yml
b777fd6
@krharum
Update local authentication configuration in NaisEnvironmentApplicati…
c62df69 
…onContextInitializer
@krharum krharum marked this pull request as ready for review June 15, 2026 06:26
@krharum krharum requested a review from a team as a code owner June 15, 2026 06:26
Copilot AI review requested due to automatic review settings June 15, 2026 06:26
@krharum krharum marked this pull request as draft June 15, 2026 06:29
Copilot AI reviewed Jun 15, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR standardizes local authentication access across the NAIS apps/proxies by replacing the previous local app entry with dolly-auth-local, and updates local/test authentication-related configuration in shared testing and dolly-backend.

Changes:

  • Replaced team-dolly-lokal-app (and one localauth) inbound accessPolicy entry with dolly-auth-local across many NAIS config.yml files.
  • Updated NaisEnvironmentApplicationContextInitializer local-profile emulation to use dolly-auth-local endpoints and explicit local values for Azure/Maskinporten/TokenX.
  • Adjusted dolly-backend error handling to use downstream response bodies in error responses (this needs changes due to leakage risk).

Reviewed changes

Copilot reviewed 57 out of 57 changed files in this pull request and generated 3 comments.

Show a summary per file
File Description
synt/synt-dagpenger/config.yml Switch inbound local-auth application to dolly-auth-local.
synt/synt-aap/config.yml Switch inbound local-auth application to dolly-auth-local.
proxies/yrkesskade-proxy/config.yml Switch inbound local-auth application to dolly-auth-local.
proxies/texas-proxy/config.yml Switch inbound local-auth application to dolly-auth-local (two inbound blocks).
proxies/pdl-proxy/config.yml Switch inbound local-auth application to dolly-auth-local.
proxies/nom-proxy/config.yml Switch inbound local-auth application to dolly-auth-local.
proxies/dolly-proxy/config.yml Switch inbound local-auth application to dolly-auth-local.
proxies/brregstub-reverse-proxy/config.yml Switch inbound local-auth application to dolly-auth-local.
proxies/arbeidssoekerregisteret-proxy/config.yml Switch inbound local-auth application to dolly-auth-local.
proxies/arbeidsplassencv-proxy/config.yml Switch inbound local-auth application to dolly-auth-local.
proxies/altinn3-tilgang-proxy/config.yml Switch inbound local-auth application to dolly-auth-local.
libs/testing/src/main/java/no/nav/dolly/libs/nais/NaisEnvironmentApplicationContextInitializer.java Update local/test profile env var emulation to target dolly-auth-local and set explicit local values.
libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/manager/JwtReactiveAuthenticationManager.java Formatting-only change for issuer matching/decoder mapping.
apps/varslinger-service/config.yml Switch inbound local-auth application to dolly-auth-local.
apps/varslinger-service/config.test.yml Switch inbound local-auth application to dolly-auth-local.
apps/tps-messaging-service/config.yml Switch inbound local-auth application to dolly-auth-local.
apps/tilbakemelding-api/config.yml Switch inbound local-auth application to dolly-auth-local.
apps/testnav-ident-pool/config.yml Switch inbound local-auth application to dolly-auth-local.
apps/tenor-search-service/config.yml Switch inbound local-auth application to dolly-auth-local.
apps/synt-vedtakshistorikk-service/config.yml Switch inbound local-auth application to dolly-auth-local.
apps/profil-api/config.yml Switch inbound local-auth application to dolly-auth-local.
apps/profil-api/config.test.yml Switch inbound local-auth application to dolly-auth-local.
apps/person-service/config.yml Switch inbound local-auth application to dolly-auth-local.
apps/person-faste-data-service/config.yml Switch inbound local-auth application to dolly-auth-local.
apps/pdl-lagre-service/config.yml Switch inbound local-auth application to dolly-auth-local.
apps/pdl-forvalter/config.test.yml Switch inbound local-auth application to dolly-auth-local.
apps/orgnummer-service/config.yml Switch inbound local-auth application to dolly-auth-local.
apps/organisasjon-service/config.yml Switch inbound local-auth application to dolly-auth-local.
apps/organisasjon-mottak-service/config.yml Switch inbound local-auth application to dolly-auth-local.
apps/organisasjon-forvalter/config.yml Switch inbound local-auth application to dolly-auth-local.
apps/organisasjon-faste-data-service/config.yml Switch inbound local-auth application to dolly-auth-local.
apps/organisasjon-bestilling-service/config.yml Switch inbound local-auth application to dolly-auth-local.
apps/miljoer-service/config.yml Switch inbound local-auth application to dolly-auth-local.
apps/levende-arbeidsforhold-service/config.yml Switch inbound local-auth application to dolly-auth-local.
apps/levende-arbeidsforhold-scheduler/config.yml Switch inbound local-auth application to dolly-auth-local.
apps/levende-arbeidsforhold-ansettelse/config.yml Switch inbound local-auth application to dolly-auth-local.
apps/kodeverk-service/config.yml Switch inbound local-auth application to dolly-auth-local (from localauth).
apps/joark-dokument-service/config.yml Switch inbound local-auth application to dolly-auth-local.
apps/jenkins-batch-status-service/config.yml Switch inbound local-auth application to dolly-auth-local.
apps/inntektsmelding-service/config.yml Switch inbound local-auth application to dolly-auth-local.
apps/inntektsmelding-service/config.test.yml Switch inbound local-auth application to dolly-auth-local.
apps/inntektsmelding-generator-service/config.yml Switch inbound local-auth application to dolly-auth-local.
apps/generer-navn-service/config.yml Switch inbound local-auth application to dolly-auth-local.
apps/endringsmelding-service/config.yml Switch inbound local-auth application to dolly-auth-local.
apps/dolly-search-service/config.yml Switch inbound local-auth application to dolly-auth-local.
apps/dolly-search-service/config.test.yml Switch inbound local-auth application to dolly-auth-local.
apps/dolly-backend/src/main/resources/application-local.yml Add local resourceserver issuer/audience config for dolly-backend.
apps/dolly-backend/src/main/java/no/nav/dolly/provider/advice/HttpExceptionAdvice.java Change error response message to include downstream response body (needs adjustment).
apps/dolly-backend/config.test.yml Switch inbound local-auth application to dolly-auth-local.
apps/budpro-service/config.yml Switch inbound local-auth application to dolly-auth-local.
apps/bruker-service/config.test.yml Switch inbound local-auth application to dolly-auth-local.
apps/batch-bestilling-service/config.yml Switch inbound local-auth application to dolly-auth-local.
apps/app-tilgang-analyse-service/config.yml Switch inbound local-auth application to dolly-auth-local.
apps/api-oversikt-service/config.yml Switch inbound local-auth application to dolly-auth-local.
apps/altinn3-tilgang-service/config.prod.yml Switch inbound local-auth application to dolly-auth-local.
apps/altinn3-tilgang-service/config.dev.yml Switch inbound local-auth application to dolly-auth-local.
apps/adresse-service/config.yml Switch inbound local-auth application to dolly-auth-local.

Comment thread ...sting/src/main/java/no/nav/dolly/libs/nais/NaisEnvironmentApplicationContextInitializer.java Outdated
Comment thread ...sting/src/main/java/no/nav/dolly/libs/nais/NaisEnvironmentApplicationContextInitializer.java Outdated
Comment thread apps/dolly-backend/src/main/java/no/nav/dolly/provider/advice/HttpExceptionAdvice.java Outdated
@krharum krharum marked this pull request as ready for review June 15, 2026 11:07
stigus
stigus approved these changes Jun 15, 2026
View reviewed changes

@stigus stigus left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ser flott ut 😄

@krharum krharum merged commit bddf5c1 into master Jun 15, 2026
20 checks passed
@krharum krharum deleted the feature/magic-token-trivia branch June 15, 2026 13:01
krharum added a commit that referenced this pull request Jun 16, 2026
@krharum
Revert "Feature/magic token trivia (#4260)"
c2334ba 
This reverts commit bddf5c1.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@stigus stigus stigus approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@krharum @stigus