Audit log valid claims by default for AAD vs. IdentityServer (#386)

* Audit log valid claims by default for AAD vs. IdentityServer * Don't need LastModifiedClaims=appid in StartupWithTraceAuditLogger anymore
microsoft · Mar 15, 2019 · 36e6a4c · 36e6a4c
1 parent 2b009ac
commit 36e6a4c
Show file tree

Hide file tree

Showing 4 changed files with 4 additions and 10 deletions.
diff --git a/src/Microsoft.Health.Fhir.Web/DevelopmentIdentityProviderConfiguration.cs b/src/Microsoft.Health.Fhir.Web/DevelopmentIdentityProviderConfiguration.cs
@@ -10,6 +10,7 @@ namespace Microsoft.Health.Fhir.Web
     public class DevelopmentIdentityProviderConfiguration
     {
         public const string Audience = "fhir-api";
+        public const string LastModifiedClaim = "appid";
 
         public bool Enabled { get; set; }
 

diff --git a/src/Microsoft.Health.Fhir.Web/DevelopmentIdentityProviderRegistrationExtensions.cs b/src/Microsoft.Health.Fhir.Web/DevelopmentIdentityProviderRegistrationExtensions.cs
@@ -187,6 +187,7 @@ public override void Load()
                     // add properties related to the development identity provider.
                     Data["DevelopmentIdentityProvider:Enabled"] = bool.TrueString;
                     Data["FhirServer:Security:Authentication:Audience"] = DevelopmentIdentityProviderConfiguration.Audience;
+                    Data["FhirServer:Security:LastModifiedClaims:0"] = DevelopmentIdentityProviderConfiguration.LastModifiedClaim;
                 }
             }
         }

diff --git a/src/Microsoft.Health.Fhir.Web/appsettings.json b/src/Microsoft.Health.Fhir.Web/appsettings.json
@@ -11,7 +11,7 @@
         "Authority": "https://localhost:44348"
       },
       "LastModifiedClaims": [
-        "client_id"
+        "oid"
       ],
       "Authorization": {
         "Enabled": true
@@ -74,4 +74,4 @@
   "ApplicationInsights": {
     "InstrumentationKey": ""
   }
-}
+}
diff --git a/test/Microsoft.Health.Fhir.Tests.E2E/Rest/Audit/StartupWithTraceAuditLogger.cs b/test/Microsoft.Health.Fhir.Tests.E2E/Rest/Audit/StartupWithTraceAuditLogger.cs
@@ -6,9 +6,7 @@
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.DependencyInjection.Extensions;
-using Microsoft.Extensions.Options;
 using Microsoft.Health.Fhir.Api.Features.Audit;
-using Microsoft.Health.Fhir.Core.Configs;
 using Microsoft.Health.Fhir.Web;
 
 namespace Microsoft.Health.Fhir.Tests.E2E.Rest.Audit
@@ -25,12 +23,6 @@ public override void ConfigureServices(IServiceCollection services)
             base.ConfigureServices(services);
 
             services.Replace(new ServiceDescriptor(typeof(IAuditLogger), typeof(TraceAuditLogger), ServiceLifetime.Singleton));
-
-            // Configure the test server to log a claim that is used in both local and integration environments.
-            ServiceProvider serviceProvider = services.BuildServiceProvider();
-            var securityConfigurationOptions = serviceProvider.GetService<IOptions<SecurityConfiguration>>();
-            securityConfigurationOptions.Value.LastModifiedClaims.Clear();
-            securityConfigurationOptions.Value.LastModifiedClaims.Add("appid");
         }
     }
 }