in api/src/main/scala/com/gu/adapters/http/Authentication.scala [151:201]
def fromIdentityConfig(config: IdentityConfig): AuthenticationService = {
// discussion-api uses a thread pool of 30 threads for the authentication service
// and the monitoring of that indicates that this is more than sufficient:
// when stats are logged there are no active threads and no queued tasks.
// Since calls to identity API will be a lot less frequent in this application,
// 10 should be more than sufficient, but the stats can be monitored and adjusted accordingly.
val blockingThreads = 10
// ExecutorService returned is a ThreadPoolExecutor.
// Explicitly cast to this type so that thread pool can be monitored
// (e.g. get access to active thread count etc).
val threadPool = Executors
.newFixedThreadPool(blockingThreads)
.asInstanceOf[ThreadPoolExecutor]
AuthenticationServiceThreadPoolMonitorer.monitorThreadPool(threadPool)
// Access token that's 'safe' to log e.g secret_token -> sec**********
// Assumes size of token significantly greater than size 3.
val scrubbedAccessToken = config.accessToken.zipWithIndex.map {
case (c, i) => if (i < 3) c else '*'
}.mkString
val uri = Uri.unsafeFromString(config.apiUrl)
// Log parameters to be sure they are correct.
logger.info(
s"initialising identity auth service - url: $uri, access token: $scrubbedAccessToken"
)
implicit val ec: ExecutionContext =
ExecutionContext.fromExecutorService(threadPool)
val idapiAuthConfig = IdapiAuthConfig(
identityApiUri = uri,
accessToken = config.accessToken
)
val oktaLocalConfig = OktaTokenValidationConfig(
OktaIssuerUrl(config.oktaIssuer),
Some(OktaAudience(config.oktaAudience)),
clientId = None
)
val identityAuthService = IdapiAuthService.unsafeInit(idapiAuthConfig)
val oktaLocalValidator = OktaLocalAccessTokenValidator
.fromConfig(oktaLocalConfig)
.getOrElse(throw new NoSuchElementException("Cannot configure validator"))
new AuthenticationService(identityAuthService, oktaLocalValidator)
}