AUT-3895: Correct and improve IPV token call.

The request for a token to access the result of a re-verification should contain the original redirect_uri provided in the authorise request. We were providing the redirect_uri that belongs to orch rather than the auth one. This was causing the IPV token endpoint to not respond to requests. The ReverificationResult lambda did not have any timeout configuration on the token request and was hanging. The frontend does have a timeout so we were seeing a timeout error in the frontend. The Nimbus library httpRequest method defaults to not having a timeout for connect or read so an over-ride has been added to timeout connections and reads if IPV does not respond.
govuk-one-login · Jan 16, 2025 · f9d5137 · f9d5137
1 parent bb97685
commit f9d5137
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 1 deletion.
diff --git a/ci/terraform/oidc/reverification-result.tf b/ci/terraform/oidc/reverification-result.tf
@@ -30,7 +30,7 @@ module "reverification_result" {
     INTERNAl_SECTOR_URI                           = var.internal_sector_uri
     REDIS_KEY                                     = local.redis_key
     IPV_AUDIENCE                                  = var.ipv_audience
-    IPV_AUTHORISATION_CALLBACK_URI                = var.ipv_authorisation_callback_uri
+    IPV_AUTHORISATION_CALLBACK_URI                = var.ipv_auth_authorize_callback_uri
     IPV_AUTHORISATION_CLIENT_ID                   = var.ipv_authorisation_client_id
     ENVIRONMENT                                   = var.environment
     IPV_REVERIFICATION_REQUESTS_SIGNING_KEY_ALIAS = aws_kms_alias.ipv_reverification_request_signing_key_alias.arn

diff --git a/.../main/java/uk/gov/di/authentication/frontendapi/services/ReverificationResultService.java b/.../main/java/uk/gov/di/authentication/frontendapi/services/ReverificationResultService.java
@@ -103,6 +103,12 @@ public HTTPResponse toHTTPResponse() {
             count++;
             try {
                 var httpRequest = tokenRequest.toHTTPRequest();
+
+                LOG.info("Sending IPV token request to {}", httpRequest.getURI());
+
+                httpRequest.setConnectTimeout(1000);
+                httpRequest.setReadTimeout(60 * 1000);
+
                 var httpResponse = httpRequest.send();
 
                 tokenResponse = TokenResponse.parse(httpResponse);