From 0628f256d4c451794b71d85a8ee8449a31ca7559 Mon Sep 17 00:00:00 2001
From: Jack Brinkman <jack.brinkman@csiro.au>
Date: Mon, 29 Jul 2024 14:18:39 +1000
Subject: [PATCH] Update application.groovy

---
 grails-app/conf/application.groovy | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/grails-app/conf/application.groovy b/grails-app/conf/application.groovy
index 7c01cab92..e15d52101 100644
--- a/grails-app/conf/application.groovy
+++ b/grails-app/conf/application.groovy
@@ -15,8 +15,6 @@ collectory.service.url= "https://collections.ala.org.au"
 
 ecodata.baseURL= "https://ecodata.ala.org.au/"
 
-webservice['jwt-scopes'] = "ala/internal users/read ala/attrs ecodata/read ecodata/write"
-
 if(!app.domain.whiteList) {
         app.domain.whiteList = "ala.org.au,localhost"
 }
@@ -55,6 +53,13 @@ environments {
                 grails.config.locations = []
                 security.oidc.discoveryUri = "http://localhost:${wiremock.port}/cas/oidc/.well-known"
                 security.oidc.allowUnsignedIdTokens = true
+                security.oidc.clientId="oidcId"
+                security.oidc.secret="oidcSecret"
+                webservice['client-id']="jwtId"
+                webservice['client-secret'] = "jwtSecret"
+                tokenURI = "http://localhost:${wiremock.port}/cas/oidc/oidcAccessToken"
+                jwkURI = "http://localhost:${wiremock.port}/cas/oidc/jwks"
+                issuerURI = "http://localhost:${wiremock.port}/cas/oidc"
                 def casBaseUrl = "http://localhost:${wiremock.port}"
                 ehcache.directory = './ehcache'
                 security.cas.appServerName=serverName
@@ -128,12 +133,17 @@ security.oidc.enabled= true
 security.oidc.discoveryUri= "${auth.baseURL}/cas/oidc/.well-known"
 security.oidc.clientId= "changeMe"
 security.oidc.secret= "changeMe"
-security.oidc.scope= "openid,profile,email,ala,roles"
+security.oidc.scope= "openid profile email roles user_defined ala"
 security.oidc.allowUnsignedIdTokens= true
 
 security.jwt.enabled= true
 security.jwt.discoveryUri= "${auth.baseURL}/cas/oidc/.well-known"
-security.jwt.fallbackToLegacyBehaviour= true
+// security.jwt.fallbackToLegacyBehaviour= true
+
+webservice.jwt = true
+webservice['jwt-scopes'] = "ala/internal users/read ala/attrs ecodata/read ecodata/write"
+webservice['client-id']='changeMe'
+webservice['client-secret'] = 'changeMe'
 
 dataAccessMethods = [
         "oasrdfs",