Auth Provider Config
Component Detail
Description
Stores per-tenant BankID OAuth client credentials (client_id, client_secret, redirect_uri, OIDC discovery endpoint URL) encrypted at rest in the auth_providers table. A provider_type discriminator field distinguishes BankID records from other providers, enabling the Authentication Module to host multiple OAuth providers in a single generic table without schema changes per provider.
auth-provider-config
Sources & reasoning
The Authentication Module must store per-tenant BankID OAuth credentials encrypted at rest, as stated in the implementation notes. Using a provider_type discriminator allows the same table to serve BankID and Vipps (and future providers) without schema branching, preserving the module portability requirement. This component is reused by the Vipps Authentication feature.
No source references — this artifact was included based on reasoning alone (see above).
Responsibilities
- Persist encrypted per-tenant BankID OAuth client_id and client_secret
- Store the BankID OIDC discovery endpoint URL per environment (test and production)
- Provide provider_type discriminator for multi-provider extensibility
- Supply the authorized redirect URI used during the OAuth callback
Interfaces
getProviderConfig(tenantId, providerType) → ProviderConfig
upsertProviderConfig(tenantId, providerType, config) → void
rotateClientSecret(tenantId, providerType, newSecret) → void
listConfiguredProviders(tenantId) → ProviderType[]
Relationships
Dependents (2)
Components that depend on this component
Related Data Entities (1)
Data entities managed by this component