use ac gouv conf when needed

app/services/agent_connect_service.rb

@@ -6,7 +6,7 @@ class AgentConnectService
   end
 
   def self.authorization_uri
-    client = OpenIDConnect::Client.new(AGENT_CONNECT)
+    client = OpenIDConnect::Client.new(conf)
 
     state = SecureRandom.hex(16)
     nonce = SecureRandom.hex(16)
@@ -22,14 +22,25 @@ class AgentConnectService
   end
 
   def self.user_info(code, nonce)
-    client = OpenIDConnect::Client.new(AGENT_CONNECT)
+    client = OpenIDConnect::Client.new(conf)
     client.authorization_code = code
 
     access_token = client.access_token!(client_auth_method: :secret)
 
-    id_token = ResponseObject::IdToken.decode(access_token.id_token, AGENT_CONNECT[:jwks])
+    id_token = ResponseObject::IdToken.decode(access_token.id_token, conf[:jwks])
-    id_token.verify!(AGENT_CONNECT.merge(nonce: nonce))
+    id_token.verify!(conf.merge(nonce: nonce))
 
     [access_token.userinfo!.raw_attributes, access_token.id_token]
   end
+
+  private
+
+  # TODO: remove this block when migration to new domain is done
+  def self.conf
+    if Current.host.end_with?('.gouv.fr')
+      AGENT_CONNECT_GOUV
+    else
+      AGENT_CONNECT
+    end
+  end
 end

config/env.example.optional

@@ -21,6 +21,11 @@ DS_ENV="staging"
 
 # Agent Connect usage
 # AGENT_CONNECT_ENABLED="disabled" # "enabled" by default
+#
+# useful when migrating to gouv domain
+# AGENT_CONNECT_GOUV_ID=""
+# AGENT_CONNECT_GOUV_SECRET=""
+# AGENT_CONNECT_GOUV_REDIRECT=""
 
 # Certigna usage
 # CERTIGNA_ENABLED="disabled" # "enabled" by default

config/initializers/agent_connect.rb

@@ -13,4 +13,15 @@ if ENV['AGENT_CONNECT_BASE_URL'].present?
     secret: ENV.fetch('AGENT_CONNECT_SECRET'),
     redirect_uri: ENV.fetch('AGENT_CONNECT_REDIRECT')
   }
+
+  if ENV['AGENT_CONNECT_GOUV_ID'].present?
+    gouv_conf = AGENT_CONNECT.dup
+
+    gouv_conf[:client_id] = ENV.fetch('AGENT_CONNECT_GOUV_ID')
+    gouv_conf[:identifier] = ENV.fetch('AGENT_CONNECT_GOUV_ID')
+    gouv_conf[:secret] = ENV.fetch('AGENT_CONNECT_GOUV_SECRET')
+    gouv_conf[:redirect_uri] = ENV.fetch('AGENT_CONNECT_GOUV_REDIRECT')
+
+    AGENT_CONNECT_GOUV = gouv_conf
+  end
 end