feat: DTOSS-10962 Add Service Now, PDS and CIS config to Prod environment variables (#1689)

rfk-nc · web-flow · commit 55cbb8ee2ecb · 2025-10-01T08:23:49.000Z
Add config for PDS, CIs, Service Now
diff --git a/application/CohortManager/src/Web/app/lib/auth.ts b/application/CohortManager/src/Web/app/lib/auth.ts
@@ -15,7 +15,7 @@ const NHS_CIS2: OAuthConfig<Profile> = {
   clientSecret: process.env.AUTH_CIS2_CLIENT_SECRET,
   authorization: {
     params: {
-      acr_values: "AAL2_OR_AAL3_ANY",
+      acr_values: process.env.AUTH_CIS2_ACR_VALUES || "AAL2_OR_AAL3_ANY",
       scope: "openid profile nationalrbacaccess",
       response_type: "code",
       max_age: 240, // 4 minutes [Required by CIS2]
diff --git a/infrastructure/tf-core/environments/preprod.tfvars b/infrastructure/tf-core/environments/preprod.tfvars
@@ -1043,7 +1043,7 @@ function_apps = {
         }
       ]
       env_vars_static = {
-        RetrievePdsParticipantURL  = "https://int.api.service.nhs.uk/personal-demographics/FHIR/R4/Patient"
+        RetrievePdsParticipantURL  = "https://api.service.nhs.uk/personal-demographics/FHIR/R4/Patient"
         Kid                        = "RetrievePdsDemographic-prod"
         Audience                   = "https://api.service.nhs.uk/oauth2/token"
         AuthTokenURL               = "https://api.service.nhs.uk/oauth2/token"
@@ -1199,11 +1199,12 @@ linux_web_app = {
       app_service_plan_key = "NonScaling"
       env_vars = {
         static = {
-          AUTH_CIS2_ISSUER_URL = ""
-          AUTH_CIS2_CLIENT_ID  = ""
+          AUTH_CIS2_ISSUER_URL = "https://am.nhsint.auth-ptl.cis2.spineservices.nhs.uk:443"
+          AUTH_CIS2_CLIENT_ID  = "5780695865.cohort_manager_preprod.b099494b-7c49-4d78-9e3c-3a801aac691b.apps"
           AUTH_TRUST_HOST      = "true"
           NEXTAUTH_URL         = "https://cohort-pre.screening.nhs.uk/api/auth"
           SERVICE_NAME         = "Cohort Manager"
+          AUTH_CIS2_ACR_VALUES = "AAL3_ANY"
         }
         from_key_vault = {
           # env_var_name           = "key_vault_secret_name"
diff --git a/infrastructure/tf-core/environments/production.tfvars b/infrastructure/tf-core/environments/production.tfvars
@@ -412,7 +412,7 @@ function_apps = {
           env_var_name     = "RetrievePdsDemographicURL"
           function_app_key = "RetrievePDSDemographic"
         },
-                {
+        {
           env_var_name     = "ManageNemsSubscriptionUnsubscribeURL"
           function_app_key = "ManageNemsSubscription"
           endpoint_name    = "Unsubscribe"
@@ -980,10 +980,10 @@ function_apps = {
         }
       ]
       env_vars_static = {
-        ServiceNowRefreshAccessTokenUrl      = ""                                  # TODO: Get value
-        ServiceNowUpdateUrl                  = ""                                  # TODO: Get value
-        ServiceNowResolutionUrl              = ""                                  # TODO: Get value
-        ServiceNowGrantType                  = ""                                  # TODO: Get value
+        ServiceNowRefreshAccessTokenUrl      = "https://nhsdigitallive.service-now.com/oauth_token.do"
+        ServiceNowUpdateUrl                  = "https://nhsdigitallive.service-now.com/api/x_nhsd_intstation/nhs_integration/7ce726ef1b4b66d0772fa756b04bcb2a/CohortCaseUpdate"
+        ServiceNowResolutionUrl              = "https://nhsdigitallive.service-now.com/api/x_nhsd_intstation/nhs_integration/7ce726ef1b4b66d0772fa756b04bcb2a/CohortCaseResolution"
+        ServiceNowGrantType                  = "client_credentials"
         ServiceNowParticipantManagementTopic = "servicenow-participant-management" # Sends messages to the servicenow participant manage topic
       }
     }
@@ -1077,6 +1077,7 @@ function_apps = {
         }
       ]
       env_vars_static = {
+        # TODO: Add PDS details when available
         RetrievePdsParticipantURL  = ""
         Kid                        = ""
         Audience                   = ""
@@ -1233,11 +1234,13 @@ linux_web_app = {
       app_service_plan_key = "NonScaling"
       env_vars = {
         static = {
-          AUTH_CIS2_ISSUER_URL = ""
+          # TODO: Add CIS details when available
+          AUTH_CIS2_ISSUER_URL = "https://am.nhsidentity.spineservices.nhs.uk:443/openam/oauth2/realms/root/realms/NHSIdentity/realms/Healthcare"
           AUTH_CIS2_CLIENT_ID  = ""
           AUTH_TRUST_HOST      = "true"
           NEXTAUTH_URL         = "https://cohort.screening.nhs.uk/api/auth"
           SERVICE_NAME         = "Cohort Manager"
+          AUTH_CIS2_ACR_VALUES = "AAL3_ANY"
         }
         from_key_vault = {
           # env_var_name           = "key_vault_secret_name"
