security changes

dmp-backend/pom.xml

@@ -310,7 +310,7 @@
         <dependency>
             <groupId>gr.cite</groupId>
             <artifactId>oidc-authn</artifactId>
-            <version>2.2.0</version>
+            <version>2.2.1</version>
         </dependency>
         <dependency>
             <groupId>gr.cite</groupId>

dmp-backend/web/src/main/resources/config/security.yml

@@ -5,16 +5,11 @@ web:
     allowed-endpoints: [ api/public, api/description/public, api/dashboard/public ]
     idp:
       api-key:
-        enabled: true
-        authorization-header: Authorization
-        client-id: ${IDP_APIKEY_CLIENT_ID:}
-        client-secret: ${IDP_APIKEY_CLIENT_SECRET:}
-        scope: ${IDP_APIKEY_SCOPE:}
+        enabled: false
       resource:
         token-type: JWT #| opaque
-        opaque:
-          client-id: ${IDP_OPAQUE_CLIENT_ID:}
-          client-secret: ${IDP_OPAQUE_CLIENT_SECRET:}
         jwt:
           claims: [ role, x-role ]
-          issuer-uri: ${IDP_ISSUER_URI:}
+          issuer-uri: ${IDP_ISSUER_URI:}
+          audiences: [ "dmp_web" ]
+          validIssuer: ${IDP_ISSUER_URI:}