From 3409b5f392f1222565cb6944e939fb1a33b43068 Mon Sep 17 00:00:00 2001
From: "m.lettere" <marco.lettere@nubisware.com>
Date: Thu, 12 Jan 2023 16:20:24 +0100
Subject: [PATCH] reinforced authorize for reducing expiration risks

---
 templates/group_created.json.j2 | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/templates/group_created.json.j2 b/templates/group_created.json.j2
index bf902c4..5ea84bc 100644
--- a/templates/group_created.json.j2
+++ b/templates/group_created.json.j2
@@ -477,6 +477,23 @@
 			"scriptExpression": "return Java.to(Java.from($.otherpolicies).concat($.memberpolicy), 'java.lang.String[]')"
 		  }
 	},
+	{
+		"name" : "pyrest",
+		"taskReferenceName" : "authorize",
+		"type" : "SIMPLE",
+		"inputParameters" : {
+			"url" : "{{ keycloak }}/master/protocol/openid-connect/token",
+			"method" : "POST",
+			"headers" : {
+				"Accept" : "application/json"
+			},
+			"body" : {
+				"client_id" : "orchestrator", 
+				"client_secret" : "{{ keycloak_auth_master }}",
+				"grant_type" : "client_credentials"
+			}
+		}
+	},
 	{
 		"name" : "pyrest",
 		"taskReferenceName" : "finalize_permission",
@@ -493,7 +510,7 @@
 			},
 	  		"method" : "PUT",
 			"headers" : {
-			  "Authorization" : "Bearer ${authorize.output.body.access_token}",
+			  "Authorization" : "Bearer ${authorize2.output.body.access_token}",
 			  "Content-Type" : "application/json"
 			}
   		}