get config add runtime

lib/policy_service/application.ex

@@ -3,8 +3,6 @@ defmodule PolicyService.Application do
   # for more information on OTP Applications
   @moduledoc false
 
-  @zitadel Application.get_env(:policy_service, :zitadel)
-
   use Application
 
   @impl true

lib/policy_service_web/plugs/authorize_roles.ex

@@ -71,9 +71,6 @@ defmodule PolicyServiceWeb.Plugs.AuthorizeRoles do
         role = Map.get(roles_map, roles_claim, %{})
         role
 
-      %{claims: claims} when is_map(claims) ->
-        Map.get(claims, roles_claim, %{})
-
       _ ->
         %{}
     end

lib/policy_service_web/router.ex

@@ -15,13 +15,8 @@ defmodule PolicyServiceWeb.Router do
     plug PolicyServiceWeb.Plugs.RequireOrganizationId
     plug PolicyServiceWeb.Plugs.ExtractOrganizationId
 
-    plug Oidcc.Plug.IntrospectToken,
-      provider: PolicyService.ZitadelProvider,
-      client_id: Application.get_env(:policy_service, :zitadel)[:client_id],
-      client_secret: Application.get_env(:policy_service, :zitadel)[:client_secret]
-
-    plug PolicyServiceWeb.Plugs.AuthorizeRoles,
-      roles_claim: Application.get_env(:policy_service, :zitadel)[:roles_claim]
+    plug :introspect
+    plug :authorize_roles
   end
 
   get "/health", HealthController, :health
@@ -50,4 +45,18 @@ defmodule PolicyServiceWeb.Router do
   scope "/swaggerui" do
     get "/", OpenApiSpex.Plug.SwaggerUI, path: "/api/openapi"
   end
+
+  def introspect(conn, _opts) do
+    zitadel = Application.get_env(:policy_service, :zitadel)
+
+    {Oidcc.Plug.IntrospectToken,
+     provider: PolicyService.ZitadelProvider,
+     client_id: zitadel[:client_id],
+     client_secret: zitadel[:client_secret]}
+  end
+
+  def authorize_roles(conn, _opts) do
+    zitadel = Application.get_env(:policy_service, :zitadel)
+    {PolicyServiceWeb.Plugs.AuthorizeRoles, roles_claim: zitadel[:roles_claim]}
+  end
 end