From e235190d4e629d87f1f4c1c3d51991be4d1add46 Mon Sep 17 00:00:00 2001
From: HaimKortovich <haimkortovich88@gmail.com>
Date: Wed, 13 May 2026 14:14:49 -0500
Subject: [PATCH] get config add runtime

---
 lib/policy_service/application.ex             |  2 --
 .../plugs/authorize_roles.ex                  |  3 ---
 lib/policy_service_web/router.ex              | 23 +++++++++++++------
 3 files changed, 16 insertions(+), 12 deletions(-)

diff --git a/lib/policy_service/application.ex b/lib/policy_service/application.ex
index 9a17579..86f0867 100644
--- a/lib/policy_service/application.ex
+++ b/lib/policy_service/application.ex
@@ -3,8 +3,6 @@ defmodule PolicyService.Application do
   # for more information on OTP Applications
   @moduledoc false
 
-  @zitadel Application.get_env(:policy_service, :zitadel)
-
   use Application
 
   @impl true
diff --git a/lib/policy_service_web/plugs/authorize_roles.ex b/lib/policy_service_web/plugs/authorize_roles.ex
index f970380..ac1f3cb 100644
--- a/lib/policy_service_web/plugs/authorize_roles.ex
+++ b/lib/policy_service_web/plugs/authorize_roles.ex
@@ -71,9 +71,6 @@ defmodule PolicyServiceWeb.Plugs.AuthorizeRoles do
         role = Map.get(roles_map, roles_claim, %{})
         role
 
-      %{claims: claims} when is_map(claims) ->
-        Map.get(claims, roles_claim, %{})
-
       _ ->
         %{}
     end
diff --git a/lib/policy_service_web/router.ex b/lib/policy_service_web/router.ex
index e7aec4b..888c7a9 100644
--- a/lib/policy_service_web/router.ex
+++ b/lib/policy_service_web/router.ex
@@ -15,13 +15,8 @@ defmodule PolicyServiceWeb.Router do
     plug PolicyServiceWeb.Plugs.RequireOrganizationId
     plug PolicyServiceWeb.Plugs.ExtractOrganizationId
 
-    plug Oidcc.Plug.IntrospectToken,
-      provider: PolicyService.ZitadelProvider,
-      client_id: Application.get_env(:policy_service, :zitadel)[:client_id],
-      client_secret: Application.get_env(:policy_service, :zitadel)[:client_secret]
-
-    plug PolicyServiceWeb.Plugs.AuthorizeRoles,
-      roles_claim: Application.get_env(:policy_service, :zitadel)[:roles_claim]
+    plug :introspect
+    plug :authorize_roles
   end
 
   get "/health", HealthController, :health
@@ -50,4 +45,18 @@ defmodule PolicyServiceWeb.Router do
   scope "/swaggerui" do
     get "/", OpenApiSpex.Plug.SwaggerUI, path: "/api/openapi"
   end
+
+  def introspect(conn, _opts) do
+    zitadel = Application.get_env(:policy_service, :zitadel)
+
+    {Oidcc.Plug.IntrospectToken,
+     provider: PolicyService.ZitadelProvider,
+     client_id: zitadel[:client_id],
+     client_secret: zitadel[:client_secret]}
+  end
+
+  def authorize_roles(conn, _opts) do
+    zitadel = Application.get_env(:policy_service, :zitadel)
+    {PolicyServiceWeb.Plugs.AuthorizeRoles, roles_claim: zitadel[:roles_claim]}
+  end
 end