Store Attempts API token cost in configuration

app/services/attempts_api/request_token_validator.rb

@@ -49,7 +49,7 @@ def service_provider_exists
 
     def valid_request_token?
       return if config_data['tokens'].any? do |valid_token|
-        scrypt_salt = cost + OpenSSL::Digest::SHA256.hexdigest(valid_token['salt'])
+        scrypt_salt = valid_token['cost'] + OpenSSL::Digest::SHA256.hexdigest(valid_token['salt'])
         scrypted = SCrypt::Engine.hash_secret token, scrypt_salt, 32
         hashed_req_token = SCrypt::Password.new(scrypted).digest
         ActiveSupport::SecurityUtils.secure_compare(valid_token['value'], hashed_req_token)
@@ -72,10 +72,6 @@ def config_data_exists?
       config_data.present?
     end
 
-    def cost
-      IdentityConfig.store.scrypt_cost
-    end
-
     def service_provider
       @service_provider ||= ServiceProvider.find_by(issuer:)
     end

spec/controllers/api/attempts/events_controller_spec.rb

@@ -47,7 +47,7 @@
       allow(IdentityConfig.store).to receive(:allowed_attempts_providers).and_return(
         [{
           'issuer' => sp.issuer,
-          'tokens' => [{ 'value' => hashed_token, 'salt' => salt }],
+          'tokens' => [{ 'value' => hashed_token, 'salt' => salt, 'cost' => cost }],
         }],
       )
       allow(AttemptsApi::RedisClient).to receive(:new).and_return redis_client

spec/services/attempts_api/request_token_validator_spec.rb

@@ -24,6 +24,7 @@
             {
               'value' => hashed_token,
               'salt' => salt,
+              'cost' => cost,
             },
           ],
         },