Enable passing scopes to org token (#128)

Co-authored-by: Ivar Nesje <[email protected]>
Altinn · Nov 26, 2024 · 3ad4306 · 3ad4306
1 parent bcfe7a7
commit 3ad4306
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 5 deletions.
diff --git a/src/Controllers/HomeController.cs b/src/Controllers/HomeController.cs
@@ -201,10 +201,10 @@ public async Task<ActionResult> GetTestUserToken(int userId)
         /// <param name="id"></param>
         /// <returns></returns>
         [HttpGet("{id}")]
-        public async Task<ActionResult> GetTestOrgToken(string id, [FromQuery] string orgNumber = null)
+        public async Task<ActionResult> GetTestOrgToken(string id, [FromQuery] string orgNumber = null, [FromQuery] string scopes = null)
         {
             // Create a test token with long duration
-            string token = await _authenticationService.GenerateTokenForOrg(id, orgNumber);
+            string token = await _authenticationService.GenerateTokenForOrg(id, orgNumber, scopes);
 
             return Ok(token);
         }

diff --git a/src/Services/Authentication/Implementation/AuthenticationService.cs b/src/Services/Authentication/Implementation/AuthenticationService.cs
@@ -56,7 +56,7 @@ public string GenerateToken(ClaimsPrincipal principal)
     }
 
     /// <inheritdoc />
-    public async Task<string> GenerateTokenForOrg(string org, string? orgNumber = null)
+    public async Task<string> GenerateTokenForOrg(string org, string? orgNumber = null, string? scopes = null)
     {
         if (orgNumber is null)
         {
@@ -69,7 +69,8 @@ public async Task<string> GenerateTokenForOrg(string org, string? orgNumber = nu
         claims.Add(new Claim(AltinnCoreClaimTypes.Org, org.ToLower(), ClaimValueTypes.String, issuer));
         // 3 is the default level for altinn tokens form Maskinporten
         claims.Add(new Claim(AltinnCoreClaimTypes.AuthenticationLevel, "3", ClaimValueTypes.Integer32, issuer));
-        claims.Add(new Claim("urn:altinn:scope", "altinn:serviceowner/instances.read", ClaimValueTypes.String, issuer));
+        scopes ??= "altinn:serviceowner/instances.read";
+        claims.Add(new Claim("urn:altinn:scope", scopes, ClaimValueTypes.String, issuer));
         if (!string.IsNullOrEmpty(orgNumber))
         {
             claims.Add(new Claim(AltinnCoreClaimTypes.OrgNumber, orgNumber, ClaimValueTypes.String, issuer));

diff --git a/src/Services/Authentication/Interface/IAuthentication.cs b/src/Services/Authentication/Interface/IAuthentication.cs
@@ -20,7 +20,7 @@ public interface IAuthentication
         /// <param name="org">Three letter application owner name (eg, TST )</param>
         /// <param name="orgNumber">Optional Organization number for the application owner. Will be fetched if not provided</param>
         /// <returns>JWT token</returns>
-        public Task<string> GenerateTokenForOrg(string org, string? orgNumber = null);
+        public Task<string> GenerateTokenForOrg(string org, string? orgNumber = null, string? scopes = null);
 
         /// <summary>
         /// Get JWT token for user profile