From eb99f628dae8ae421ac384674d09620bb1308dc8 Mon Sep 17 00:00:00 2001 From: Martin Othamar Date: Mon, 25 Nov 2024 13:55:20 +0100 Subject: [PATCH] Enable passing scopes to org token --- src/Controllers/HomeController.cs | 4 ++-- .../Authentication/Implementation/AuthenticationService.cs | 5 +++-- src/Services/Authentication/Interface/IAuthentication.cs | 2 +- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/src/Controllers/HomeController.cs b/src/Controllers/HomeController.cs index c46c4792..f63a89e4 100644 --- a/src/Controllers/HomeController.cs +++ b/src/Controllers/HomeController.cs @@ -201,10 +201,10 @@ public async Task GetTestUserToken(int userId) /// /// [HttpGet("{id}")] - public async Task GetTestOrgToken(string id, [FromQuery] string orgNumber = null) + public async Task GetTestOrgToken(string id, [FromQuery] string orgNumber = null, [FromQuery] string scopes = null) { // Create a test token with long duration - string token = await _authenticationService.GenerateTokenForOrg(id, orgNumber); + string token = await _authenticationService.GenerateTokenForOrg(id, orgNumber, scopes); return Ok(token); } diff --git a/src/Services/Authentication/Implementation/AuthenticationService.cs b/src/Services/Authentication/Implementation/AuthenticationService.cs index a1711ac4..f6be90e6 100644 --- a/src/Services/Authentication/Implementation/AuthenticationService.cs +++ b/src/Services/Authentication/Implementation/AuthenticationService.cs @@ -56,7 +56,7 @@ public string GenerateToken(ClaimsPrincipal principal) } /// - public async Task GenerateTokenForOrg(string org, string? orgNumber = null) + public async Task GenerateTokenForOrg(string org, string? orgNumber = null, string? scopes = null) { if (orgNumber is null) { @@ -69,7 +69,8 @@ public async Task GenerateTokenForOrg(string org, string? orgNumber = nu claims.Add(new Claim(AltinnCoreClaimTypes.Org, org.ToLower(), ClaimValueTypes.String, issuer)); // 3 is the default level for altinn tokens form Maskinporten claims.Add(new Claim(AltinnCoreClaimTypes.AuthenticationLevel, "3", ClaimValueTypes.Integer32, issuer)); - claims.Add(new Claim("urn:altinn:scope", "altinn:serviceowner/instances.read", ClaimValueTypes.String, issuer)); + scopes ??= "altinn:serviceowner/instances.read"; + claims.Add(new Claim("urn:altinn:scope", scopes, ClaimValueTypes.String, issuer)); if (!string.IsNullOrEmpty(orgNumber)) { claims.Add(new Claim(AltinnCoreClaimTypes.OrgNumber, orgNumber, ClaimValueTypes.String, issuer)); diff --git a/src/Services/Authentication/Interface/IAuthentication.cs b/src/Services/Authentication/Interface/IAuthentication.cs index ed664234..f060e87c 100644 --- a/src/Services/Authentication/Interface/IAuthentication.cs +++ b/src/Services/Authentication/Interface/IAuthentication.cs @@ -20,7 +20,7 @@ public interface IAuthentication /// Three letter application owner name (eg, TST ) /// Optional Organization number for the application owner. Will be fetched if not provided /// JWT token - public Task GenerateTokenForOrg(string org, string? orgNumber = null); + public Task GenerateTokenForOrg(string org, string? orgNumber = null, string? scopes = null); /// /// Get JWT token for user profile