Skip to content

Commit f7d2f52

Browse files
Merge pull request #650 from NHSDigital/FLAGSAPI-1140-update-security-to-AAL2
FLAGSAPI-1140 update user restricted scope to be level aal2
2 parents 25a518a + a5839af commit f7d2f52

File tree

3 files changed

+4
-3
lines changed

3 files changed

+4
-3
lines changed

manifest_template.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -71,7 +71,7 @@ apigee:
7171
{% endif %}
7272
scopes:
7373
- 'urn:nhsd:apim:app:level3:summary-care-record'
74-
- 'urn:nhsd:apim:user-nhs-id:aal3:summary-care-record'
74+
- 'urn:nhsd:apim:user-nhs-id:aal2:summary-care-record'
7575
quota: {{ ENV.quota | default('300') }}
7676
quotaInterval: '1'
7777
quotaTimeUnit: minute
@@ -92,7 +92,7 @@ ACCESS_MODES:
9292
- name: user-restricted
9393
nameSuffix: ''
9494
displayName: Healthcare Worker
95-
scopes: ['urn:nhsd:apim:user-nhs-id:aal3:summary-care-record']
95+
scopes: ['urn:nhsd:apim:user-nhs-id:aal2:summary-care-record']
9696
requireCallbackUrl: true
9797
description: User restricted
9898
- name: application-restricted
Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,4 @@
11
<OAuthV2 async="false" continueOnError="false" enabled="true" name="OauthV2.VerifyAccessToken">
22
<Operation>VerifyAccessToken</Operation>
3+
<Scope>urn:nhsd:apim:app:level3:summary-care-record urn:nhsd:apim:user-nhs-id:aal2:summary-care-record</Scope>
34
</OAuthV2>

proxies/live/apiproxy/targets/scr-target.xml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -29,7 +29,7 @@
2929
</Step>
3030
<Step>
3131
<Name>AssignMessage.SetAccessModeUserRestricted</Name>
32-
<Condition>(scope JavaRegex "(.+\ urn:nhsd:apim:user-nhs-id:aal3:summary-care-record\ .+|^urn:nhsd:apim:user-nhs-id:aal3:summary-care-record\ .+|.+\ urn:nhsd:apim:user-nhs-id:aal3:summary-care-record$|^urn:nhsd:apim:user-nhs-id:aal3:summary-care-record$)")</Condition>
32+
<Condition>(scope JavaRegex "(.+\ urn:nhsd:apim:user-nhs-id:aal2:summary-care-record\ .+|^urn:nhsd:apim:user-nhs-id:aal2:summary-care-record\ .+|.+\ urn:nhsd:apim:user-nhs-id:aal2:summary-care-record$|^urn:nhsd:apim:user-nhs-id:aal2:summary-care-record$)")</Condition>
3333
</Step>
3434
<Step>
3535
<Name>FlowCallout.UserRoleService</Name>

0 commit comments

Comments
 (0)