Merge pull request #650 from NHSDigital/FLAGSAPI-1140-update-security-to-AAL2

FLAGSAPI-1140 update user restricted scope to be level aal2

Author: RyanThomas1214

manifest_template.yml

@@ -71,7 +71,7 @@ apigee:
 {% endif %}
         scopes:
           - 'urn:nhsd:apim:app:level3:summary-care-record'
-          - 'urn:nhsd:apim:user-nhs-id:aal3:summary-care-record'
+          - 'urn:nhsd:apim:user-nhs-id:aal2:summary-care-record'
         quota: {{ ENV.quota | default('300') }}
         quotaInterval: '1'
         quotaTimeUnit: minute
@@ -92,7 +92,7 @@ ACCESS_MODES:
   - name: user-restricted
     nameSuffix: ''
     displayName: Healthcare Worker
-    scopes: ['urn:nhsd:apim:user-nhs-id:aal3:summary-care-record']
+    scopes: ['urn:nhsd:apim:user-nhs-id:aal2:summary-care-record']
     requireCallbackUrl: true
     description: User restricted
   - name: application-restricted

proxies/live/apiproxy/policies/OAuthV2.VerifyAccessToken.xml

@@ -1,3 +1,4 @@
 <OAuthV2 async="false" continueOnError="false" enabled="true" name="OauthV2.VerifyAccessToken">
   <Operation>VerifyAccessToken</Operation>
+  <Scope>urn:nhsd:apim:app:level3:summary-care-record urn:nhsd:apim:user-nhs-id:aal2:summary-care-record</Scope>
 </OAuthV2>

proxies/live/apiproxy/targets/scr-target.xml

@@ -29,7 +29,7 @@
       </Step>
       <Step>
         <Name>AssignMessage.SetAccessModeUserRestricted</Name>
-        <Condition>(scope JavaRegex "(.+\ urn:nhsd:apim:user-nhs-id:aal3:summary-care-record\ .+|^urn:nhsd:apim:user-nhs-id:aal3:summary-care-record\ .+|.+\ urn:nhsd:apim:user-nhs-id:aal3:summary-care-record$|^urn:nhsd:apim:user-nhs-id:aal3:summary-care-record$)")</Condition>
+        <Condition>(scope JavaRegex "(.+\ urn:nhsd:apim:user-nhs-id:aal2:summary-care-record\ .+|^urn:nhsd:apim:user-nhs-id:aal2:summary-care-record\ .+|.+\ urn:nhsd:apim:user-nhs-id:aal2:summary-care-record$|^urn:nhsd:apim:user-nhs-id:aal2:summary-care-record$)")</Condition>
       </Step>
       <Step>
         <Name>FlowCallout.UserRoleService</Name>