During the OAuth authorize flow, we look for boolean claim values to determine if the user is eligible.
IdG is changing their claims implementation to cut down on the size of the token being sent to Benefits. Instead of booleans, they will use integers to indicate claim values:
0 will indicate False (i.e. the claim indicates eligibility failed)
1 will indicate True (i.e. the claim indicates eligibility succeeded)
Any other integer >= 10 will indicate an error code
Note: the claim values are transmitted in the token as str, and should be parsed to int before usage.
Acceptance Criteria
[ ] authorize processes integer claims as described above
Additional context
While we work to implement this change, existing flows for Older Adults and Veterans will use both claim styles. New flows for CalFresh and the new Veterans API will ~only use the newer integer claim style, so this refactor is necessary for supporting those flows.~ also support both styles to allow us time to implement and cut over. There are an entirely new set of scopes created for the integer-based claims so as not to interfere with the existing implementation.
Once we have this change tested and deployed, IdG will cutover all flows to use the integer style only.
Mapping error codes to error messages and analytics will be handled in #2049.
During the OAuth
authorize
flow, we look for boolean claim values to determine if the user is eligible.IdG is changing their claims implementation to cut down on the size of the token being sent to Benefits. Instead of booleans, they will use integers to indicate claim values:
0
will indicateFalse
(i.e. the claim indicates eligibility failed)1
will indicateTrue
(i.e. the claim indicates eligibility succeeded)>= 10
will indicate an error codeNote: the claim values are transmitted in the token as
str
, and should be parsed toint
before usage.Acceptance Criteria
authorize
processes integer claims as described aboveAdditional context
While we work to implement this change, existing flows for Older Adults and Veterans will use both claim styles. New flows for CalFresh and the new Veterans API will ~only use the newer integer claim style, so this refactor is necessary for supporting those flows.~ also support both styles to allow us time to implement and cut over. There are an entirely new set of scopes created for the integer-based claims so as not to interfere with the existing implementation.
Once we have this change tested and deployed, IdG will cutover all flows to use the integer style only.
Mapping error codes to error messages and analytics will be handled in #2049.
See this Slack thread from @johnatstate for more context.