SO search with search scope results in 403 Forbidden

digdir / dialogporten

Dialogporten - common API and and metadata state store for digital dialogs

https://docs.altinn.studio/dialogporten

MIT License

1 stars 3 forks source link

SO search with search scope results in 403 Forbidden #1475

Open oskogstad opened 1 week ago

oskogstad commented 1 week ago

Description

Using only the search scope, digdir:dialogporten.serviceprovider.search, on GET /api/v1/serviceowner/dialogs/ results in 403 Forbidden This is caused by a bad scope check in ClaimsPrincipalExtensions.GetUserType, it only checks for digdir:dialogporten.serviceprovider

Expected behavior

200 OK

Actual behavior

403 Forbidden

oskogstad commented 3 days ago

Ref. Slack discussion, changing this to require base scope on search.

LeifHelstad commented 10 hours ago

Her må jeg ha litt rettleding med tanke på setting av scope. Forstår vi skal ut i JWT landskapet (eller noe i den dur). Setter "Under test" og tar testing i løpet av kommende uke,