DPC-5159 multi csp user POC#2896
Open
jdettmannnava wants to merge 30 commits intojd/dpc-5127-multiple-oidcfrom
Open
DPC-5159 multi csp user POC#2896jdettmannnava wants to merge 30 commits intojd/dpc-5127-multiple-oidcfrom
jdettmannnava wants to merge 30 commits intojd/dpc-5127-multiple-oidcfrom
Conversation
MEspositoE14s
approved these changes
Feb 4, 2026
Contributor
MEspositoE14s
left a comment
MEspositoE14s
left a comment
There was a problem hiding this comment.
LGTM as far as I understand the way this is supposed to work 👍
Contributor
|
Hi @jdettmannnava, this changes look good. I see that you mentioned being able to successfully log in with multiple idps. I have your branch running locally and was wondering how I can also do this? I just see the option for login.gov. 
|
Contributor
Author
@Jose-verdance |
## 🎫 Ticket https://jira.cms.gov/browse/DPC-5081 ## 🛠 Changes Makes site navigation consistent across pages. ## ℹ️ Context Standardizing navigation across the site will allow for a more consistent user experience. ## 🧪 Validation TOS - added "return to organization list" link, removed "cancel" button <img width="1016" height="778" alt="image" src="https://github.com/user-attachments/assets/226e17ae-32cc-42d5-a92a-cf02aca1772a" /> Org detail - added "return to organization list" link <img width="988" height="785" alt="image" src="https://github.com/user-attachments/assets/55ff6c7f-26af-4d24-b84d-9535e449bfee" /> Assign CD - added "back to organization" link, removed "go back" button <img width="585" height="928" alt="image" src="https://github.com/user-attachments/assets/041de676-9aff-4831-915a-3725bdfa5c0e" /> Generate token - added "back to organization" link <img width="510" height="415" alt="image" src="https://github.com/user-attachments/assets/f4a57a96-fc57-44a4-b20d-03bc573e6e33" /> Add key - added "back to organization" link <img width="525" height="933" alt="image" src="https://github.com/user-attachments/assets/bc58f70c-6e3f-43b6-b00d-184bd13f3b07" /> Add IP - added "back to organization" link <img width="551" height="589" alt="image" src="https://github.com/user-attachments/assets/7033abb0-2a77-4cde-888d-7d9f550f6aba" /> Show token - added "back to organization" link, removed "return to portal" button <img width="615" height="547" alt="image" src="https://github.com/user-attachments/assets/4e7ff1c9-2c84-49b8-ad74-0e27e1d05a26" />
## 🎫 Ticket No ticket. ## 🛠 Changes Removed orphan Docker containers at end of portal test scripts. ## ℹ️ Context Our current commands for testing the portal modules locally leave orphan containers after each run, which uses extra disk space. ## 🧪 Validation Removes orphan containers locally.
## 🎫 Ticket [DPC-5169](https://jira.cms.gov/browse/DPC-5169) ## 🛠 Changes <!-- What was added, updated, or removed in this PR? --> - update routes to include lookbook routes for when `"ENV" == "test"` ## ℹ️ Context <!-- Why were these changes made? Add background context suitable for a non-technical audience. --> <!-- If any of the following security implications apply, this PR must not be merged without Stephen Walter's approval. Explain in this section and add @SJWalter11 as a reviewer. - Adds a new software dependency or dependencies. - Modifies or invalidates one or more of our security controls. - Stores or transmits data that was not stored or transmitted before. - Requires additional review of security implications for other reasons. --> - working with content + design in sprint 1.3, I discovered that some application states are difficult to reproduce, like the error message for Login.gov being unavailable - For folks to review these types of messages, lookbook is an easier option than having developers force certain application states - By adding lookbook to _test_, all content review can be done on _test_ between logged in views requiring AO invite as well as navigating to https://test.dpc.cms.gov/portal/lookbook ## 🧪 Validation <!-- How were the changes verified? Did you fully test the acceptance criteria in the ticket? Provide reproducible testing instructions and screenshots if applicable. --> Manually tested this in _test_ environment <img width="1275" height="600" alt="Screenshot 2026-02-12 at 5 06 40 PM" src="https://github.com/user-attachments/assets/361ad1c0-4b2a-493f-90e1-e468a31e4b00" />
## 🎫 Ticket https://jira.cms.gov/browse/DPC-5149 ## 🛠 Changes Added workflow for deploying quicksight report lambda. ## ℹ️ Context We have a new lambda we might need to deploy, and this makes it possible to do from our normal deployment process. This is a simplified version of ecs-deploy.yml ## 🧪 Validation Ran successfully: https://github.com/CMSgov/dpc-app/actions/runs/21950843441
…p across 1 directory (#2911) Bumps the npm_and_yarn group with 1 update in the /dpc-portal directory: [qs](https://github.com/ljharb/qs). Updates `qs` from 6.14.1 to 6.14.2 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/ljharb/qs/blob/main/CHANGELOG.md">qs's changelog</a>.</em></p> <blockquote> <h2><strong>6.14.2</strong></h2> <ul> <li>[Fix] <code>parse</code>: mark overflow objects for indexed notation exceeding <code>arrayLimit</code> (<a href="https://redirect.github.com/ljharb/qs/issues/546">#546</a>)</li> <li>[Fix] <code>arrayLimit</code> means max count, not max index, in <code>combine</code>/<code>merge</code>/<code>parseArrayValue</code></li> <li>[Fix] <code>parse</code>: throw on <code>arrayLimit</code> exceeded with indexed notation when <code>throwOnLimitExceeded</code> is true (<a href="https://redirect.github.com/ljharb/qs/issues/529">#529</a>)</li> <li>[Fix] <code>parse</code>: enforce <code>arrayLimit</code> on <code>comma</code>-parsed values</li> <li>[Fix] <code>parse</code>: fix error message to reflect arrayLimit as max index; remove extraneous comments (<a href="https://redirect.github.com/ljharb/qs/issues/545">#545</a>)</li> <li>[Robustness] avoid <code>.push</code>, use <code>void</code></li> <li>[readme] document that <code>addQueryPrefix</code> does not add <code>?</code> to empty output (<a href="https://redirect.github.com/ljharb/qs/issues/418">#418</a>)</li> <li>[readme] clarify <code>parseArrays</code> and <code>arrayLimit</code> documentation (<a href="https://redirect.github.com/ljharb/qs/issues/543">#543</a>)</li> <li>[readme] replace runkit CI badge with shields.io check-runs badge</li> <li>[meta] fix changelog typo (<code>arrayLength</code> → <code>arrayLimit</code>)</li> <li>[actions] fix rebase workflow permissions</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ljharb/qs/commit/bdcf0c7f82387c18ac8fabfccd2f440645cef47b"><code>bdcf0c7</code></a> v6.14.2</li> <li><a href="https://github.com/ljharb/qs/commit/294db90c812ddbe7d7a35d5687c505fd21a2d6a2"><code>294db90</code></a> [readme] document that <code>addQueryPrefix</code> does not add <code>?</code> to empty output</li> <li><a href="https://github.com/ljharb/qs/commit/5c308e5516c270a78caa6f278465914090f91ec6"><code>5c308e5</code></a> [readme] clarify <code>parseArrays</code> and <code>arrayLimit</code> documentation</li> <li><a href="https://github.com/ljharb/qs/commit/6addf8cf738d529c54d91f6f3ffb6c1be91bbfdc"><code>6addf8c</code></a> [Fix] <code>parse</code>: mark overflow objects for indexed notation exceeding <code>arrayLimit</code></li> <li><a href="https://github.com/ljharb/qs/commit/cfc108f662326d6ab540f3545ef0b832baf83cdf"><code>cfc108f</code></a> [Fix] <code>arrayLimit</code> means max count, not max index, in <code>combine</code>/<code>merge</code>/`pars...</li> <li><a href="https://github.com/ljharb/qs/commit/febb64442a80e49200211fa38d3c96b58024ac77"><code>febb644</code></a> [Fix] <code>parse</code>: throw on <code>arrayLimit</code> exceeded with indexed notation when `thr...</li> <li><a href="https://github.com/ljharb/qs/commit/f6a7abff1f13d644db9b05fe4f2c98ada6bf8482"><code>f6a7abf</code></a> [Fix] <code>parse</code>: enforce <code>arrayLimit</code> on <code>comma</code>-parsed values</li> <li><a href="https://github.com/ljharb/qs/commit/fbc5206c25b4d1851cea683f02c10756c521d15a"><code>fbc5206</code></a> [Fix] <code>parse</code>: fix error message to reflect arrayLimit as max index; remove e...</li> <li><a href="https://github.com/ljharb/qs/commit/1b9a8b4e78c6aff4c22fa559107227f02fd0216a"><code>1b9a8b4</code></a> [actions] fix rebase workflow permissions</li> <li><a href="https://github.com/ljharb/qs/commit/2a35775614e0fb46ac8a3060201a32a7c23a7fda"><code>2a35775</code></a> [meta] fix changelog typo (<code>arrayLength</code> → <code>arrayLimit</code>)</li> <li>Additional commits viewable in <a href="https://github.com/ljharb/qs/compare/v6.14.1...v6.14.2">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/CMSgov/dpc-app/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…ler group across 1 directory (#2907) Bumps the bundler group with 1 update in the /engines/api_client directory: [faraday](https://github.com/lostisland/faraday). Updates `faraday` from 2.13.4 to 2.14.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/lostisland/faraday/releases">faraday's releases</a>.</em></p> <blockquote> <h2>v2.14.1</h2> <h2>Security Note</h2> <p>This release contains a security fix, we recommend all users to upgrade as soon as possible. A Security Advisory with more details will be posted shortly.</p> <h2>What's Changed</h2> <ul> <li>Add comprehensive AI agent guidelines for Claude, Cursor, and GitHub Copilot by <a href="https://github.com/Copilot"><code>@Copilot</code></a> in <a href="https://redirect.github.com/lostisland/faraday/pull/1642">lostisland/faraday#1642</a></li> <li>Add RFC document for Options architecture refactoring plan by <a href="https://github.com/Copilot"><code>@Copilot</code></a> in <a href="https://redirect.github.com/lostisland/faraday/pull/1644">lostisland/faraday#1644</a></li> <li>Bump actions/checkout from 5 to 6 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/lostisland/faraday/pull/1655">lostisland/faraday#1655</a></li> <li>Explicit top-level namespace reference by <a href="https://github.com/c960657"><code>@c960657</code></a> in <a href="https://redirect.github.com/lostisland/faraday/pull/1657">lostisland/faraday#1657</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/Copilot"><code>@Copilot</code></a> made their first contribution in <a href="https://redirect.github.com/lostisland/faraday/pull/1642">lostisland/faraday#1642</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/lostisland/faraday/compare/v2.14.0...v2.14.1">https://github.com/lostisland/faraday/compare/v2.14.0...v2.14.1</a></p> <h2>v2.14.0</h2> <h2>What's Changed</h2> <h3>New features ✨</h3> <ul> <li>Use newer <code>UnprocessableContent</code> naming for 422 by <a href="https://github.com/tylerhunt"><code>@tylerhunt</code></a> in <a href="https://redirect.github.com/lostisland/faraday/pull/1638">lostisland/faraday#1638</a></li> </ul> <h3>Fixes 🐞</h3> <ul> <li>Convert strings to UTF-8 by <a href="https://github.com/c960657"><code>@c960657</code></a> in <a href="https://redirect.github.com/lostisland/faraday/pull/1624">lostisland/faraday#1624</a></li> <li>Fix <code>Response#to_hash</code> when response not finished yet by <a href="https://github.com/yykamei"><code>@yykamei</code></a> in <a href="https://redirect.github.com/lostisland/faraday/pull/1639">lostisland/faraday#1639</a></li> </ul> <h3>Misc/Docs 📄</h3> <ul> <li>Lint: use <code>filter_map</code> by <a href="https://github.com/olleolleolle"><code>@olleolleolle</code></a> in <a href="https://redirect.github.com/lostisland/faraday/pull/1637">lostisland/faraday#1637</a></li> <li>Bump <code>actions/checkout</code> from v4 to v5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/lostisland/faraday/pull/1636">lostisland/faraday#1636</a></li> <li>Fixes documentation by <a href="https://github.com/dharamgollapudi"><code>@dharamgollapudi</code></a> in <a href="https://redirect.github.com/lostisland/faraday/pull/1635">lostisland/faraday#1635</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/c960657"><code>@c960657</code></a> made their first contribution in <a href="https://redirect.github.com/lostisland/faraday/pull/1624">lostisland/faraday#1624</a></li> <li><a href="https://github.com/dharamgollapudi"><code>@dharamgollapudi</code></a> made their first contribution in <a href="https://redirect.github.com/lostisland/faraday/pull/1635">lostisland/faraday#1635</a></li> <li><a href="https://github.com/tylerhunt"><code>@tylerhunt</code></a> made their first contribution in <a href="https://redirect.github.com/lostisland/faraday/pull/1638">lostisland/faraday#1638</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/lostisland/faraday/compare/v2.13.4...v2.14.0">https://github.com/lostisland/faraday/compare/v2.13.4...v2.14.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/lostisland/faraday/commit/16cbd38ef252d25dedf416a4d2510a2f3db10c87"><code>16cbd38</code></a> Version bump to 2.14.1</li> <li><a href="https://github.com/lostisland/faraday/commit/a6d3a3a0bf59c2ab307d0abd91bc126aef5561bc"><code>a6d3a3a</code></a> Merge commit from fork</li> <li><a href="https://github.com/lostisland/faraday/commit/b23f710d28c0dba169470f568df4017a1e8beea7"><code>b23f710</code></a> Explicit top-level namespace reference (<a href="https://redirect.github.com/lostisland/faraday/issues/1657">#1657</a>)</li> <li><a href="https://github.com/lostisland/faraday/commit/49ba4ac3a7359baed634c12a82386f6c8c717ea8"><code>49ba4ac</code></a> Bump actions/checkout from 5 to 6 (<a href="https://redirect.github.com/lostisland/faraday/issues/1655">#1655</a>)</li> <li><a href="https://github.com/lostisland/faraday/commit/51a49bc99d7df6f724d250d64771e1d710576df7"><code>51a49bc</code></a> Ensure Claude reads the guidelines and allow to plan in a gitignored .ai/PLAN...</li> <li><a href="https://github.com/lostisland/faraday/commit/894f65cab8f04bcf35e84a2dfd9fc0286dbce340"><code>894f65c</code></a> Add RFC document for Options architecture refactoring plan (<a href="https://redirect.github.com/lostisland/faraday/issues/1644">#1644</a>)</li> <li><a href="https://github.com/lostisland/faraday/commit/397e3ded0c5166313bb22f1c0221b36b6023fd0f"><code>397e3de</code></a> Add comprehensive AI agent guidelines for Claude, Cursor, and GitHub Copilot ...</li> <li><a href="https://github.com/lostisland/faraday/commit/d98c65cfc254ea2898386e4359428527122abec3"><code>d98c65c</code></a> Update Faraday-specific AI agent guidelines</li> <li><a href="https://github.com/lostisland/faraday/commit/56c18ecb718e30c5a3a0dea9bd2361912af9013c"><code>56c18ec</code></a> Add AI agent guidelines specific to Faraday repository</li> <li><a href="https://github.com/lostisland/faraday/commit/3201a42957d37efc968ee8834ba9b50ed5dde54a"><code>3201a42</code></a> Version bump to 2.14.0</li> <li>Additional commits viewable in <a href="https://github.com/lostisland/faraday/compare/v2.13.4...v2.14.1">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/CMSgov/dpc-app/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Ashley Weaver <134093673+ashley-weaver@users.noreply.github.com>
## 🎫 Ticket https://jira.cms.gov/browse/DPC-4984 ## 🛠 Changes <!-- What was added, updated, or removed in this PR? --> This change adds new smoke test for both synchronous and asynchronous patient everything endpoints. ## ℹ️ Context <!-- Why were these changes made? Add background context suitable for a non-technical audience. --> <!-- If any of the following security implications apply, this PR must not be merged without Stephen Walter's approval. Explain in this section and add @SJWalter11 as a reviewer. - Adds a new software dependency or dependencies. - Modifies or invalidates one or more of our security controls. - Stores or transmits data that was not stored or transmitted before. - Requires additional review of security implications for other reasons. --> This adds smoke test coverage to this high use endpoint. ## 🧪 Validation <!-- How were the changes verified? Did you fully test the acceptance criteria in the ticket? Provide reproducible testing instructions and screenshots if applicable. --> Confirmed the smoke test succeed locally and in higher environments. Dev https://github.com/CMSgov/dpc-app/actions/runs/21990516533 Test https://github.com/CMSgov/dpc-app/actions/runs/21958462870 Sandbox https://github.com/CMSgov/dpc-app/actions/runs/21959205829 Prod https://github.com/CMSgov/dpc-app/actions/runs/21960235280
## 🎫 Ticket https://jira.cms.gov/browse/DPC-5208 ## 🛠 Changes Adds user service error handling to register path. ## ℹ️ Context This bug was found when a Login.gov token expired before a CD invite could be accepted on step 3, which calls the `/register` path. UserInfoServiceErrors raised here were not being handled. ## 🧪 Validation Locally generated CD invite and got to step 3: Accept invite, then raised `UserInfoServiceError, 'unauthorized'` when requesting user info, now goes back to Login.gov step.
## 🎫 Ticket https://jira.cms.gov/browse/DPC-5207 ## 🛠 Changes Call to deleteS3File removed. ## ℹ️ Context We are changing the source of the response file for opt-out-import. Burling asked us to stop deleting the file for easy comparison with IDR exports. ## 🧪 Validation Added check in integration test that file still exists.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Not for merge.
🎫 Ticket
https://jira.cms.gov/browse/DPC-5159
🛠 Changes
ℹ️ Context
We need to support the ability of each user to log in to the portal with multiple CSPs.
Note: because of the way we fake the CPI API Gateway, most Authrorized Officials share the same PacId. Therefore, unlike in production, where each user will have their own PacId, we cannot bind multiple CSPs to the same user by PacId in local, dev, test, and sandbox environments. That is why we use the email address to deduplicate all users in the lower environments. We do want to test this flow, which is why we also bind AOs on PacId while running automated tests.
🧪 Validation
Updated Manual tests.
Logged in as same user using multiple IdPs.