fix: remove extra CIS2 scopes for onboarding (#1643)

chrimesdev · web-flow · commit 05fe1bb0c68e · 2025-09-12T10:21:34.000Z
diff --git a/application/CohortManager/src/Web/app/account/page.tsx b/application/CohortManager/src/Web/app/account/page.tsx
@@ -30,12 +30,6 @@ export default async function Page() {
                   {session?.user?.firstName} {session?.user?.lastName}
                 </dd>
               </div>
-              <div className="nhsuk-summary-list__row">
-                <dt className="nhsuk-summary-list__key">Organisation</dt>
-                <dd className="nhsuk-summary-list__value">
-                  {session?.user?.orgName} ({session?.user?.odsCode})
-                </dd>
-              </div>
               <div className="nhsuk-summary-list__row">
                 <dt className="nhsuk-summary-list__key">Workgroups</dt>
                 <dd className="nhsuk-summary-list__value">
diff --git a/application/CohortManager/src/Web/app/lib/auth.ts b/application/CohortManager/src/Web/app/lib/auth.ts
@@ -16,8 +16,7 @@ const NHS_CIS2: OAuthConfig<Profile> = {
   authorization: {
     params: {
       acr_values: "AAL2_OR_AAL3_ANY",
-      scope:
-        "openid profile email nationalrbacaccess organisationalmemberships",
+      scope: "openid profile nationalrbacaccess",
       response_type: "code",
       max_age: 240, // 4 minutes [Required by CIS2]
     },
@@ -44,7 +43,6 @@ export const { handlers, auth, signIn, signOut } = NextAuth({
                 uid: "testuid",
                 firstName: "Test",
                 lastName: "User",
-                email: "",
               };
               return user;
             },
@@ -121,11 +119,8 @@ export const { handlers, auth, signIn, signOut } = NextAuth({
           uid: "testuid",
           firstName: "Test",
           lastName: "User",
-          email: "testuser@nhs.net",
           sub: "1234",
           sid: "5678",
-          orgName: "Test Org",
-          odsCode: "ABC",
           workgroups: ["Test Workgroup"],
           workgroups_codes: ["000000000000"],
         });
@@ -138,16 +133,9 @@ export const { handlers, auth, signIn, signOut } = NextAuth({
           family_name: lastName,
           sub,
           sid,
-          nhsid_org_memberships,
           nhsid_nrbac_roles,
         } = profile;
 
-        const [{ org_name: orgName, org_code: odsCode }] =
-          nhsid_org_memberships as {
-            org_name: string;
-            org_code: string;
-          }[];
-
         const workgroups = (nhsid_nrbac_roles as Array<unknown>).flatMap(
           (role) => (role as { workgroups?: unknown[] }).workgroups || []
         );
@@ -163,8 +151,6 @@ export const { handlers, auth, signIn, signOut } = NextAuth({
           lastName,
           sub: sub ?? undefined,
           sid: sid ?? undefined,
-          orgName,
-          odsCode,
           workgroups,
           workgroups_codes,
         });
@@ -179,8 +165,6 @@ export const { handlers, auth, signIn, signOut } = NextAuth({
           lastName,
           sub,
           sid,
-          odsCode,
-          orgName,
           workgroups,
           workgroups_codes,
         } = token;
@@ -191,8 +175,6 @@ export const { handlers, auth, signIn, signOut } = NextAuth({
           lastName,
           sub,
           sid,
-          odsCode,
-          orgName,
           workgroups,
           workgroups_codes,
         });
