Fix

Author: pca-nhs

proxies/live/apiproxy/targets/ers-target.xml

@@ -163,10 +163,6 @@
                 <Name>OauthV2.VerifyAccessToken</Name>
             </Step>
             <!-- Must be placed after Authentication -->
-            <Step>
-                <Name>FlowCallout.EUOAllowlistRequired</Name>
-                <Condition>(accesstoken.auth_type == "user")</Condition>
-            </Step>
             <Step>
                 <Name>FlowCallout.ExtendedAttributes</Name>
                 <Condition>(accesstoken.auth_type == "user")</Condition>
@@ -211,9 +207,8 @@
     <Flows>
         <Flow name="user-restricted-flow">
             <Condition>(accesstoken.auth_type == "user")</Condition>
-            <Request><Step>
-                    <Name>FlowCallout.ExtendedAttributes</Name>
-                </Step> <!--AUTHORISED_APPLICATION business function is not supported in user restricted flow --><Step>
+            <Request>
+                <!--AUTHORISED_APPLICATION business function is not supported in user restricted flow --><Step>
                     <Name>RaiseFault.403Forbidden</Name>
                     <Condition>(request.header.nhsd-ers-business-function == "AUTHORISED_APPLICATION")</Condition>
                 </Step><Step>
@@ -264,6 +259,7 @@
             The Swapping of the Request Headers converts X-Correlation-ID to NHSD-Correlation-ID before sending to backend. -->
                     <Name>AssignMessage.Swap.CorrelationHeader</Name>
                 </Step></Request>
+            <Response/>
         </Flow>
         <Flow name="app-restricted-flow">
             <Condition>(accesstoken.auth_type == "app")</Condition>