Add step back EUOAllowlistRequired

pca-nhs · pca-nhs · commit 79d9eb8d754d · 2025-09-02T14:29:35.000Z
diff --git a/proxies/live/apiproxy/targets/ers-target.xml b/proxies/live/apiproxy/targets/ers-target.xml
@@ -163,6 +163,10 @@
                 <Name>OauthV2.VerifyAccessToken</Name>
             </Step>
             <!-- Must be placed after Authentication -->
+            <Step>
+                <Name>FlowCallout.EUOAllowlistRequired</Name>
+                <Condition>(accesstoken.auth_type == "user")</Condition>
+            </Step>
             <Step>
                 <Name>FlowCallout.ExtendedAttributes</Name>
                 <Condition>(accesstoken.auth_type == "user")</Condition>
@@ -207,14 +211,12 @@
     <Flows>
         <Flow name="user-restricted-flow">
             <Condition>(accesstoken.auth_type == "user")</Condition>
-            <Response/>
             <Request><Step>
                     <Name>FlowCallout.ExtendedAttributes</Name>
                 </Step> <!--AUTHORISED_APPLICATION business function is not supported in user restricted flow --><Step>
                     <Name>RaiseFault.403Forbidden</Name>
                     <Condition>(request.header.nhsd-ers-business-function == "AUTHORISED_APPLICATION")</Condition>
-            </Step><Step>
-                </Step> <Step>
+                </Step><Step>
                     <Name>AssignMessage.Set.x-ers-access-mode-header-user-restricted</Name>
                 </Step> <Step>
                     <Name>AssignMessage.Set.x-ers-user-id-header-user-restricted</Name>
