NPA-4591: Updated proxy target to only allow AAL3 CIS2 Users to POST Consent Endpoint#152

Merged

ellie-bound1-NHSD merged 3 commits intomasterfrom

dev/NPA-4591-Add-Verify-Access-Token-Policy-for-CIS2-Users

Mar 10, 2025

Contributor

ellie-bound1-NHSD commented Mar 6, 2025 •

edited by simonstead

Loading

Pull Request

Ticket Link

https://nhsd-jira.digital.nhs.uk/browse/NPA-4591

Description/Change Summary

Requirement to permit CIS2 Users authenticated to level aal3 to use the new POST Consent endpoint
Updated scopes of validated-relationships-service-api to include CIS2 aal3 users
Updated OAuth2 policy to verify access token
Updated steps in pre-flow of the validated-relationships-service-api target to conditionally check auth_level and raise 401 error if not correct auth_level is present.

How to test?

Deployed to internal-dev apigee environment - revision 102
Run api tests in dev - the POST Consent endpoint api test should now fail and return 401
Have ticket NPA-4491 to add extra API Tests

Review Checklist

ℹ️ This section is to be filled in by the reviewer.

I have reviewed the changes in this PR and they fill all or part of the acceptance criteria of the ticket, and the code is in a mergeable state.
If there were infrastructure, operational, or build changes, I have made sure there is sufficient evidence that the changes will work.
I have ensured the changelog has been updated by the submitter, if necessary.

Post-merge

After merging and deploying changes to the sandbox, Postman collection or spec examples please run the Run Postman collection workflow.

This will run the tests within the collection to check that the sandbox is working as expected once deployed.

ellie-bound1-NHSD added enhancement do not merge labels

ellie-bound1-NHSD self-assigned this

github-actions bot commented Mar 6, 2025

This branch is work on a ticket in the NHS Digital NPA JIRA Project. Here's a handy link to the ticket:

NPA-4591

ellie-bound1-NHSD force-pushed the dev/NPA-4591-Add-Verify-Access-Token-Policy-for-CIS2-Users branch from 7417b94 to 414f091 Compare

March 6, 2025 15:59

github-actions bot commented Mar 6, 2025

This branch is work on a ticket in the NHS Digital NPA JIRA Project. Here's a handy link to the ticket:

NPA-4591


          NPA-4591: New OAuthV2 policy for CIS2 AAL3 scope conditionally applie…

86cc778

…d in Target PreFlow

ellie-bound1-NHSD force-pushed the dev/NPA-4591-Add-Verify-Access-Token-Policy-for-CIS2-Users branch from 414f091 to 86cc778 Compare

March 6, 2025 16:00

github-actions bot commented Mar 6, 2025

This branch is work on a ticket in the NHS Digital NPA JIRA Project. Here's a handy link to the ticket:

NPA-4591


          NPA-4591: Add raise fault step for wrong auth level

4765b2f

github-actions bot commented Mar 7, 2025

This branch is work on a ticket in the NHS Digital NPA JIRA Project. Here's a handy link to the ticket:

NPA-4591

ellie-bound1-NHSD changed the title ~~NPA-4591: New OAuthV2 policy for CIS2 AAL3 scope conditionally applied in Target PreFlow~~ NPA-4591: Updated proxy target to only allow AAL3 CIS2 Users to POST Consent Endpoint

simonstead approved these changes

View reviewed changes

JackPlowman approved these changes

View reviewed changes

Contributor

JackPlowman left a comment

LGTM 👍


          Merge branch 'master' into dev/NPA-4591-Add-Verify-Access-Token-Polic…

fd42043

…y-for-CIS2-Users

github-actions bot commented Mar 7, 2025

This branch is work on a ticket in the NHS Digital NPA JIRA Project. Here's a handy link to the ticket:

NPA-4591

ellie-bound1-NHSD removed the do not merge label

ellie-bound1-NHSD merged commit f1cae5f into master

14 checks passed

ellie-bound1-NHSD deleted the dev/NPA-4591-Add-Verify-Access-Token-Policy-for-CIS2-Users branch

March 10, 2025 09:34

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels