From 97c51c5048c8da3340103a280b7366eaa314e7fd Mon Sep 17 00:00:00 2001
From: Jack Plowman <62281988+JackPlowman@users.noreply.github.com>
Date: Thu, 7 Nov 2024 13:16:17 +0000
Subject: [PATCH] NPA-3627 Decode Auth Token

---
 .../policies/AssignMessage.AddUserAuthHeaders.xml        | 2 +-
 proxies/live/apiproxy/policies/DecodeAccessTokenJWT.xml  | 4 ++++
 proxies/live/apiproxy/targets/target.xml                 | 3 +++
 .../apiproxy/policies/AssignMessage.AddIssuerHeader.xml  | 2 +-
 .../apiproxy/policies/AssignMessage.AddUserIdHeader.xml  | 9 ---------
 5 files changed, 9 insertions(+), 11 deletions(-)
 create mode 100644 proxies/live/apiproxy/policies/DecodeAccessTokenJWT.xml
 delete mode 100644 proxies/sandbox/apiproxy/policies/AssignMessage.AddUserIdHeader.xml

diff --git a/proxies/live/apiproxy/policies/AssignMessage.AddUserAuthHeaders.xml b/proxies/live/apiproxy/policies/AssignMessage.AddUserAuthHeaders.xml
index 5bb63dd..dd9d2b5 100644
--- a/proxies/live/apiproxy/policies/AssignMessage.AddUserAuthHeaders.xml
+++ b/proxies/live/apiproxy/policies/AssignMessage.AddUserAuthHeaders.xml
@@ -5,7 +5,7 @@
         <Headers>
             <Header name="accesstoken.auth_level">{toUpperCase(accesstoken.auth_level)}</Header>
             <Header name="accesstoken.auth_user_id">{accesstoken.auth_user_id}</Header>
-            <Header name="accesstoken.auth_id_token">{accesstoken.id_token}</Header>
+            <Header name="accesstoken.auth_vot">{jwt.DecodeAccessTokenJWT.claim.vot}</Header>
         </Headers>
     </Add>
     <IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
diff --git a/proxies/live/apiproxy/policies/DecodeAccessTokenJWT.xml b/proxies/live/apiproxy/policies/DecodeAccessTokenJWT.xml
new file mode 100644
index 0000000..c87d014
--- /dev/null
+++ b/proxies/live/apiproxy/policies/DecodeAccessTokenJWT.xml
@@ -0,0 +1,4 @@
+<DecodeJWT async="false" continueOnError="false" enabled="true" name="DecodeAccessTokenJWT">
+  <DisplayName>DecodeAccessTokenJWT</DisplayName>
+  <Source>accesstoken.id_token</Source>
+</DecodeJWT>
diff --git a/proxies/live/apiproxy/targets/target.xml b/proxies/live/apiproxy/targets/target.xml
index 764bb0c..c35b254 100644
--- a/proxies/live/apiproxy/targets/target.xml
+++ b/proxies/live/apiproxy/targets/target.xml
@@ -14,6 +14,9 @@
             <Step>
                 <Name>AddProxyURL</Name>
             </Step>
+            <Step>
+                <Name>DecodeAccessTokenJWT</Name>
+            </Step>
             <Step>
                 <Name>AddUserAuthHeaders</Name>
             </Step>
diff --git a/proxies/sandbox/apiproxy/policies/AssignMessage.AddIssuerHeader.xml b/proxies/sandbox/apiproxy/policies/AssignMessage.AddIssuerHeader.xml
index d44d0df..a5e1d07 100644
--- a/proxies/sandbox/apiproxy/policies/AssignMessage.AddIssuerHeader.xml
+++ b/proxies/sandbox/apiproxy/policies/AssignMessage.AddIssuerHeader.xml
@@ -1,7 +1,7 @@
 <AssignMessage async="false" continueOnError="false" enabled="true" name="AssignMessage.AddIssuerHeader">
   <Add>
       <Headers>
-          <Header name="NHSD-Identity-IdP">{jwt.DecodeJWT.FromJWTHeader.claim.issuer}</Header>
+          <Header name="NHSD-Identity-IdP">{jwt.DecodeJWT.accesstoken.id_token}</Header>
       </Headers>
   </Add>
   <IgnoreUnresolvedVariables>false</IgnoreUnresolvedVariables>
diff --git a/proxies/sandbox/apiproxy/policies/AssignMessage.AddUserIdHeader.xml b/proxies/sandbox/apiproxy/policies/AssignMessage.AddUserIdHeader.xml
deleted file mode 100644
index 4d8362c..0000000
--- a/proxies/sandbox/apiproxy/policies/AssignMessage.AddUserIdHeader.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<AssignMessage async="false" continueOnError="false" enabled="true" name="AssignMessage.AddUserIdHeader">
-  <Add>
-      <Headers>
-          <Header name="NHSD-Identity-UUID">{jwt.DecodeJWT.FromJWTHeader.claim.subject}</Header>
-      </Headers>
-  </Add>
-  <IgnoreUnresolvedVariables>false</IgnoreUnresolvedVariables>
-  <AssignTo createNew="false" transport="http" type="request"/>
-</AssignMessage>