From 10e2cc942de9bb46e32d2bd2fad3c3aaafb44df4 Mon Sep 17 00:00:00 2001
From: Okke Harsta <oharsta@zilverline.com>
Date: Fri, 17 Jan 2025 14:12:04 +0100
Subject: [PATCH] Show control code after creation

---
 myconext-gui/package.json                     |   3 +-
 myconext-gui/src/locale/en.js                 |  12 +-
 myconext-gui/src/locale/nl.js                 |  15 +-
 myconext-gui/src/routes/PersonalInfo.svelte   |  72 ++-
 myconext-gui/src/utils/date.js                |   5 +
 myconext-gui/src/verify/ServiceDesk.svelte    |  45 +-
 myconext-gui/src/verify/VerifyChoice.svelte   |  17 +-
 .../java/myconext/api/LoginController.java    |  11 +-
 .../src/main/java/myconext/model/User.java    |   8 +
 .../java/myconext/model/UserResponse.java     |   2 +
 .../security/SecurityConfiguration.java       |   9 +-
 ...eslint.config.js => eslint.config.js.nope} |   0
 servicedesk-gui/index.html                    |   2 +-
 servicedesk-gui/package.json                  |   6 +-
 servicedesk-gui/src/App.jsx                   |  93 ++--
 servicedesk-gui/src/api/index.js              |  25 +-
 servicedesk-gui/src/index.scss                |   6 +-
 servicedesk-gui/src/locale/I18n.js            |   6 -
 servicedesk-gui/src/locale/en.js              | 505 +----------------
 servicedesk-gui/src/locale/nl.js              | 518 +-----------------
 servicedesk-gui/src/main.jsx                  |  20 +-
 servicedesk-gui/src/pages/Login.scss          |   2 +-
 servicedesk-gui/src/pages/NotFound.scss       |   2 +-
 servicedesk-gui/src/stores/AppStore.js        |   1 -
 servicedesk-gui/src/styles/mixins.scss        |   2 +-
 servicedesk-gui/src/styles/responsive.scss    |   2 +-
 servicedesk-gui/src/utils/QueryParameters.js  |  10 +
 servicedesk-gui/src/utils/Utils.js            |  52 ++
 servicedesk-gui/vite.config.js                |  13 +
 servicedesk-gui/yarn.lock                     |   5 +
 30 files changed, 289 insertions(+), 1180 deletions(-)
 rename servicedesk-gui/{eslint.config.js => eslint.config.js.nope} (100%)
 create mode 100644 servicedesk-gui/src/utils/QueryParameters.js
 create mode 100644 servicedesk-gui/src/utils/Utils.js

diff --git a/myconext-gui/package.json b/myconext-gui/package.json
index d5d18388..c064f8da 100644
--- a/myconext-gui/package.json
+++ b/myconext-gui/package.json
@@ -25,7 +25,8 @@
     "svelte-preprocess": "^6.0.3",
     "vite": "^6.0.2",
     "vite-plugin-svelte-svgr": "^1.0.4",
-    "vite-plugin-svelte-svg-loader": "^1.0.1"
+    "vite-plugin-svelte-svg-loader": "^1.0.1",
+    "@castlenine/svelte-qrcode":"^2.3.0"
   },
   "resolutions": {
     "glob-parent": "^6.0.2",
diff --git a/myconext-gui/src/locale/en.js b/myconext-gui/src/locale/en.js
index f7da5739..3c9d7e1f 100644
--- a/myconext-gui/src/locale/en.js
+++ b/myconext-gui/src/locale/en.js
@@ -293,7 +293,6 @@ I18n.translations.en = {
         deleteToken: "Revoke access token",
         deleted: "eduID removed",
         tokenDeleted: "Tokens removed"
-
     },
     institution: {
         title: "Connected institution",
@@ -576,7 +575,8 @@ I18n.translations.en = {
         issuers: {
             eherkenning: "eIDAS",
             idin: "Idin",
-            studielink: "Studielink"
+            studielink: "Studielink",
+            servicedesk: "Service Desk"
         },
         serviceDesk: {
             confirmIdentityHeader: "You need to manually confirm your identity",
@@ -597,12 +597,13 @@ I18n.translations.en = {
                 information: "Enter your details as they appear on your ID. Names must be in Roman characters.",
                 lastName: "Last name",
                 firstName: "First name(s)",
-                dateOfBirth: "Date of birth",
+                dayOfBirth: "Date of birth",
                 generateControlCode: "Generate verification code"
             },
             controlCode: {
+                controlCode: "Verification code",
                 yourControlCode: "Your verification code",
-                info: "You will also receive an email with this code. The code is valid for 14 days and is intended for:",
+                info: "You will also receive an email with this code. The code is valid for {{nbr}} more days and is intended for:",
                 typoPrefix: "Made a typo? ",
                 typoLink: "Edit your details",
                 todo: "What's next?",
@@ -614,7 +615,8 @@ I18n.translations.en = {
                 deleteControlCode: "Delete verification code",
                 deletedControlCode: "Verification code deleted",
                 banner: "Verify your identity at an eduID Service Desk by presenting your ID and verification code.",
-                showCode: "Show code"
+                showCode: "Show code",
+                validityCode: "Your code is valid for {{nbr}} more days."
             }
         }
     }
diff --git a/myconext-gui/src/locale/nl.js b/myconext-gui/src/locale/nl.js
index 50dcc315..52749396 100644
--- a/myconext-gui/src/locale/nl.js
+++ b/myconext-gui/src/locale/nl.js
@@ -195,7 +195,6 @@ I18n.translations.nl = {
             passkey: "Passkey",
             passkeyAdd: "Voeg een passkey toe"
         },
-
         tiqr: {
             title: "Wil je de volgende keer sneller en veiliger inloggen?",
             info: "Download de <strong>eduID app</strong> en log veilig in zonder wachtwoord of toegang tot je e-mail.",
@@ -221,7 +220,6 @@ I18n.translations.nl = {
             getCode: "Vraag een code aan",
             codeInfo: "Hopelijk bewaard op een veilige plek",
             getCodeInfo: "En bewaar het op een veilige plek",
-
         }
     },
     home: {
@@ -353,7 +351,6 @@ I18n.translations.nl = {
         flash: {
             passwordLink: "Een e-mail is verstuurd naar {{name}} om je wachtwoord opnieuw in te stellen."
         }
-
     },
     webauthn: {
         setTitle: "Beveiligingssleutel toevoegen",
@@ -413,7 +410,6 @@ I18n.translations.nl = {
         maxAttemptsPost: "om opnieuw je telefoonnummer in te voeren en een nieuwe code te ontvangen",
         maxAttemptsPostNoReEnter: "om een nieuwe code aan te vragen",
         here: " hier "
-
     },
     enrollApp: {
         header: "Voltooi de installatie in de eduID app",
@@ -579,7 +575,8 @@ I18n.translations.nl = {
         issuers: {
             eherkenning: "eIDAS",
             idin: "Idin",
-            studielink: "Studielink"
+            studielink: "Studielink",
+            servicedesk: "Service Desk"
         },
         serviceDesk: {
             confirmIdentityHeader: "Bevestig wie je bent met je identiteitsbewijs",
@@ -600,12 +597,13 @@ I18n.translations.nl = {
                 information: "Vul je gegevens in zoals die op je identiteitsbewijs staan.",
                 lastName: "Achternaam",
                 firstName: "Voornamen",
-                dateOfBirth: "Geboortedatum",
+                dayOfBirth: "Geboortedatum",
                 generateControlCode: "Genereer controlcode"
             },
             controlCode: {
+                controlCode: "Controlecode",
                 yourControlCode: "Je controlecode",
-                info: "Je krijgt ook een e-mail met deze code. De code is 14 dagen geldig en is bedoeld voor:",
+                info: "Je krijgt ook een e-mail met deze code. De code is {{nbr}} dagen geldig en is bedoeld voor:",
                 typoPrefix: "Typfout gemaakt? ",
                 typoLink: "Pas gegevens aan",
                 todo: "Wat moet je nu doen?",
@@ -617,7 +615,8 @@ I18n.translations.nl = {
                 deleteControlCode: "Verwijder controlecode",
                 deletedControlCode: "Verificatie-code verwijderd",
                 banner: "Bevestig je identiteit bij een eduID Service Desk. Dit doe je door je identiteitsbewijs en controlecode te laten zien.",
-                showCode: "Toon code"
+                showCode: "Toon code",
+                validityCode: "Je code is nog geldig voor {{nbr}} dagen."
             }
         },
     }
diff --git a/myconext-gui/src/routes/PersonalInfo.svelte b/myconext-gui/src/routes/PersonalInfo.svelte
index 2fd624d5..5ffd6f5c 100644
--- a/myconext-gui/src/routes/PersonalInfo.svelte
+++ b/myconext-gui/src/routes/PersonalInfo.svelte
@@ -7,7 +7,7 @@
     import alertSvg from "../icons/alert-circle.svg?raw";
     import Button from "../components/Button.svelte";
     import {
-        deleteLinkedAccount, deleteUserControlCode,
+        deleteLinkedAccount,
         iDINIssuers,
         preferLinkedAccount,
         startLinkAccountFlow,
@@ -61,7 +61,7 @@
     let showControlCode = false;
 
     const manageVerifiedInformation = path => {
-        navigate(`/${path}`, {replace:true});
+        navigate(`/${path}`, {replace: true});
     }
 
     const preferInstitution = (showConfirmation, linkedAccount) => {
@@ -136,7 +136,7 @@
         }
     }
 
-    const refresh = (retry=false) => {
+    const refresh = (retry = false) => {
         ($user.linkedAccounts || []).forEach(account => markExpired(account));
         ($user.externalLinkedAccounts || []).forEach(account => markExternalLinkedAccountExpired(account));
         sortedAccounts = ($user.linkedAccounts || []).sort((a, b) => b.createdAt - a.createdAt);
@@ -213,6 +213,7 @@
         showModal = false;
         showNewInstitutionModal = false;
         showPreferredInstitutionModal = false;
+        showControlCode = false;
         const url = new URL(window.location.href);
         url.search = "";
         history.pushState({}, "", url.toString());
@@ -233,20 +234,20 @@
         const newExternalAccountLinked = !isEmpty(verify) && !isEmpty($user.externalLinkedAccounts);
 
         if (newAccountLinked || newExternalAccountLinked) {
-                //Determine if the new account is external or not
-                const newAccount = newExternalAccountLinked ?
-                    $user.externalLinkedAccounts[0] :
-                    ($user.linkedAccounts || [])
-                        .find(la => la.eduPersonPrincipalName === linkedAccountIdentifier || la.subjectId === linkedAccountIdentifier);
-
-                if (newAccount && (newExternalAccountLinked || !isEmpty(newAccount.givenName) || !isEmpty(newAccount.familyName))) {
-                    newInstitution = newAccount;
-                    if ((($user.linkedAccounts || []).length + ($user.externalLinkedAccounts || []).length) === 1) {
-                        showNewInstitutionModal = true;
-                    } else {
-                        preferInstitution(true, newAccount);
-                    }
+            //Determine if the new account is external or not
+            const newAccount = newExternalAccountLinked ?
+                $user.externalLinkedAccounts[0] :
+                ($user.linkedAccounts || [])
+                    .find(la => la.eduPersonPrincipalName === linkedAccountIdentifier || la.subjectId === linkedAccountIdentifier);
+
+            if (newAccount && (newExternalAccountLinked || !isEmpty(newAccount.givenName) || !isEmpty(newAccount.familyName))) {
+                newInstitution = newAccount;
+                if ((($user.linkedAccounts || []).length + ($user.externalLinkedAccounts || []).length) === 1) {
+                    showNewInstitutionModal = true;
+                } else {
+                    preferInstitution(true, newAccount);
                 }
+            }
         }
         if (!isEmpty(retry)) {
             addIdentity(true);
@@ -357,8 +358,9 @@
         font-size: 22px;
         font-family: Nunito, sans-serif;
         color: var(--color-primary-green);
+
         &.second {
-          margin: 25px 0 15px 0;
+            margin: 25px 0 15px 0;
         }
     }
 
@@ -399,6 +401,7 @@
             @media (max-width: $max-width-mobile) {
                 margin-left: 0;
             }
+
             :global(svg) {
                 height: 28px;
                 width: auto;
@@ -476,10 +479,15 @@
         display: flex;
         flex-direction: column;
         padding: 25px;
+
         span {
             margin: auto;
-            font-size: 34px;
-            letter-spacing: 6px;
+
+            &.code {
+                font-size: 34px;
+                margin-bottom: 40px;
+                letter-spacing: 6px;
+            }
         }
     }
 
@@ -489,12 +497,12 @@
     {#if showManageVerifiedInformation}
         <div class="inner-container">
             <div class="verified-information">
-            <div class="with-icon">
+                <div class="with-icon">
                 <span class="back" on:click={() => manageVerifiedInformation("personal")}>
                     {@html arrowLeft}
                 </span>
-                <h2>{I18n.t("profile.verifiedInformation")}</h2>
-            </div>
+                    <h2>{I18n.t("profile.verifiedInformation")}</h2>
+                </div>
                 <p class="info">{I18n.t("profile.verifiedInformationInfo")}</p>
                 <div class="preferred-info">
                     {@html personalInfo}
@@ -648,9 +656,10 @@
     </Modal>
 {/if}
 
-{#if showModal}
+{#if showModal || showControlCode}
     <Modal close={() => resetModalsAndQueryParams()}
-           title={showIdinOptions ? I18n.t("verify.modal.header") : I18n.t("profile.addInstitution")}
+           title={showIdinOptions ? I18n.t("verify.modal.header") : showControlCode ?
+                I18n.t("verify.serviceDesk.controlCode.controlCode") : I18n.t("profile.addInstitution")}
            showOptions={false}>
         <VerifyChoice addInstitution={addInstitution}
                       addBank={addBank}
@@ -658,6 +667,7 @@
                       issuers={issuers}
                       showIdinOptions={showIdinOptions}
                       showServiceDesk={serviceDeskStart}
+                      showControlCode={showControlCode}
                       cancel={() => resetModalsAndQueryParams()}/>
     </Modal>
 {/if}
@@ -693,17 +703,3 @@
         />
     </Modal>
 {/if}
-
-{#if showControlCode}
-    <Modal submit={() => showControlCode = false}
-           close={() => showControlCode = false}
-           cancelTitle={I18n.t("verify.serviceDesk.controlCode.deleteControlCode")}
-           largeConfirmation={true}
-           confirmTitle={I18n.t("profile.ok")}
-           title={I18n.t("verify.serviceDesk.controlCode.yourControlCode")}>
-        <div class="control-code">
-            <span>{$user.controlCode.code}</span>
-        </div>
-    </Modal>
-{/if}
-
diff --git a/myconext-gui/src/utils/date.js b/myconext-gui/src/utils/date.js
index c97a3b33..a2b86bd6 100644
--- a/myconext-gui/src/utils/date.js
+++ b/myconext-gui/src/utils/date.js
@@ -14,3 +14,8 @@ export function dateFromEpoch(epochMilli, includeTime = false) {
     const timeFormatted = ` ${I18n.t("security.tiqr.dateTimeOn")} ${date.getHours()}:${minutesFormatted}`;
     return `${dateFormatted}${timeFormatted}`
 }
+
+export function verificationCodeValidityDays(controlCode) {
+    const millis = new Date().getTime() - controlCode.createdAt || new Date().getTime();
+    return Math.floor(millis / (1000 * 60 * 60 * 24)) + 14;
+}
diff --git a/myconext-gui/src/verify/ServiceDesk.svelte b/myconext-gui/src/verify/ServiceDesk.svelte
index ddac1080..1f15175d 100644
--- a/myconext-gui/src/verify/ServiceDesk.svelte
+++ b/myconext-gui/src/verify/ServiceDesk.svelte
@@ -7,26 +7,38 @@
     import idCard from "../icons/verify/idCard.svg?raw";
     import {isEmpty} from "../utils/utils.js";
     import {createUserControlCode, deleteUserControlCode} from "../api/index.js";
+    import {verificationCodeValidityDays} from "../utils/date";
+    import {onMount} from "svelte";
 
     export let toggleView;
     export let cancelView;
+    export let showControlCode = false;
 
-    let step = 0;
+    let step = showControlCode ? 2 : 0;
     let lastName = "";
     let firstName = "";
-    let dateOfBirth = "";
+    let dayOfBirth = "";
     let code = "";
 
+    onMount(() => {
+        if (showControlCode) {
+            lastName = $user.controlCode.lastName;
+            firstName = $user.controlCode.lastName;
+            dayOfBirth = $user.controlCode.dayOfBirth;
+            code = $user.controlCode.code;
+        }
+    })
+
+
     const cancel = () => {
         toggleView();
         step = 0;
         lastName = "";
         firstName = "";
-        dateOfBirth = "";
+        dayOfBirth = "";
     }
 
     const backToPersonal = () => {
-        $user.controlCode = {code: code};
         cancelView();
     }
 
@@ -40,10 +52,10 @@
     }
 
     const generateControlCode = () => {
-        createUserControlCode(firstName, lastName, dateOfBirth)
+        createUserControlCode(firstName, lastName, dayOfBirth)
             .then(res => {
                 code = res.code;
-                $user.controlCode = {code: res.code};
+                $user.controlCode = res;
                 step = 2;
             });
     }
@@ -180,6 +192,11 @@
             letter-spacing: 6px;
         }
 
+        input:disabled {
+            background-color: var(--color-primary-yellow);
+            border: none;
+        }
+
         .rethink {
             display: flex;
             gap: 2px;
@@ -240,13 +257,13 @@
         <input id="firstName"
                type="text"
                bind:value={firstName}/>
-        <label for="dateOfBirth">{I18n.t("verify.serviceDesk.idCard.dateOfBirth")}</label>
-        <input id="dateOfBirth"
+        <label for="dayOfBirth">{I18n.t("verify.serviceDesk.idCard.dayOfBirth")}</label>
+        <input id="dayOfBirth"
                type="text"
-               bind:value={dateOfBirth}/>
+               bind:value={dayOfBirth}/>
         <Button label={I18n.t("verify.serviceDesk.idCard.generateControlCode")}
                 fullSize={true}
-                disabled={isEmpty(lastName) || isEmpty(firstName) || isEmpty(dateOfBirth)}
+                disabled={isEmpty(lastName) || isEmpty(firstName) || isEmpty(dayOfBirth)}
                 onClick={() => generateControlCode()}/>
     {:else if step === 2}
         <div>
@@ -254,7 +271,7 @@
             <div class="control-code">
                 <span>{code}</span>
             </div>
-            <p>{I18n.t("verify.serviceDesk.controlCode.info")}</p>
+            <p>{I18n.t("verify.serviceDesk.controlCode.info", {nbr: verificationCodeValidityDays($user.controlCode)})}</p>
             <div class="control-code">
                 <label for="lastName">{I18n.t("verify.serviceDesk.idCard.lastName")}</label>
                 <input id="lastName"
@@ -268,12 +285,12 @@
                        class="read-only"
                        disabled="true"
                        bind:value={firstName}/>
-                <label for="dateOfBirth">{I18n.t("verify.serviceDesk.idCard.dateOfBirth")}</label>
-                <input id="dateOfBirth"
+                <label for="dayOfBirth">{I18n.t("verify.serviceDesk.idCard.dayOfBirth")}</label>
+                <input id="dayOfBirth"
                        type="text"
                        class="read-only"
                        disabled="true"
-                       bind:value={dateOfBirth}/>
+                       bind:value={dayOfBirth}/>
                 <div class="rethink">
                     <p>{I18n.t("verify.serviceDesk.controlCode.typoPrefix")}</p>
                     <a href="/#" on:click|preventDefault|stopPropagation={() => step = 1}>
diff --git a/myconext-gui/src/verify/VerifyChoice.svelte b/myconext-gui/src/verify/VerifyChoice.svelte
index 4a43a746..3ae469ef 100644
--- a/myconext-gui/src/verify/VerifyChoice.svelte
+++ b/myconext-gui/src/verify/VerifyChoice.svelte
@@ -20,6 +20,7 @@
     export let showIdinOptions;
     export let cancel;
     export let showServiceDesk = false;
+    export let showControlCode = false;
 
     let showOtherOptions = false;
     let showBankOptions = false;
@@ -152,7 +153,7 @@
 <div class="account-link-mod">
 
 
-    {#if !showServiceDesk && (!showBankOptions || busyProcessing)}
+    {#if !showServiceDesk && !showControlCode && (!showBankOptions || busyProcessing)}
         <div class="info-container">
             <h3 class="header">{I18n.t("verify.modal.info.subheader")}</h3>
             <p>{showIdinOptions ? I18n.t("verify.modal.info.please") : I18n.t("profile.addInstitutionInfo")}</p>
@@ -170,12 +171,12 @@
                         onClick={() => proceed(addInstitution)}/>
             </div>
         </div>
-        {#if !showOtherOptions && $config.featureIdVerify && showIdinOptions && !showServiceDesk}
+        {#if !showOtherOptions && $config.featureIdVerify && showIdinOptions && !showServiceDesk && !showControlCode}
             <div class="choice-container other-options" on:click={() => showOtherOptions = !showOtherOptions}>
                 <p>{I18n.t("verify.modal.info.other")}</p>
             </div>
         {/if}
-        {#if showOtherOptions && !showServiceDesk}
+        {#if showOtherOptions && !showServiceDesk && !showControlCode}
             <div class="choice-container">
                 <div class="choice">
                     <p class="question">{I18n.t("verify.modal.info.verifyBank")}</p>
@@ -213,7 +214,7 @@
             </div>
         {/if}
     {/if}
-    {#if showBankOptions && !busyProcessing && !showServiceDesk}
+    {#if showBankOptions && !busyProcessing && !showServiceDesk && !showControlCode}
         <div class="info-container">
             <div class="header-container">
             <span class="back" on:click={() => showBankOptions = !showBankOptions}>
@@ -233,7 +234,7 @@
         </div>
     {/if}
 </div>
-{#if showBankOptions && !busyProcessing && !showServiceDesk}
+{#if showBankOptions && !busyProcessing && !showServiceDesk && !showControlCode}
     <div class="alert">
         {@html alertSvg}
         <span>{I18n.t("verify.modal.bank.anotherMethodPrefix")}
@@ -243,7 +244,9 @@
         </span>
     </div>
 {/if}
-{#if !busyProcessing && showServiceDesk}
-    <ServiceDesk toggleView={() => showServiceDesk = false} cancelView={cancel}/>
+{#if !busyProcessing && (showServiceDesk || showControlCode)}
+    <ServiceDesk toggleView={() => showServiceDesk = false}
+                 cancelView={cancel}
+                 showControlCode={showControlCode}/>
 {/if}
 
diff --git a/myconext-server/src/main/java/myconext/api/LoginController.java b/myconext-server/src/main/java/myconext/api/LoginController.java
index 5671cb7e..6de2bdfd 100644
--- a/myconext-server/src/main/java/myconext/api/LoginController.java
+++ b/myconext-server/src/main/java/myconext/api/LoginController.java
@@ -16,6 +16,7 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.web.context.SecurityContextRepository;
@@ -107,7 +108,15 @@ public LoginController(UserRepository userRepository,
 
     @GetMapping("/config")
     public Map<String, Object> config() {
-        return config;
+        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+        Map<String ,Object> copyConfig = new HashMap<>(config);
+        boolean authenticated = authentication != null && authentication.isAuthenticated() && authentication.getPrincipal() instanceof User;
+        copyConfig.put("authenticated", authenticated);
+        if (authenticated ) {
+            User user = (User) authentication.getPrincipal();
+            copyConfig.put("user", user.serviceDeskSummary());
+        }
+        return copyConfig;
     }
 
     @GetMapping("/register")
diff --git a/myconext-server/src/main/java/myconext/model/User.java b/myconext-server/src/main/java/myconext/model/User.java
index 95ac427f..ac2630f1 100644
--- a/myconext-server/src/main/java/myconext/model/User.java
+++ b/myconext-server/src/main/java/myconext/model/User.java
@@ -461,6 +461,14 @@ private String getDerivedName(String fallback, ProvisionedNameProvider provision
                 .orElse(fallback);
     }
 
+    public Map<String, Object> serviceDeskSummary() {
+        return Map.of(
+                "name", String.format("%s %s", this.getDerivedGivenName(), this.getDerivedFamilyName()),
+                "email", this.email,
+                "serviceDeskMember", this.serviceDeskMember
+        );
+    }
+
     private interface ProvisionedNameProvider {
 
         String derivedName(ProvisionedLinkedAccount provisionedLinkedAccount);
diff --git a/myconext-server/src/main/java/myconext/model/UserResponse.java b/myconext-server/src/main/java/myconext/model/UserResponse.java
index a1890ed2..30657d0b 100644
--- a/myconext-server/src/main/java/myconext/model/UserResponse.java
+++ b/myconext-server/src/main/java/myconext/model/UserResponse.java
@@ -38,6 +38,7 @@ public class UserResponse implements Serializable {
     private final List<String> loginOptions;
     private final Map<String, Object> registration = new HashMap<>();
     private final ControlCode controlCode;
+    private final boolean serviceDeskMember;
 
     public UserResponse(User user,
                         Map<String, EduID> eduIdPerServiceProvider,
@@ -105,5 +106,6 @@ public UserResponse(User user,
             registration.put("updated", reg.getUpdated().toEpochMilli());
         });
         this.controlCode = user.getControlCode();
+        this.serviceDeskMember = user.isServiceDeskMember();
     }
 }
diff --git a/myconext-server/src/main/java/myconext/security/SecurityConfiguration.java b/myconext-server/src/main/java/myconext/security/SecurityConfiguration.java
index a70db4c2..81584919 100644
--- a/myconext-server/src/main/java/myconext/security/SecurityConfiguration.java
+++ b/myconext-server/src/main/java/myconext/security/SecurityConfiguration.java
@@ -217,11 +217,16 @@ public SecurityFilterChain shibbolethSecurityFilterChain(
             AuthenticationProvider authenticationProvider = preAuthenticatedAuthenticationProvider();
             ProviderManager providerManager = new ProviderManager(authenticationProvider);
             http
-                    .securityMatcher("/myconext/api/sp/**", "/startSSO", "/tiqr/sp/**", "/myconext/api/servicedesk/**")
+                    .securityMatcher(
+                            "/myconext/api/sp/**",
+                            "/startSSO",
+                            "/config",
+                            "/tiqr/sp/**",
+                            "/myconext/api/servicedesk/**")
                     .csrf(csrf -> csrf.disable())
                     .sessionManagement(smc -> smc.sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED))
                     .authorizeHttpRequests(authz -> authz.requestMatchers(
-                                    "/internal/**",
+                                    "/config",
                                     "/myconext/api/idp/**",
                                     "/myconext/api/sp/create-from-institution",
                                     "/myconext/api/sp/create-from-institution/**",
diff --git a/servicedesk-gui/eslint.config.js b/servicedesk-gui/eslint.config.js.nope
similarity index 100%
rename from servicedesk-gui/eslint.config.js
rename to servicedesk-gui/eslint.config.js.nope
diff --git a/servicedesk-gui/index.html b/servicedesk-gui/index.html
index 6d8acf65..dd04490c 100644
--- a/servicedesk-gui/index.html
+++ b/servicedesk-gui/index.html
@@ -6,7 +6,7 @@
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
     <title>ServiceDesk</title>
   </head>
-  <body>
+  <body class="sds--color-palette--green">
     <div id="root"></div>
     <script type="module" src="/src/main.jsx"></script>
   </body>
diff --git a/servicedesk-gui/package.json b/servicedesk-gui/package.json
index c42ffbbc..cda943ba 100644
--- a/servicedesk-gui/package.json
+++ b/servicedesk-gui/package.json
@@ -19,7 +19,8 @@
     "dompurify": "^3.2.3",
     "i18n-js": "^4.5.1",
     "isomorphic-dompurify": "^2.19.0",
-    "zustand": "^5.0.2"
+    "zustand": "^5.0.2",
+    "js-cookie": "^3.0.5"
   },
   "devDependencies": {
     "@eslint/js": "^9.17.0",
@@ -34,6 +35,5 @@
     "sass": "^1.83.0",
     "vite": "^6.0.4",
     "http-proxy-middleware": "^3.0.3"
-  },
-  "proxy": "http://127.0.0.1:8888/"
+  }
 }
diff --git a/servicedesk-gui/src/App.jsx b/servicedesk-gui/src/App.jsx
index fcd09239..fd6b69b6 100644
--- a/servicedesk-gui/src/App.jsx
+++ b/servicedesk-gui/src/App.jsx
@@ -1,73 +1,52 @@
 import {useEffect, useState} from 'react'
-import reactLogo from './assets/react.svg'
-
+import {Loader} from "@surfnet/sds";
 import './App.scss'
-import {useNavigate} from "react-router-dom";
+// import {useNavigate} from "react-router-dom";
+// import {useAppStore} from "./stores/AppStore.js";
+import {configuration, me} from "./api/index.js";
 import {useAppStore} from "./stores/AppStore.js";
-import {configuration, csrf, me} from "./api/index.js";
-
-export const App = () => {
 
+const App = () => {
     const [loading, setLoading] = useState(true);
-    const navigate = useNavigate();
-    const {user} = useAppStore(state => state);
 
+    // async function fetchConfig() {
+    //     try {
+    //         setConf(await configuration());
+    //         setLoading(false)
+    //     } catch (e) {
+    //         console.log(e);
+    //     }
+    // }
     useEffect(() => {
-        setLoading(true);
-        csrf().then(token => {
-            useAppStore.setState(() => ({csrfToken: token.token}));
-            configuration()
-                .then(res => {
-                    useAppStore.setState(() => ({config: res}));
-                    if (!res.authenticated) {
-                        if (!res.name) {
-                            const direction = window.location.pathname + window.location.search;
-                            localStorage.setItem("location", direction);
-                        } else if (!isEmpty(res.missingAttributes)) {
-                            setLoading(false);
-                            navigate("/missingAttributes");
-                            return;
-                        }
-                        const pathname = localStorage.getItem("location") || window.location.pathname;
-                        const isInvitationAcceptFlow = window.location.pathname.startsWith("/invitation/accept");
-                        if (res.name && !pathname.startsWith("/invitation/accept") && !isInvitationAcceptFlow) {
-                            setLoading(false);
-                            navigate("/deadend");
-                        } else if (pathname === "/" || pathname.startsWith("/login") || pathname.startsWith("/invitation/accept") || isInvitationAcceptFlow) {
-                            setLoading(false);
-                            navigate(isInvitationAcceptFlow ? (window.location.pathname + window.location.search) : pathname);
-                        } else {
-                            //Bookmarked URL's trigger a direct login and skip the landing page
-                            login(res);
-                        }
-                    } else {
-                        me()
-                            .then(res => {
-                                useAppStore.setState(() => ({user: res, authenticated: true}));
-                                setLoading(false);
-                                const location = localStorage.getItem("location") || window.location.pathname + window.location.search;
-                                const newLocation = location.startsWith("/login") ? "/home" : location;
-                                localStorage.removeItem("location");
-                                navigate(newLocation);
-                            });
-                    }
-                })
-                .catch(() => {
-                    setLoading(false);
-                    navigate("/deadend");
-                })
-        })
-    }, [reload, impersonator]); // eslint-disable-line react-hooks/exhaustive-deps
+        // fetchConfig();
+        //  configurationAsync().then(res => {
+        //     setConf(res);
+
+        //     setLoading(false);
+        // })
+        configuration().then(res => {
+            useAppStore.setState(() => ({config: res}));
+            me().then(json => {
+                useAppStore.setState(() => ({user: json, authenticated: true}));
+                setLoading(false);
+                // const {user, config} = useAppStore(state => state);
+            });
+
+        });
+
+    }, []);// eslint-disable-line react-hooks/exhaustive-deps
 
     if (loading) {
         return <Loader/>
     }
 
-
     return (
         <>
-            <span>TODO</span>
-            <span>Routes -> with login</span>
+            <div>
+                <p>Boem</p>
+            </div>
         </>
-    )
+    );
 }
+
+export default App;
\ No newline at end of file
diff --git a/servicedesk-gui/src/api/index.js b/servicedesk-gui/src/api/index.js
index 6373760d..29d07d03 100644
--- a/servicedesk-gui/src/api/index.js
+++ b/servicedesk-gui/src/api/index.js
@@ -1,7 +1,5 @@
-import {isEmpty} from "../utils/Utils";
 import I18n from "../locale/I18n";
 import {useAppStore} from "../stores/AppStore";
-import {paginationQueryParams} from "../utils/Pagination";
 
 //Internal API
 function validateResponse(showErrorDialog) {
@@ -24,12 +22,7 @@ function validateResponse(showErrorDialog) {
             }
             throw error;
         }
-        const sessionAlive = res.headers.get("x-session-alive");
-        if (sessionAlive !== "true") {
-            window.location.reload(true);
-        }
         return res;
-
     };
 }
 
@@ -63,14 +56,24 @@ function postPutJson(path, body, method, showErrorDialog = true) {
 
 //Base
 export function configuration() {
-    return fetchJson("/api/v1/users/config", {}, {}, false);
+    return fetchJson("/config");
 }
 
 //Users
 export function me() {
-    return fetchJson("/api/v1/users/me", {}, {}, false);
+    return fetchJson("/myconext/api/sp/me");
+}
+
+//Service Desk
+export function getUserControlCode(code) {
+    return fetchJson(`/myconext/api/servicedesk/user/${code}`);
+}
+
+export function validateDate(dayOfBirth) {
+    return fetchJson(`/myconext/api/servicedesk/validate?${encodeURIComponent(dayOfBirth)}`);
 }
 
-export function resendInvitation(invitationId) {
-    return postPutJson(`/api/v1/invitations/${invitationId}`, {}, "PUT");
+export function convertUserControlCode(firstName, lastName, dayOfBirth, code, userUid) {
+    const body = {firstName, lastName, dayOfBirth, code, userUid}
+    return postPutJson("/myconext/api/servicedesk/approve", body, "PUT");
 }
diff --git a/servicedesk-gui/src/index.scss b/servicedesk-gui/src/index.scss
index 092629f5..bb1ad1ca 100644
--- a/servicedesk-gui/src/index.scss
+++ b/servicedesk-gui/src/index.scss
@@ -1,6 +1,6 @@
-@import "styles/tooltip";
-@import "styles/forms";
-@import "styles/responsive";
+@use "styles/tooltip" as *;
+@use "styles/forms" as *;
+@use "styles/responsive" as *;
 
 body:after {
   position: fixed;
diff --git a/servicedesk-gui/src/locale/I18n.js b/servicedesk-gui/src/locale/I18n.js
index b1685fa1..8b3a9472 100644
--- a/servicedesk-gui/src/locale/I18n.js
+++ b/servicedesk-gui/src/locale/I18n.js
@@ -6,8 +6,6 @@ import {I18n as I18nRemote} from "i18n-js";
 import {getParameterByName} from "../utils/QueryParameters";
 import {isEmpty} from "../utils/Utils";
 import Cookies from "js-cookie";
-import {reportError} from "../api";
-import {useAppStore} from "../stores/AppStore";
 
 const I18n = new I18nRemote({
     en: en,
@@ -30,10 +28,6 @@ if (["nl", "en"].indexOf(parameterByName) === -1) {
 I18n.locale = parameterByName;
 
 I18n.missingTranslation.register("report-error", (i18n, scope) => {
-    const user = useAppStore.getState().user;
-    if (user && user.id) {
-        reportError({"Missing translation": scope});
-    }
     return `[missing "${scope}" translation]`;
 });
 I18n.missingBehavior = "report-error";
diff --git a/servicedesk-gui/src/locale/en.js b/servicedesk-gui/src/locale/en.js
index d1403f9b..07419fcb 100644
--- a/servicedesk-gui/src/locale/en.js
+++ b/servicedesk-gui/src/locale/en.js
@@ -1,10 +1,8 @@
 const en = {
     code: "EN",
     name: "English",
-    select_locale: "Change language to English",
     languages: {
         language: "Language",
-        languageTooltip: "Choose the language of the invitation mail",
         en: "English",
         nl: "Dutch",
     },
@@ -17,509 +15,14 @@ const en = {
         works: "How does it work?",
         info: [
             //Arrays of titles and info blocks and if a function is an admin function
-            ["Invites", "<p>SURF invites institution managers who can create roles for their applications.</p>" +
-            "<p>The application list consists of applications connected to SURFconext.</p>", true],
-            ["Roles", "<p>The application managers will invite colleagues for roles who can in turn invite users.</p>", true],
-            ["Join", "<p>Invited colleagues who accept the invitation are granted access rights for the applications.</p><br/>", false],
-            ["Groups", "<p>The roles are actually group memberships that can be used in SURFconext authorisation rules, or provisioned as attributes or to external SCIM APIs.</p>", false]
+            "SURF TODO.",
         ],
-        footer: "<p>SURFconext Invite offers access management to SURFconext-connected applications.</p>" +
-            "<p>Do you want to know more? <a href='https://support.surfconext.nl/invite-en'>Read more</a>.</p>",
+        footer: "<p>SURFconext ServiceDesk offers user validation for SURFconext-connected applications.</p>" +
+            "<p>Do you want to know more? <a href='https://support.surfconext.nl/servicedesk-en'>Read more</a>.</p>",
     },
     header: {
-        title: "SURFconext Invite",
-        subTitle: "Everything will be owl right",
-        links: {
-            login: "Log in",
-            system: "System",
-            switchApp: "Go to {{app}}",
-            welcome: "Welcome",
-            access: "Invite",
-            help: "Help",
-            profile: "Profile",
-            logout: "Log out"
-        },
-    },
-    tabs: {
-        home: "Home",
-        applications: "Applications",
-        users: "Users",
-        applicationUsers: "Users",
-        maintainers: "Role managers & inviters",
-        guests: "User with this role",
-        invitations: "Invitations",
-        roles: "Access roles",
-        profile: "Profile",
-        userRoles: "Role managers & inviters",
-        guestRoles: "Users with this role",
-        cron: "Cron",
-        invite: "Invite",
-        tokens: "API tokens",
-        unknownRoles: "Missing applications",
-        expiredUserRoles: "User role expirations",
-        pendingInvitations: "Pending",
-        allPendingInvitations: "Pending invitations",
-        acceptedInvitations: "Accepted",
-        performanceSeed: "Seed",
-        seed: "Seed"
-    },
-    home: {
-        access: "SURFconext Invite",
-    },
-    impersonate: {
-        exit: "Stop impersonating",
-        impersonator: "You are impersonating <strong>{{name}}</strong> | <strong>{{role}}</strong>",
-        impersonatorTooltip: "You are really <em>{{impersonator}}</em>, but you are impersonating <em>{{currentUser}}</em>.",
-        flash: {
-            startedImpersonation: "You now impersonate {{name}}.",
-            clearedImpersonation: "Cleared your impersonation. You are you again."
-        },
-    },
-    access: {
-        SUPER_USER: "Super User",
-        INSTITUTION_ADMIN: "Institution admin",
-        MANAGER: "Manager",
-        INVITER: "Inviter",
-        GUEST: "User",
-        "No member": "No member"
-    },
-    users: {
-        found: "{{count}} {{plural}} found",
-        moreResults: "There are more results than shown, please refine your search.",
-        applicationsSearchPlaceHolder: "Search for application...",
-        name_email: "Name / email",
-        name: "Name",
-        email: "Email",
-        highestAuthority: "Role",
-        createdAt: "Created",
-        schacHomeOrganization: "Institution",
-        lastActivity: "Last activity",
-        eduPersonPrincipalName: "EPPN",
-        sub: "Sub",
-        singleUser: "user",
-        multipleUsers: "users",
-        noEntities: "No users found",
-        new: "New invitation",
-        title: "Users",
-        roles: "Roles",
-        applications: "Applications",
-        noRolesInfo: "You have no roles (which means you must be super-user)",
-        noRolesInstitutionAdmin: "You are an institution admin and you have no roles (but you might have access to applications)",
-        noRolesNoApplicationsInstitutionAdmin: "You are an institution admin, but you have no roles and apparently your institution has also no access to applications",
-        guestRoleOnly: "You are not an administrator. Are you looking for <a href='{{welcomeUrl}}'>for the apps you can access</a>?",
-        rolesInfo: "You have the following roles",
-        applicationsInfo: "You have access to the following applications",
-        noRolesFound: "No roles are found.",
-        noApplicationsFound: "No applications are found.",
-        rolesInfoOther: "{{name}} has the following roles",
-        applicationsInfoOther: "{{name}} has access to the following applications",
-        landingPage: "Landing page",
-        access: "Access",
-        organisation: "Organisation",
-        noResults: "No users are found",
-        searchPlaceHolder: "Search for users...",
-        authority: "Authority",
-        endDate: "End date",
-        expiryDays: "Expiry days",
-        roleExpiryTooltip: "Sort on roles to see which roles will expire the soonest"
-    },
-    role: {
-        copyUrn: "Copy urn",
-        userInfo: "{{nbr}} member(s) & valid for {{valid}} days",
-        roleInfo: "Role valid for <strong>{{days}} days</strong>",
-        roleInfoNoEndDate: "Role has <strong>no end date</strong>",
-        contactAdmin: "Contact manager(s)"
-    },
-    roles: {
-        title: "Access Roles",
-        applicationName: "Application",
-        auditable: "Role <span>{{name}}</span> was created by <span>{{createdBy}}</span> at {{createdAt}}",
-        roleDetails: "Role details",
-        invitationDetails: "Invitation details",
-        applicationDetails: "Application(s) this role applies to",
-        addApplication: "Add application",
-        multiple: "Multiple applications",
-        applicationPlaceholder: "Choose an application...",
-        accessRole: "Name",
-        name: "Name",
-        namePlaceHolder: "The name of the role",
-        shortName: "Short name",
-        organizationGUID: "Organization GUID",
-        identityProvider: "Identity provider: {{name}}",
-        landingPage: "(Custom) landing page",
-        userRoleCount: "# Users",
-        landingPagePlaceHolder: "https://landingpage.com",
-        defaultExpiryDays: "Expiry days",
-        endDate: "End date",
-        noEndDate: "-",
-        authority: "Authority",
-        yourRole: "Your role",
-        description: "Description",
-        descriptionPlaceHolder: "The description of the role",
-        noResults: "No roles are found",
-        noMember: "No member",
-        searchPlaceHolder: "Search for roles...",
-        found: "{{count}} {{plural}} found",
-        singleRole: "role",
-        multipleRoles: "roles",
-        new: "Add new role",
-        edit: "Edit role {{name}}",
-        urn: "URN",
-        advanced: "Advanced settings",
-        showAdvancedSettings: "Show advanced invite settings",
-        hideAdvancedSettings: "Hide advanced invite settings",
-        override: "Override of settings allowed?",
-        manage: "Application",
-        manageMetaData: "SURFconext entity",
-        provisioning: "Provisioning",
-        deleteFlash: "Role {{name}} has been deleted",
-        deleteConfirmation: "Are you sure you want to delete this role?",
-        createFlash: "Role {{name}} has been created",
-        updateFlash: "Role {{name}} has been updated",
-        unknownInManage: "Unknown in Manage",
-        unknownInManageToolTip: "The application for this role has been removed from the SURF backend. Please contact <a href=\"mailto:support@surfconext.nl\">support@surfconext.nl</a> to resolve this.",
-        unknownInManageDisabled: "The application for this role has been removed from the SURF backend. Therefore, you can't invite new users. Contact <a href=\"mailto:support@surfconext.nl\">support@surfconext.nl</a> to resolve this.",
-        consequences: {
-            info: "The following users will lose their access:",
-            userInfo: "{{name}} ({{authority}}), last activity {{lastActivity}}",
-            andMore: "And {{nbr}} more.. Check the list of current users for more details."
-        }
-    },
-    applications: {
-        title: "Access Roles for this application ({{nbr}})",
-        applicationFound: "Applications ({{nbr}})",
-        new: "New Access Role",
-        searchPlaceHolder: "Search for applications",
-        noResults: "No applications found...",
-        name: "Application name",
-        types: {
-            saml20_sp: "Service Provider",
-            oidc10_rp: "Relying Party"
-        },
-        type: "Type",
-        organization: "Organization",
-        url: "URL",
-        roles: "Roles",
-        provisionings: "Provisionings",
-        accessRole: "Access Role",
-    },
-    applicationRoles: {
-        searchPlaceHolder: "Search for Access Roles",
-        noEntities: "No access roles found",
-    },
-    userRoles: {
-        found: "{{count}} {{plural}} found",
-        singleUserRole: "user role",
-        multipleUserRoles: "user roles",
-        searchPlaceHolder: "Search for users...",
-        noResults: "No user roles where found",
-        guestRoles: "{{count}} users",
-        managerRoles: "{{count}} managers & inviters",
-        notAllowed: "You're not allowed to delete this user role because of missing roles",
-        updateConfirmation: "Are you sure you want to change the end date of role {{roleName}} for {{userName}}?",
-        updateConfirmationRemoveEndDate: "Are you sure you want to remove the end date of role {{roleName}} for {{userName}}?",
-        updateFlash: "The end date for role {{roleName}} has been updated",
-        deleteConfirmation: "Are you sure  you want to remove this role from this user(s)?",
-        deleteOneConfirmation: "Are you sure  you want to remove this role from this user?",
-        deleteFlash: "User role(s) have been removed",
-        createdAt: "Date accepted",
-        delete: "Remove"
-    },
-    invitations: {
-        title: "Invitations",
-        searchPlaceHolder: "Search for invitation...",
-        noResults: "No invitation where found",
-        inviter: "Invited by",
-        status: "Status",
-        pending: "pending",
-        open: "Open",
-        accepted: "Accepted",
-        expired: "Expired",
-        enforceEmailEquality: "Email equality",
-        eduIDOnly: "eduID only",
-        new: "Invite manager or inviter",
-        newInvitation: "Invite inviter",
-        newInvite: "New invite",
-        newGuest: "Invite new user",
-        invitees: "Invitees",
-        intendedRoles: "Roles",
-        inviteesPlaceholder: "Invitee email addresses",
-        requiredEmail: "At least one email address is required",
-        requiredRole: "At least one role is required for an invitation",
-        intendedAuthority: "Authority",
-        roles: "Roles",
-        inviterRoles: "Select the roles for the new invitation",
-        rolesPlaceHolder: "Choose one or more roles",
-        expiryDate: "Valid till",
-        acceptedAt: "Date accepted",
-        roleExpiryDate: "Role expiry date",
-        roleExpiryDateQuestion: "Set a custom role expiration period",
-        roleExpiryDateInfo: "This role will be removed from the user {{expiry}}",
-        customInviterDisplayNameQuestion: "Set a custom inviter name",
-        inviterDisplayName: "Custom inviter display name for invitations",
-        inviterDisplayNamePlaceholder: "e.g. working@home.university.nl",
-        inviterDisplayNameError: "Custom inviter name is required, unless you use the default inviter name",
-        customInviterDisplayNameInfoDefault: "Invitations for this role will show the name of the inviter as sender",
-        customInviterDisplayNameInfo: "Invitations for this role will show a custom name / email as sender",
-        expiryDateQuestion: "Set a custom invitation expiration period",
-        expiryDateInfo: "Default an invitation is valid for 1 month",
-        withinThreeMonths: "Within 1 month",
-        createdAt: "Sent",
-        message: "Personal note",
-        messagePlaceholder: "Add a personal note to your invitation",
-        invite: "Send invite",
-        guestRoleIncluded: "Add the user role?",
-        invalidEmails: "Invalid email addresses removed: {{emails}}.",
-        createFlash: "Invitation was sent",
-        delete: "Revoke",
-        resend: "Resend",
-        notAllowed: "You're not allowed to delete or resend this invitation because of missing roles",
-        deleteFlash: "Invitation(s) have been revoke",
-        deleteConfirmation: "Are you sure you want to revoke these invitations?",
-        deleteOneConfirmation: "Are you sure you want to revoke this invitation?",
-        resendConfirmation: "Are you sure you want to resend these invitations?",
-        resendConfirmationOne: "Are you sure you want to resend this invitation?",
-        resendFlash: "Invitation(s) have been resent",
-        inviterRole: {
-            title: "Send new invite",
-            roles: "For the following roles",
-            to: "To",
-            message: "Personal note",
-            settings: "Advanced invite settings"
-        },
-        statuses: {
-            all: "All ({{nbr}})",
-            open: "Open",
-            accepted: "Accepted",
-            expired: "Expired",
-            mine: "Mine"
-        }
-    },
-    forms: {
-        none: "None",
-        notApplicable: "N/A",
-        you: "You",
-        yes: "Yes",
-        no: "No",
-        ok: "OK",
-        or: "or ",
-        edit: "Edit",
-        cancel: "Cancel",
-        save: "Save",
-        specificDate: "Set specific date",
-        and: "and",
-        more: "More",
-        less: "Less",
-        alreadyExists: "The {{attribute}} '{{value}}' already exists",
-        alreadyExistsParent: "The {{attribute}} {{value}} already exists within {{parent}}",
-        required: "{{attribute}} is required",
-        invalid: "The value '{{value}}' is invalid for {{attribute}}",
-        error: "You can contact <a href=\"mailto:support@surfconext.nl?subject=Error SURF Invite reference {{reference}}\">support@surfconext.nl</a> for help.<br/><br/>" +
-            "The reference number for this exception is {{reference}}."
-    },
-    profile: {
-        info: "The account of {{name}} was created on {{createdAt}}",
-        your: "Your account was created on {{createdAt}}"
-    },
-    inviteOnly: {
-        welcome: "Welcome to SURFconext Invite",
-        roles: "You don't have any roles.",
-        info: "SURFconext Invite is by invitation only. Please contact <a href='mailto:support@surfconext.nl'>support@surfconext.nl</a> with questions.",
-        preLogin: "Or ",
-        login: "log in",
-        postLogin: " again with a different institution",
-    },
-    missingAttributes: {
-        welcome: "Welcome to SURFconext Invite",
-        attributes: "Your institution has not provided all required personal data. The following are missing:",
-        info: "If you want more information, please contact <a href='mailto:support@surfconext.nl'>support@surfconext.nl</a>.",
-        preLogin: "Or ",
-        login: "login",
-        postLogin: " again with a different institution.",
-        sub: "sub",
-        email: "email",
-        givenName: "givenName",
-        familyName: "familyName",
-        schacHomeOrganization: "schacHomeOrganization"
-    },
-    invitationAccept: {
-        hi: "Hi{{name}},",
-        nextStep: "Next: enjoy your new role",
-        expired: "This invitation has expired at {{expiryDate}}",
-        expiredInfo: "Please contact <a href='mailto:{{email}}'>{{email}}</a> and ask this person to send you a new invite.",
-        invited: "You have been invited to become {{authority}} for the {{plural}} {{roles}} by {{inviter}}.",
-        invitedNoRoles: "You have been invited to become {{authority}} by {{inviter}}",
-        enforceEmailEquality: " This invite can only be accepted by <strong>{{email}}</strong>.",
-        role: "role",
-        roles: "roles",
-        progress: "1",
-        info: "SURFconext Invite provides access to application based on your roles.",
-        infoLogin: "You can log in with your institution account or eduID.",
-        infoLoginEduIDOnly: "You need to log in with eduID.",
-        infoLoginAgain: "To accept the invitation you'll need to log in again.",
-        login: "Log in",
-        loginWithSub: "Log in",
-        emailMismatch: "The inviter has indicated that you must accept this invitation with email address {{email}}, " +
-            "but you have logged in with an account with a different email address. Please log in in with a different account."
-    },
-    inviter: {
-        welcome: "Welcome, {{name}}",
-        info: "Manage who gets access to the <strong>educational applications</strong> at <strong>your institution</strong>.",
-        sendInvite: "Send new invite",
-        viewHistory: "view history",
-        manage: "You can manage users and send invites for",
-        details: "Show details",
-        history: "Invitation history"
-    },
-    institutionAdmin: {
-        welcome: "Welcome institution administrator of {{name}}! You can start with creating your first role and subsequently invite managers.",
-        create: "Create access role"
-    },
-    tokens: {
-        title: "API tokens",
-        new: "Add API token",
-        searchPlaceHolder: "Search for API tokens...",
-        noEntities: "No API tokens",
-        titleNew: "Create an API token for {{institutions}}",
-        backToOverview: "Back to all API tokens",
-        createdAt: "Created at",
-        secretDisclaimer: "You can view this API token only once. Copy it and store it somewhere safe.<br><br>If the token is lost, delete it and create a new one.",
-        secret: "API token",
-        secretValue: "One-way hashed token",
-        secretTooltip: "The value to use in the X-API-TOKEN header",
-        description: "Description",
-        superUserToken: "Super User token",
-        organizationGUID: "Organization GUID",
-        descriptionPlaceHolder: "Description for this API token",
-        descriptionTooltip: "A description explaining the use of this API token",
-        deleteFlash: "API token has been deleted",
-        deleteConfirmation: "Are you sure you want to delete this API token?",
-        createFlash: "API token has been created",
-        submit: "Submit",
-        required: "The description is required for an API token",
-    },
-    tooltips: {
-        userIcon: "User {{name}} provisioned at {{createdAt}} with last activity on {{lastActivity}}",
-        impersonateIcon: "Impersonate user {{name}}",
-        roleIcon: "Role {{name}} created at {{createdAt}}",
-        userRoleIcon: "User role accepted by {{name}} at {{createdAt}}",
-        invitationIcon: "Invitation for {{email}} sent at {{createdAt}} with expiration date {{expiryDate}}",
-        roleShortName: "The unique short name of the role within a provisioning. It is used to format the urn and therefore not all characters are allowed.",
-        organizationGUID: "The Manage organizational identifier to scope the visibility of roles of the institution admin. Only specify a value if you are creating or editing this role on behalf of an institution admin",
-        roleUrn: "The urn of the role. It is based on the sanitized name and the role identifier. It is used as the unique global identifier of this role and therefore not all characters are allowed.",
-        manageService: "The required application from SURFconext, with may have an optional provisioning",
-        defaultExpiryDays: "The default number of days the role will expire, from the moment a user has accepted the invitation for this role",
-        enforceEmailEqualityTooltip: "When checked the invitee must accept the invitation with an account with the email address where the invitation was sent to",
-        eduIDOnlyTooltip: "When checked the invitees will be required to log in with eduID",
-        roleExpiryDateTooltip: "The end date of this role. After this date the role is removed from the user.",
-        expiryDateTooltip: "The date on which this invitation expires",
-        inviterDisplayName: "The functional address which will used in the invitations of the role.<br><br>Default the name of the inviter is show.",
-        rolesTooltip: "Select all the roles that the invitee will be granted after accepting the invitation",
-        intendedAuthorityTooltip: "The authority determines the rights the invitee will be granted on accepting the invitation",
-        inviteesTooltip: "Add email addresses separated by comma, space or semi-colon or on seperate lines. You can also paste a csv file with line-separated email addresses.",
-        removeInvitation: "Delete all selected invitations",
-        removeOneInvitation: "Delete this invitation",
-        resendInvitation: "Resend all selected invitations",
-        resendOneInvitation: "Resend this invitation",
-        inviter: "Send invitations to persons who will - once accepted - gain user access to the application",
-        overrideSettingsAllowed: "When checked, invitations for this role can override the advanced settings (e.g. email equality, eduID only and the role expiry end date)",
-        removeUserRole: "Remove all selected user roles",
-        removeOneUserRole: "Remove this user role",
-        guestRoleIncludedTooltip: "Do you also want to grant the invitees the user role when they accept the invitation?",
-        expiredUserRole: "This role will expire soon",
-    },
-    confirmationDialog: {
-        title: "Confirm",
-        error: "Error",
-        subTitle: "This action requires a confirmation",
-        subTitleError: "An error has occurred",
-        confirm: "Confirm",
-        ok: "OK",
-        cancel: "Cancel",
-    },
-    footer: {
-        terms: "Terms of Use",
-        termsLink: "https://support.surfconext.nl/terms-en",
-        privacy: "Privacy policy",
-        privacyLink: "https://support.surfconext.nl/privacy-en",
-        surfLink: "https://surf.nl",
-    },
-    expirations: {
-        expires: "Expires {{relativeTime}}",
-        expired: "Expired {{relativeTime}}",
-        never: "Never expires",
-        activity: {
-            now: "Just now",
-            seconds: "Today",
-            minute: "Today",
-            minutes: "Today",
-            hour: "Today",
-            hours: "Today",
-            day: "Yesterday",
-            days: "This week",
-            week: "This week",
-            weeks: "This month",
-            month: "Last month",
-            months: "%s months ago",
-            year: "1 year ago",
-            years: "%s years ago"
-        },
-        ago: {
-            now: "just now",
-            seconds: "%s seconds ago",
-            minute: "1 minute ago",
-            minutes: "%s minutes ago",
-            hour: "1 hour ago",
-            hours: "%s hours ago",
-            day: "1 day ago",
-            days: "%s days ago",
-            week: "1 week ago",
-            weeks: "%s weeks ago",
-            month: "1 month ago",
-            months: "%s months ago",
-            year: "1 year ago",
-            years: "%s years ago"
-        },
-        in: {
-            now: "right now",
-            seconds: "after %s seconds",
-            minute: "after 1 minute",
-            minutes: "after %s minutes",
-            hour: "after 1 hour",
-            hours: "after %s hours",
-            day: "after 1 day",
-            days: "after %s days",
-            week: "after 1 week",
-            weeks: "after %s weeks",
-            month: "after 1 month",
-            months: "after %s months",
-            year: "after 1 year",
-            years: "after %s years"
-        }
-    },
-    notFound: {
-        alt: "404 Page not found"
-    },
-    system: {
-        trigger: "Trigger",
-        clear: "Clear",
-        cronInfo: "Trigger the cron job to cleanup resources like expired user-roles, orphaned users and in-active users",
-        cronNotificationsInfo: "Trigger the cron job to send notification mails for user-roles that will expire in X days",
-        noMails: "No notification mails for user-role expirations were send",
-        performanceSeedInfo: "The performance seed is dummy / generated data to test the performance of the system. It is deleted when you run the tests.",
-        performanceSeed: "Insert performance seed",
-        performanceLoadTime: "Inserted following entities in ~{{minutes}} minutes"
-    },
-    unknownRoles: {
-        title: "Roles linked to applications unknown in Manage",
-        searchPlaceHolder: "Search...",
-        noRoles: "Yeah, no unknown manage applications"
+        title: "SURFconext ServiceDesk",
     },
-    expiredUserRoles: {
-        title: "Roles to be expired the next month",
-        searchPlaceHolder: "Zoek...",
-        noResults: "Yeah, no user-roles to be expired within one month"
-    }
 }
 
 export default en;
diff --git a/servicedesk-gui/src/locale/nl.js b/servicedesk-gui/src/locale/nl.js
index 670b9cb3..558cddd6 100644
--- a/servicedesk-gui/src/locale/nl.js
+++ b/servicedesk-gui/src/locale/nl.js
@@ -1,526 +1,28 @@
 const nl = {
-    code: "NL",
-    name: "Nederlands",
-    select_locale: "Wissel taal naar Nederlands",
+    code: "EN",
+    name: "Engels",
     languages: {
         language: "Taal",
-        languageTooltip: "Kies de taal van de uitnodigingse-mail",
         en: "Engels",
         nl: "Nederlands",
     },
     landing: {
         header: {
-            title: "Toegang tot je applicaties",
-            login: "Inloggen",
-            sup: "SURFconext Invite is alleen op uitnodiging te gebruiken.",
+            title: "ServiceDesk",
+            login: "Log in",
+            sup: "EduID ServiceDesk is by invitation only.",
         },
-        works: "Hoe werkt het?",
-        adminFunction: "beheerfunctie",
+        works: "How does it work?",
         info: [
             //Arrays of titles and info blocks and if a function is an admin function
-            ["Uitnodigen", "<p>Instellingsbeheerders kunnen rollen aanmaken voor hun applicaties.</p>" +
-            "<p>De applicatielijst bestaat uit aan SURFconext gekoppeld applicaties.</p>", true],
-            ["Rollen", "<p>Applicatiebeheerders nodigen collega's uit die op hun beurt gebruikers kunnen uitnodigen.</p>", true],
-            ["Word lid", "<p>Uitgenodigde collega's die op de uitnodiging zijn ingegaan, krijgen toegang tot applicaties.</p><br/>", false],
-            ["Groepen", "<p>De rollen zijn eigenlijk groepslidmaatschappen die gebruikt kunnen worden in SURFconext-autorisatieregels, doorgegeven als attributen of via externe SCIM API's.</p>", false]
+            "SURF TODO.",
         ],
-        footer: "<p>SURFconext Invite biedt toegangsbeheer voor onderwijs en onderzoek.</p>" +
-            "<p>Meer weten? <a href='https://support.surfconext.nl/invite'>Lees verder</a>.</p>",
+        footer: "<p>SURFconext ServiceDesk offers user validation for SURFconext-connected applications.</p>" +
+            "<p>Do you want to know more? <a href='https://support.surfconext.nl/servicedesk-en'>Read more</a>.</p>",
     },
     header: {
-        title: "SURFconext Invite",
-        subTitle: "Alles gaat uilstekend",
-        links: {
-            login: "Inloggen",
-            system: "Systeem",
-            switchApp: "Ga naar {{app}}",
-            welcome: "Welcome",
-            access: "Invite",
-            help: "Help",
-            profile: "Profiel",
-            logout: "Uitloggen"
-        },
-    },
-    tabs: {
-        home: "Home",
-        applications: "Applicaties",
-        users: "Gebruikers",
-        applicationUsers: "Gebruikers",
-        maintainers: "Rolmanagers & uitnodigers",
-        guests: "Gebruikers met deze rol",
-        invitations: "Uitnodigingen",
-        roles: "Toegangsrollen",
-        profile: "Profiel",
-        userRoles: "Rolmanagers & uitnodigers",
-        guestRoles: "Gebruikers",
-        cron: "Cron",
-        invite: "Uitnodiging",
-        tokens: "API-tokens",
-        unknownRoles: "Missing applications",
-        expiredUserRoles: "User role expirations",
-        pendingInvitations: "Open",
-        allPendingInvitations: "Open uitnodigingen",
-        acceptedInvitations: "Geaccepteerd",
-        performanceSeed: "Seed",
-        seed: "Seed"
-    },
-    home: {
-        access: "SURFconext Invite",
-    },
-    impersonate: {
-        exit: "Stop na-apen",
-        impersonator: "Je doet je voor als <strong>{{name}}</strong> | <strong>{{role}}</strong>",
-        impersonatorTooltip: "Je bent in werkelijkheid <em>{{impersonator}}</em>, maar je doet je voor als <em>{{currentUser}}</em>.",
-        flash: {
-            startedImpersonation: "Je doet je voor als {{name}}.",
-            clearedImpersonation: "Na-apen opgeheven. Je bent weer jezelf."
-        },
-    },
-    access: {
-        SUPER_USER: "Super User",
-        INSTITUTION_ADMIN: "Instellingsmanager",
-        MANAGER: "Manager",
-        INVITER: "Uitnodiger",
-        GUEST: "Gebruiker",
-        "No member": "Geen lid"
-    },
-    users: {
-        found: "{{count}} {{plural}} gevonden",
-        moreResults: "Er zijn meer resultaten dan getoond kunnen worden, verfijn je zoekopdracht.",
-        applicationsSearchPlaceHolder: "Zoek applicaties...",
-        name_email: "Naam / e-mail",
-        name: "Naam",
-        email: "E-mail",
-        highestAuthority: "Rol",
-        createdAt: "Aangemaakt op",
-        schacHomeOrganization: "Instelling",
-        lastActivity: "Laatst actief",
-        eduPersonPrincipalName: "EPPN",
-        sub: "Sub",
-        singleUser: "gebruiker",
-        multipleUsers: "gebruikers",
-        noEntities: "Geen gebruikers gevonden",
-        new: "Nieuwe uitnodiging",
-        title: "Gebruikers",
-        roles: "Rollen",
-        applications: "Applicaties",
-        noRolesInfo: "Je hebt geen rollen (je bent een super-user)",
-        noRolesInstitutionAdmin: "Je bent instellingsmanager, maar hebt nog geen rollen (maar je hebt wel toegang tot je applicaties)",
-        noRolesNoApplicationsInstitutionAdmin: "Je bent instellingsmanager, maar je hebt geen rollen en je instelling heeft blijkbaar ook geen toegang tot applicaties.",
-        guestRoleOnly: "Je bent geen admin. Ben je op zoek naar de <a href='{{welcomeUrl}}'>applicaties waar je toegang to hebt</a>?",
-        rolesInfo: "Je hebt de volgende rollen",
-        applicationsInfo: "Je hebt toegang tot de volgende applicaties",
-        noRolesFound: "Geen rollen gevonden.",
-        noApplicationsFound: "geen applicaties gevonden.",
-        rolesInfoOther: "{{name}} heeft de volgende rollen",
-        applicationsInfoOther: "{{name}} heeft toegang tot de volgende applicaties",
-        landingPage: "Landingspagina",
-        access: "Access",
-        organisation: "Aanbieder",
-        noResults: "Geen gebruikers gevonden",
-        searchPlaceHolder: "Zoek gebruikers...",
-        authority: "Autoriteit",
-        endDate: "Einddatum",
-        expiryDays: "Verloopdagen",
-        roleExpiryTooltip: "Sorteer op rollen, om te zien welke rol het eerst zal verlopen"
-    },
-    role: {
-        copyUrn: "Copy urn",
-        userInfo: "{{nbr}} leden & geldig voor {{valid}} dagen",
-        roleInfo: "Rol geldig voor <strong>{{days}} dagen</strong>",
-        roleInfoNoEndDate: "Rol heeft <strong>geen einddatum</strong>",
-        contactAdmin: "Contact manager(s)"
-    },
-    roles: {
-        title: "Toegangsrollen",
-        applicationName: "Applicatie",
-        auditable: "Rol <span>{{name}}</span> is aangemaakt door <span>{{createdBy}}</span> op {{createdAt}}",
-        roleDetails: "Details rol",
-        invitationDetails: "Details uitnodiging",
-        applicationDetails: "Applicatie(s) voor deze rol",
-        addApplication: "Applicatie toevoegen",
-        multiple: "Meerdere applicaties",
-        applicationPlaceholder: "Kies een applicatie...",
-        accessRole: "Naam",
-        name: "Naam",
-        namePlaceHolder: "Naam van de rol",
-        shortName: "Korte naam",
-        organizationGUID: "Organization GUID",
-        identityProvider: "Identity provider: {{name}}",
-        landingPage: "(Aangepaste) landingspagina",
-        userRoleCount: "# Gebruikers",
-        landingPagePlaceHolder: "https://landingspagina.nl",
-        defaultExpiryDays: "Verloopdagen",
-        endDate: "Einddatum",
-        noEndDate: "-",
-        authority: "Autoriteit",
-        yourRole: "Jouw rol",
-        description: "Omschrijving",
-        descriptionPlaceHolder: "Omschrijving van het doel van de rol",
-        noResults: "Geen rollen gevonden",
-        noMember: "Geen lid",
-        searchPlaceHolder: "Zoek rollen...",
-        found: "{{count}} {{plural}} gevonden",
-        singleRole: "rol",
-        multipleRoles: "rollen",
-        new: "Rol toevoegen",
-        edit: "Bewerk rol {{name}}",
-        urn: "URN",
-        advanced: "Advanced settings",
-        showAdvancedSettings: "Toon geavanceerde configuratie uitnodiging",
-        hideAdvancedSettings: "Verberg geavanceerde configuratie uitnodiging",
-        override: "Kan de configuratie worden aangepast bij uitnodigen?",
-        manage: "Applicatie",
-        manageMetaData: "SURFconext entity",
-        provisioning: "Provisioning",
-        deleteFlash: "Rol {{name}} is verwijderd",
-        deleteConfirmation: "Weet je zeker dat je deze rol wil verwijderen?",
-        createFlash: "Rol {{name}} is aangemaakt",
-        updateFlash: "Rol {{name}} is bijgewerkt",
-        unknownInManage: "Onbekend in Manage",
-        unknownInManageToolTip: "De applicatie voor deze rol is verwijderd in de SURF backend. Neem contact op met <a href=\"mailto:support@surfconext.nl\">support@surfconext.nl</a> om dit op te lossen.",
-        unknownInManageDisabled: "De applicatie voor deze rol is verwijderd in de SURF backend. Daarom kan je geen nieuwe gebruikers uitnodigen. Neem contact op met <a href=\"mailto:support@surfconext.nl\">support@surfconext.nl</a> om dit op te lossen.",
-        consequences: {
-            info: "De volgende gebruikers verliezen toegang tot deze rol:",
-            userInfo: "{{name}} ({{authority}}), laatste activiteit {{lastActivity}}",
-            andMore: "En nog {{nbr}} meer.. Bekijk de lijst van huidige gebruikers voor meer details."
-        }
-    },
-    applications: {
-        title: "Toegangsrollen voor deze applicatie ({{nbr}})",
-        applicationFound: "Applicaties ({{nbr}})",
-        new: "Nieuwe toegangsrol",
-        searchPlaceHolder: "Zoek naar applicaties",
-        noResults: "Geen applicaties gevonden...",
-        name: "Applicatienaam",
-        types: {
-            saml20_sp: "Service Provider",
-            oidc10_rp: "Relying Party"
-        },
-        type: "Type",
-        organization: "Organisatie",
-        url: "URL",
-        roles: "Rollen",
-        provisionings: "Provisionings",
-        accessRole: "Toegangsrol",
-    },
-    applicationRoles: {
-        searchPlaceHolder: "Zoek naar Access Rollen",
-        noEntities: "Geen access rollen gevonden",
-    },
-    userRoles: {
-        found: "{{count}} {{plural}} gevonden",
-        singleUserRole: "gebruikersrol",
-        multipleUserRoles: "gebruikersrollen",
-        searchPlaceHolder: "Zoek gebruikers...",
-        noResults: "Geen gebruikersrollen gevonden",
-        guestRoles: "{{count}} gebruikers",
-        managerRoles: "{{count}} managers & uitnodigers",
-        notAllowed: "Je kunt deze gebruikersrol niet verwijderen vanwege ontbrekende rollen",
-        updateConfirmation: "Weet je zeker dat je de einddatum wil aanpassen van rol {{roleName}} voor {{userName}}?",
-        updateConfirmationRemoveEndDate: "Weet je zeker dat je de einddatum wil verwijderen van rol {{roleName}} voor {{userName}}?",
-        updateFlash: "De einddatum van rol {{roleName}} is bijgewerkt",
-        deleteConfirmation: "Weet je zeker dat je de rol van deze gebruiker(s) wil verwijderen?",
-        deleteOneConfirmation: "Weet je zeker dat je de rol van deze gebruiker wil verwijderen?",
-        deleteFlash: "Gebruikersrol(len) zijn verwijderd",
-        createdAt: "Datum geaccepteerd",
-        delete: "Verwijder"
-    },
-    invitations: {
-        title: "Uitnodigingen",
-        searchPlaceHolder: "Zoek uitnodiging...",
-        noResults: "Geen uitnodigingen gevonden",
-        inviter: "Uitgenodigd door",
-        status: "Status",
-        pending: "open",
-        open: "Open",
-        accepted: "Geaccepteerd",
-        expired: "Verlopen",
-        enforceEmailEquality: "E-mailadres moet overeenkomen",
-        eduIDOnly: "Uitsluitend eduID",
-        new: "Nodig manager of uitnodiger uit",
-        newInvitation: "Nodig uitnodiger uit",
-        newInvite: "Nieuwe uitnodiging",
-        newGuest: "Gebruiker uitnodigen",
-        invitees: "Genodigden",
-        intendedRoles: "Rollen",
-        inviteesPlaceholder: "E-mailadressen genodigden",
-        requiredEmail: "Geef minimaal 1 e-mailadres op",
-        requiredRole: "Minimaal 1 rol is benodigd voor een uitnodiging",
-        intendedAuthority: "Autoriteit",
-        roles: "Rollen",
-        inviterRoles: "Selecteer de rollen voor de nieuwe uitnodiging",
-        rolesPlaceHolder: "Kies een of meer rollen",
-        expiryDate: "Geldig tot",
-        acceptedAt: "Datum geaccepteeerd",
-        roleExpiryDate: "Verloopdatum rol",
-        roleExpiryDateQuestion: "Zet een specifieke verloopdatum voor de rol",
-        roleExpiryDateInfo: "Deze rol wordt verwijderd van de gebruiker {{expiry}}",
-        customInviterDisplayNameQuestion: "Zet een specifieke naam voor de uitnodiger",
-        inviterDisplayName: "Specifieke naam uitnodiger voor in de uitnodiging",
-        inviterDisplayNamePlaceholder: "Bijv. werken@thuis.universiteit.nl",
-        inviterDisplayNameError: "Specifieke naam uitnodiger is verplicht, tenzij je ervoor kiest om de default uitnodiger naam te gebruiken",
-        customInviterDisplayNameInfoDefault: "Uitnodigingen voor deze rol zullen de naam van de uitnodiger tonen.",
-        customInviterDisplayNameInfo: "Uitnodigingen voor deze rol zullen deze specifieke uitnodiger naam tonen.",
-        expiryDateQuestion: "Zet een specifieke verloopdatum voor de uitnodiging",
-        expiryDateInfo: "Standaard verloopt een uitnodiging na 1 maand",
-        withinThreeMonths: "Binnen 1 maand",
-        createdAt: "Verstuurd",
-        message: "Persoonlijk bericht",
-        messagePlaceholder: "Voeg een persoonlijk bericht toe aan de uitnodiging",
-        invite: "Stuur uitnodiging",
-        guestRoleIncluded: "Voeg toe als gebruiker?",
-        invalidEmails: "Ongeldig e-mailadres verwijderd: {{emails}}.",
-        createFlash: "Uitnodiging is verstuurd",
-        delete: "Intrekken",
-        resend: "Stuur opnieuw",
-        notAllowed: "Je kunt deze uitnodiging niet opnieuw versturen of intrekken vanwege ontbrekende rollen",
-        deleteFlash: "Uitnodiging(en) ingetrokken",
-        deleteConfirmation: "Weet je zeker dat je deze uitnodiging(en) wil intrekken?",
-        deleteOneConfirmation: "Weet je zeker dat je deze uitnodiging wil intrekken?",
-        resendConfirmation: "Weet je zeker dat je deze uitnodiging(en) opnieuw wil versturen?",
-        resendConfirmationOne: "Weet je zeker dat je deze uitnodiging opnieuw wil versturen?",
-        resendFlash: "Uitnodiging(en) opnieuw verstuurd.",
-        inviterRole: {
-            title: "Verstuur nieuwe uitnodiging",
-            roles: "Voor de volgende rollen",
-            to: "Naar",
-            message: "Persoonlijke bericht",
-            settings: "Geavanceerde configuratie uitnodiging"
-        },
-        statuses: {
-            all: "Alle ({{nbr}})",
-            open: "Open",
-            accepted: "Geaccepteerd",
-            expired: "Verlopen",
-            mine: "Mijn"
-        }
-    },
-    forms: {
-        none: "Geen",
-        notApplicable: "n.v.t.",
-        you: "Jijzelf",
-        yes: "Ja",
-        no: "Nee",
-        ok: "Oké",
-        or: "of ",
-        edit: "Bewerken",
-        cancel: "Annuleren",
-        save: "Opslaan",
-        specificDate: "Zet specifieke datum",
-        and: "en",
-        more: "Meer",
-        less: "Minder",
-        alreadyExists: "Het {{attribute}} '{{value}}' bestaat al",
-        alreadyExistsParent: "Het {{attribute}} {{value}} bestaat al binnen {{parent}}",
-        required: "{{attribute}} is verplicht",
-        invalid: "De waarde '{{value}}' is niet geldig voor {{attribute}}",
-        error: "Je kunt contact opnemen met <a href=\"mailto:support@surfconext.nl?subject=Error SURF Invite referentie code {{reference}}\">support@surfconext.nl</a> voor hulp.<br/><br/>" +
-            "De foutcode is {{reference}}."
-    },
-    profile: {
-        info: "Het account van {{name}} is aangemaakt op {{createdAt}}",
-        your: "Je account is aangemaakt op {{createdAt}}"
-    },
-    inviteOnly: {
-        welcome: "Welkom bij SURFconext Invite",
-        roles: "Je hebt nog geen rollen.",
-        info: "SURFconext Invite is op uitnodiging. Neem bij vragen contact op met <a href='mailto:support@surfconext.nl'>support@surfconext.nl</a>.",
-        preLogin: "Of ",
-        login: "log in",
-        postLogin: " via een andere instelling",
-    },
-    missingAttributes: {
-        welcome: "Welkom bij SURFconext Invite",
-        attributes: "Je instelling gaf niet alle benodigde persoonsgegevens vrij. De volgende ontbreken:",
-        info: "Hulp nodig? Neem <a href='mailto:support@surfconext.nl'>contact met ons op</a>.",
-        preLogin: "Of ",
-        login: "log in",
-        postLogin: " via een andere instelling",
-        sub: "sub",
-        email: "email",
-        givenName: "voornaam",
-        familyName: "achternaam",
-        schacHomeOrganization: "schacHomeOrganisatie"
-    },
-    invitationAccept: {
-        hi: "Hoi{{name}},",
-        nextStep: "Volgende: veel plezier met deze rol",
-        expired: "Deze uitnodiging is verlopen op {{expiryDate}}",
-        expiredInfo: "Neem contact op met <a href='mailto:{{email}}'>{{email}}</a> en vraag om een nieuwe uitnodiging te sturen.",
-        invited: "Je bent uitgenodigd voor {{plural}} {{roles}} door {{inviter}} om {{authority}} te worden.",
-        invitedNoRoles: "Je bent uitgenodigd door {{inviter}} om {{authority}} te worden.",
-        enforceEmailEquality: " Deze uitnodiging kan alleen geaccepteerd worden door <strong>{{email}}</strong>.",
-        role: "rol",
-        roles: "rollen",
-        progress: "1",
-        info: "SURFconext Invite geeft toegang tot applicaties op basis van je rol.",
-        infoLogin: "Je kunt inloggen met je instellings-account of eduID.",
-        infoLoginEduIDOnly: "Je moet inloggen met eduID.",
-        infoLoginAgain: "Om de uitnodiging te accepteren moet je opnieuw inloggen.",
-        login: "Inloggen",
-        loginWithSub: "Inloggen",
-        emailMismatch: "De uitnodiger heeft aangegeven dat je de uitnodiging dient te accepteren met e-mailadres {{email}}, " +
-            "maar je bent ingelogd met een account met een ander e-mailadres. Log opnieuw in met een ander account."
-    },
-    inviter: {
-        welcome: "Welkom, {{name}}",
-        info: "Manage wie toegang krijgt tot <strong>onderwijsapplicaties</strong> bij <strong>jouw instelling</strong>.",
-        sendInvite: "Verstuur een uitnodiging",
-        viewHistory: "toon geschiedenis",
-        manage: "Je kunt gebruikers beheren en uitnodigingen versturen voor",
-        details: "Toon details",
-        history: "Geschiedenis van uitnodigingen"
-    },
-    institutionAdmin: {
-        welcome: "Welkom instellingsadmin van {{name}}! Je kan nu je eerste rol aanmaken en managers daarvoor uitnodigen.",
-        create: "Rol aanmaken"
-    },
-    tokens: {
-        title: "API-tokens",
-        new: "API-token toevoegen",
-        searchPlaceHolder: "Zoek naar API-tokens...",
-        noEntities: "Geen API-tokens",
-        titleNew: "Maak een API-token aan voor {{institutions}}",
-        backToOverview: "Terug naar alle API-tokens",
-        createdAt: "Aangemaakt op",
-        secretDisclaimer: "Je kan het API-token maar één keer zien. Kopieer het en bewaar het ergens veilig.<br><br>Als je het token kwijtraakt, verwijder het dan en maak een nieuwe aan.",
-        secret: "API-token",
-        secretValue: "One-way hashed token",
-        secretTooltip: "De waarde die je gebruikt in de X-API-TOKEN header",
-        description: "Omschrijving",
-        superUserToken: "Super User token",
-        organizationGUID: "Organization GUID",
-        descriptionPlaceHolder: "Omschrijving voor dit API-token",
-        descriptionTooltip: "Een omschrijving die de reden voor dit API-token omschrijft",
-        deleteFlash: "API-token is verwijderd",
-        deleteConfirmation: "Weet je zeker dat je dit API-token wil verwijderen?",
-        createFlash: "API-token is aangemaakt",
-        submit: "Opslaan",
-        required: "Een omschrijving is verplicht voor een API-token",
-    },
-    tooltips: {
-        userIcon: "Gebruiker {{name}} geprovisiond op {{createdAt}}, laatst actief op {{lastActivity}}",
-        impersonateIcon: "Doe gebruiker {{name}} na",
-        roleIcon: "Rol {{name}} aangemaakt op {{createdAt}}",
-        userRoleIcon: "Gebruikersrol geaccepteerd door {{name}} op {{createdAt}}",
-        invitationIcon: "Uitnodiging aan {{email}} verstuurd op {{createdAt}} met verloopdatum {{expiryDate}}",
-        roleShortName: "Een unieke korte naam voor de rol binnen een provisioning. Wordt gebruikt in de urn, daarom zijn niet alle tekens toegestaan.",
-        organizationGUID: "The Manage organizational identifier to scope the visibility of roles of the institution admin. Only specify a value if you are creating or editing this role on behalf of an institution admin",
-        roleUrn: "De urn van deze rol. Deze is gebaseerd op de opgeschoonde naam en de rol-identifier. Hij wordt gebruikt als de unieke globale identifier van deze rol en daarom zijn niet alle tekens toegestaan.",
-        manageService: "De vereiste applicatie uit SURFconext, die optioneel een provisioning heeft.",
-        defaultExpiryDays: "Het standaardaantal dagen waarna de rol verloopt, gerekend vanaf het moment dat de gebruiker de uitnodiging voor de rol accepteert.",
-        enforceEmailEqualityTooltip: "Indien ingeschakeld moet de genodigde de uitnodiging accepteren met een account dat hetzelfde e-mailadres voert als waarheen deze uitnodiging gestuurd is",
-        eduIDOnlyTooltip: "Indien ingeschakeld moeten de genodigden eduID gebruiken om in te loggen bij het accepteren",
-        roleExpiryDateTooltip: "De einddatum van deze rol. Na deze datum wordt de rol verwijderd bij de gebruiker.",
-        expiryDateTooltip: "De datum waarop deze uitnodiging verloopt",
-        inviterDisplayName: "De specifieke naam van de uitnodiger zal worden getoond in de uitnodiging.<br><br>Standaard tonen we de naam van de daadwerkelijke uitnodiger.",
-        rolesTooltip: "Alle rollen die de genodigden verkrijgen na het accepteren van de uitnodiging",
-        intendedAuthorityTooltip: "De autoriteit geeft de rechten aan die de genodigde verwerft na het accepteren van de uitnodiging",
-        inviteesTooltip: "Geef e-mailadressen op, gescheiden door komma, spatie of puntkomma, of op een eigen regel. Je kunt ook een csv-bestand plakken met daarin op elke regel een e-mailadres.",
-        removeInvitation: "Verwijder alle geselecteerde uitnodigingen",
-        removeOneInvitation: "Verwijder deze uitnodiging",
-        resendInvitation: "Verstuur al de geselecteerde uitnodigingen opnieuw",
-        resendOneInvitation: "Verstuur deze uitnodiging opnieuw",
-        inviter: "Verstuur uitnodigingen naar gebruikers die - na accepteren - en rol krijgen voor de applicatie",
-        overrideSettingsAllowed: "Indien ingeschakeld kunnen uitnodigingen voor de deze rol de geavanceerde configuratie aanpassen (waaronder of e-mailadres overeen moet komen, alleen accepteren met eduID en de verloop- en einddatum)",
-        removeUserRole: "Verwijder alle geselecteerde rollen",
-        removeOneUserRole: "Verwijder deze rol",
-        guestRoleIncludedTooltip: "Wil je dat de uitgenodigden ook gebruiker worden als ze de uitnodiging accepteren?",
-        expiredUserRole: "Deze rol gaat verlopen binnen een maand",
-    },
-    confirmationDialog: {
-        title: "Bevestig",
-        error: "Fout",
-        subTitle: "Deze actie vereist bevestiging",
-        subTitleError: "Er is een fout opgetreden",
-        confirm: "Bevestig",
-        ok: "OK",
-        cancel: "Annuleer",
-    },
-    footer: {
-        terms: "Gebruiksvoorwaarden",
-        termsLink: "https://support.surfconext.nl/terms-nl",
-        privacy: "Privacybeleid",
-        privacyLink: "https://support.surfconext.nl/privacy-nl",
-        surfLink: "https://surf.nl",
-    },
-    expirations: {
-        expires: "Verloopt {{relativeTime}}",
-        expired: "Verlopen {{relativeTime}}",
-        never: "Verloopt niet",
-        activity: {
-            now: "Zojuist",
-            seconds: "Vandaag",
-            minute: "Vandaag",
-            minutes: "Vandaag",
-            hour: "Vandaag",
-            hours: "Vandaag",
-            day: "Gisteren",
-            days: "Deze week",
-            week: "Deze week",
-            weeks: "Deze maand",
-            month: "Vorige maand",
-            months: "%s maanden geleden",
-            year: "1 jaar geleden",
-            years: "%s jaar geleden"
-        },
-        ago: {
-            now: "zojuist",
-            seconds: "%s seconden geleden",
-            minute: "1 minuut geleden",
-            minutes: "%s minuten geleden",
-            hour: "1 uur geleden",
-            hours: "%s uren geleden",
-            day: "1 dag geleden",
-            days: "%s dagen geleden",
-            week: "1 week geleden",
-            weeks: "%s weken geleden",
-            month: "1 maand geleden",
-            months: "%s maanden geleden",
-            year: "1 jaar geleden",
-            years: "%s jaren geleden"
-        },
-        in: {
-            now: "zojuist",
-            seconds: "na %s seconden",
-            minute: "na 1 minuut",
-            minutes: "na %s minuten",
-            hour: "na 1 uur",
-            hours: "na %s uur",
-            day: "na 1 dag",
-            days: "na %s dagen",
-            week: "na 1 week",
-            weeks: "na %s weken",
-            month: "onaver 1 maand",
-            months: "na%s maanden",
-            year: "na 1 jaar",
-            years: "na %s jaar"
-        }
-    },
-    notFound: {
-        alt: "404 Pagina niet gevonden"
-    },
-    system: {
-        trigger: "Trigger",
-        clear: "Clear",
-        cronInfo: "Roep de cron job aan die resources opruimt, zoals verlopen gebruikersrollen, verweesde gebruikers en inactieve gebruikers",
-        cronNotificationsInfo: "Roep de cron job aan die notificatie mails verstuurd voor gebruikersrollen die verlopen in X dagen",
-        noMails: "Geen notificatie mails zijn vertstuurd voor bijna verlopen gebruikersrollen",
-        performanceSeedInfo: "The performance seed is dummy / generated data to test the performance of the system. It is deleted when you run the tests.",
-        performanceSeed: "Insert performance seed",
-        performanceLoadTime: "Inserted following entities in ~{{minutes}} minutes"
-    },
-    unknownRoles: {
-        title: "Rollen gekoppeld aan applicaties die verwijderd zijn in Manage",
-        searchPlaceHolder: "Zoek...",
-        noRoles: "Yeah, no unknown manage applications"
+        title: "SURFconext ServiceDesk",
     },
-    expiredUserRoles: {
-        title: "Roles to be expired the next month",
-        searchPlaceHolder: "Zoek...",
-        noResults: "Yeah, no user-roles to be expired within one month"
-    }
 }
 
 export default nl;
diff --git a/servicedesk-gui/src/main.jsx b/servicedesk-gui/src/main.jsx
index db880dbe..5b13139e 100644
--- a/servicedesk-gui/src/main.jsx
+++ b/servicedesk-gui/src/main.jsx
@@ -5,14 +5,16 @@ import {BrowserRouter, Route, Routes} from "react-router-dom";
 import '@surfnet/sds/styles/sds.css';
 import '@surfnet/sds/cjs/index.css';
 import "react-tooltip/dist/react-tooltip.css";
-//Always keep these two last
 import './index.scss';
+import {StrictMode} from "react";
 
-
-createRoot(document.getElementById('root')).render(
-    <BrowserRouter>
-        <Routes>
-            <Route path="/*" element={<App/>}/>
-        </Routes>
-    </BrowserRouter>
-);
\ No newline at end of file
+const root = createRoot(document.getElementById("root"));
+root.render(
+    <StrictMode>
+        <BrowserRouter>
+            <Routes>
+                <Route path="/*" element={<App/>}/>
+            </Routes>
+        </BrowserRouter>
+    </StrictMode>
+);
diff --git a/servicedesk-gui/src/pages/Login.scss b/servicedesk-gui/src/pages/Login.scss
index 57d77569..932b2e12 100644
--- a/servicedesk-gui/src/pages/Login.scss
+++ b/servicedesk-gui/src/pages/Login.scss
@@ -1,4 +1,4 @@
-@import "../styles/vars.scss";
+@use "../styles/vars.scss" as *;
 
 .top-container {
 
diff --git a/servicedesk-gui/src/pages/NotFound.scss b/servicedesk-gui/src/pages/NotFound.scss
index ca6f8318..65dff15e 100644
--- a/servicedesk-gui/src/pages/NotFound.scss
+++ b/servicedesk-gui/src/pages/NotFound.scss
@@ -1,4 +1,4 @@
-@import "../styles/vars.scss";
+@use "../styles/vars.scss" as *;
 
 div.not-found {
     display: flex;
diff --git a/servicedesk-gui/src/stores/AppStore.js b/servicedesk-gui/src/stores/AppStore.js
index dc78c85c..59975b97 100644
--- a/servicedesk-gui/src/stores/AppStore.js
+++ b/servicedesk-gui/src/stores/AppStore.js
@@ -1,7 +1,6 @@
 import {create} from 'zustand'
 
 export const useAppStore = create(set => ({
-    csrfToken: null,
     authenticated: false,
     reload: false,
     config: {},
diff --git a/servicedesk-gui/src/styles/mixins.scss b/servicedesk-gui/src/styles/mixins.scss
index ccd65591..6c451171 100644
--- a/servicedesk-gui/src/styles/mixins.scss
+++ b/servicedesk-gui/src/styles/mixins.scss
@@ -1,4 +1,4 @@
-@import "../styles/vars";
+@use "../styles/vars" as *;
 
 
 @mixin input-field {
diff --git a/servicedesk-gui/src/styles/responsive.scss b/servicedesk-gui/src/styles/responsive.scss
index 57a1db1d..5df012b6 100644
--- a/servicedesk-gui/src/styles/responsive.scss
+++ b/servicedesk-gui/src/styles/responsive.scss
@@ -1,4 +1,4 @@
-@import "../styles/vars";
+@use "../styles/vars" as *;
 
 table {
 
diff --git a/servicedesk-gui/src/utils/QueryParameters.js b/servicedesk-gui/src/utils/QueryParameters.js
new file mode 100644
index 00000000..32df2f8e
--- /dev/null
+++ b/servicedesk-gui/src/utils/QueryParameters.js
@@ -0,0 +1,10 @@
+export function replaceQueryParameter(windowLocationSearch, name, value) {
+    const urlSearchParams = new URLSearchParams(windowLocationSearch);
+    urlSearchParams.set(name, value);
+    return "?" + urlSearchParams.toString();
+}
+
+export function getParameterByName(name, windowLocationSearch) {
+    const urlSearchParams = new URLSearchParams(windowLocationSearch);
+    return urlSearchParams.get(name);
+}
\ No newline at end of file
diff --git a/servicedesk-gui/src/utils/Utils.js b/servicedesk-gui/src/utils/Utils.js
new file mode 100644
index 00000000..042a43c7
--- /dev/null
+++ b/servicedesk-gui/src/utils/Utils.js
@@ -0,0 +1,52 @@
+export function stopEvent(e) {
+    if (e !== undefined && e !== null) {
+        e.preventDefault();
+        e.stopPropagation();
+        return false;
+    }
+    return true;
+}
+
+export function isEmpty(obj) {
+    if (obj === undefined || obj === null) {
+        return true;
+    }
+    if (Array.isArray(obj)) {
+        return obj.length === 0;
+    }
+    if (typeof obj === "string") {
+        return obj.trim().length === 0;
+    }
+    if (obj && obj.getTime) {
+        // eslint-disable-next-line
+        return obj.getTime() !== obj.getTime();
+    }
+    if (typeof obj === "object") {
+        return Object.keys(obj).length === 0;
+    }
+    return false;
+}
+
+export function pseudoGuid() {
+    return (crypto.randomUUID && crypto.randomUUID()) || Math.round((new Date().getTime() * Math.random() * 1000)).toString()
+}
+
+export const splitListSemantically = (arr, lastSeparator) => {
+    return [arr.slice(0, -1).join(", "), arr.slice(-1)[0]].join(arr.length < 2 ? "" : ` ${lastSeparator} `);
+}
+
+export const sanitizeURL = url => {
+    const protocol = new URL(url).protocol;
+    return ["https:", "http:"].includes(protocol) ? url : "about:blank";
+}
+
+export const distinctValues = (arr, attribute) => {
+    const distinctList = {};
+    return arr.filter(obj => {
+        if (distinctList[obj[attribute]]) {
+            return false;
+        }
+        distinctList[obj[attribute]] = true;
+        return true;
+    })
+}
diff --git a/servicedesk-gui/vite.config.js b/servicedesk-gui/vite.config.js
index d7bf0616..27564691 100644
--- a/servicedesk-gui/vite.config.js
+++ b/servicedesk-gui/vite.config.js
@@ -7,5 +7,18 @@ export default defineConfig({
     server: {
         port: 3002,
         open: true,
+        proxy: {
+            '/myconext/api': {
+                target: 'http://localhost:8081',
+                changeOrigin: false,
+                secure: false
+            },
+            '/config': {
+                target: 'http://localhost:8081',
+                changeOrigin: false,
+                secure: false
+            }
+        }
+
     },
 })
diff --git a/servicedesk-gui/yarn.lock b/servicedesk-gui/yarn.lock
index afa57caf..2773323c 100644
--- a/servicedesk-gui/yarn.lock
+++ b/servicedesk-gui/yarn.lock
@@ -2007,6 +2007,11 @@ iterator.prototype@^1.1.3:
     reflect.getprototypeof "^1.0.4"
     set-function-name "^2.0.1"
 
+js-cookie@^3.0.5:
+  version "3.0.5"
+  resolved "https://registry.yarnpkg.com/js-cookie/-/js-cookie-3.0.5.tgz#0b7e2fd0c01552c58ba86e0841f94dc2557dcdbc"
+  integrity sha512-cEiJEAEoIbWfCZYKWhVwFuvPX1gETRYPw6LlaTKoxD3s2AkXzkCjnp6h0V77ozyqj0jakteJ4YqDJT830+lVGw==
+
 "js-tokens@^3.0.0 || ^4.0.0", js-tokens@^4.0.0:
   version "4.0.0"
   resolved "https://registry.yarnpkg.com/js-tokens/-/js-tokens-4.0.0.tgz#19203fb59991df98e3a287050d4647cdeaf32499"