From 10b3d5b26722c36b1cd922022adae22cd548a4bc Mon Sep 17 00:00:00 2001 From: James Gunn Date: Wed, 20 Sep 2023 13:33:22 +0100 Subject: [PATCH] Don't send TrnLookupStatus claim without TRN --- .../src/TeacherIdentity.AuthServer/UserClaimHelper.cs | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/dotnet-authserver/src/TeacherIdentity.AuthServer/UserClaimHelper.cs b/dotnet-authserver/src/TeacherIdentity.AuthServer/UserClaimHelper.cs index 3ec6a9c55..ac02ba443 100644 --- a/dotnet-authserver/src/TeacherIdentity.AuthServer/UserClaimHelper.cs +++ b/dotnet-authserver/src/TeacherIdentity.AuthServer/UserClaimHelper.cs @@ -91,9 +91,6 @@ public async Task> GetPublicClaims(Guid userId, TrnMa if (trnMatchPolicy is not null) { - Debug.Assert(user.TrnLookupStatus.HasValue); - claims.Add(new Claim(CustomClaims.TrnLookupStatus, user.TrnLookupStatus!.Value.ToString())); - var haveSufficientTrnMatch = user.Trn is not null && (trnMatchPolicy == TrnMatchPolicy.Default || user.TrnVerificationLevel == TrnVerificationLevel.Medium || @@ -102,7 +99,10 @@ public async Task> GetPublicClaims(Guid userId, TrnMa if (haveSufficientTrnMatch) { + Debug.Assert(user.Trn is not null); + Debug.Assert(user.TrnLookupStatus.HasValue); claims.Add(new Claim(CustomClaims.Trn, user.Trn!)); + claims.Add(new Claim(CustomClaims.TrnLookupStatus, user.TrnLookupStatus!.Value.ToString())); if (trnMatchPolicy == TrnMatchPolicy.Strict) {