PUB-2535 - Updated validate JWT part 2 (#457)

* PUB-2535 - Updated validate JWT * PUB-2535 - Updated to only use Authorization header * PUB-2535 - Updated validate JWT (#459) * PUB-2535 - Updated validate JWT (#471)
hmcts · Oct 22, 2024 · 7aac30f · 7aac30f
1 parent 8e6da8e
commit 7aac30f
Showing 1 changed file with 14 additions and 34 deletions.
diff --git a/infrastructure/resources/operation-policies/sendOtpEmail.xml b/infrastructure/resources/operation-policies/sendOtpEmail.xml
@@ -1,39 +1,19 @@
 <policies>
   <inbound>
-    <choose>
-      <when condition="@(context.Request.Headers.GetValueOrDefault("Authorization","") != "")">
-        <validate-jwt header-name="Authorization" failed-validation-httpcode="401" failed-validation-error-message="Unauthorized. Access token is missing or invalid.">
-          <openid-config url="https://login.microsoftonline.com/{TENANT_ID}/v2.0/.well-known/openid-configuration" />
-          <audiences>
-            <audience>{CLIENT_ID}</audience>
-          </audiences>
-          <issuers>
-            <issuer>https://login.microsoftonline.com/{TENANT_ID}/v2.0</issuer>
-          </issuers>
-          <required-claims>
-            <claim name="roles" match="all">
-              <value>api.request.b2c</value>
-            </claim>
-          </required-claims>
-        </validate-jwt>
-      </when>
-      <otherwise>
-        <validate-jwt token-value="@((String)context.Request.Body.As<JObject>(preserveContent: true)["bearer"])" failed-validation-httpcode="401" failed-validation-error-message="Unauthorized. Access token is missing or invalid.">
-          <openid-config url="https://login.microsoftonline.com/{TENANT_ID}/v2.0/.well-known/openid-configuration" />
-          <audiences>
-            <audience>{CLIENT_ID}</audience>
-          </audiences>
-          <issuers>
-            <issuer>https://login.microsoftonline.com/{TENANT_ID}/v2.0</issuer>
-          </issuers>
-          <required-claims>
-            <claim name="roles" match="all">
-              <value>api.request.b2c</value>
-            </claim>
-          </required-claims>
-        </validate-jwt>
-      </otherwise>
-    </choose>
+    <validate-jwt header-name="Authorization" failed-validation-httpcode="401" failed-validation-error-message="Unauthorized. Access token is missing or invalid.">
+      <openid-config url="https://login.microsoftonline.com/{TENANT_ID}/v2.0/.well-known/openid-configuration" />
+      <audiences>
+        <audience>{CLIENT_ID}</audience>
+      </audiences>
+      <issuers>
+        <issuer>https://login.microsoftonline.com/{TENANT_ID}/v2.0</issuer>
+      </issuers>
+      <required-claims>
+        <claim name="roles" match="all">
+          <value>api.request.b2c</value>
+        </claim>
+      </required-claims>
+    </validate-jwt>
     <cors>
       <allowed-origins>
         <origin>*</origin>