From c2266b4c1937348b14a89403ceb78a1393bab1fc Mon Sep 17 00:00:00 2001
From: Trong Huu Nguyen <trong.huu.nguyen@nav.no>
Date: Mon, 4 Nov 2024 13:25:28 +0100
Subject: [PATCH] fix: correct assertion for get_token
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Tommy Trøen <tommy.troen@nav.no>
Co-authored-by: Kim Tore Jensen <kimtjen@gmail.com>
---
 src/identity_provider.rs | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/identity_provider.rs b/src/identity_provider.rs
index ca056c3..2582061 100644
--- a/src/identity_provider.rs
+++ b/src/identity_provider.rs
@@ -10,7 +10,7 @@ use axum::response::IntoResponse;
 use log::error;
 use reqwest::StatusCode;
 use crate::handlers::{ApiError, HandlerState};
-use crate::types::{TokenRequest, TokenResponse};
+use crate::types::{IdentityProvider, TokenRequest, TokenResponse};
 
 pub trait TokenRequestFactory {
     fn token_request(config: TokenRequestConfig) -> Option<Self>
@@ -189,7 +189,11 @@ where
         _state: HandlerState,
         request: TokenRequest,
     ) -> Result<impl IntoResponse, ApiError> {
-        let assertion = self.create_assertion(AssertionClaimType::WithScope(request.target.clone())).unwrap();
+        let assertion = match request.identity_provider {
+            IdentityProvider::AzureAD => self.create_assertion(AssertionClaimType::WithSub(self.client_id.clone())).unwrap(),
+            IdentityProvider::TokenX => self.create_assertion(AssertionClaimType::WithScope(self.client_id.clone())).unwrap(),
+            IdentityProvider::Maskinporten => self.create_assertion(AssertionClaimType::WithScope(request.target.clone())).unwrap()
+        };
 
         let params = T::token_request(TokenRequestConfig {
             target: request.target,