chore(web-api): fixed OverrideClaim, check for serviceproviderscope i…

…n middleware (#1037)

Fixed OverrideClaim in ServiceOwnerOnBehalfOfPersonMiddleware, check for
serviceproviderscope in ServiceOwnerOnBehalfOfPersonMiddleware

src/Digdir.Domain.Dialogporten.WebApi/Common/Authentication/ServiceOwnerOnBehalfOfPersonMiddleware.cs

@@ -1,5 +1,7 @@
 using System.Security.Claims;
+using Digdir.Domain.Dialogporten.Application.Common.Extensions;
 using Digdir.Domain.Dialogporten.Domain.Parties;
+using Digdir.Domain.Dialogporten.WebApi.Common.Authorization;
 using Digdir.Domain.Dialogporten.WebApi.Common.Extensions;
 
 namespace Digdir.Domain.Dialogporten.WebApi.Common.Authentication;
@@ -22,6 +24,11 @@ public Task InvokeAsync(HttpContext context)
             return _next(context);
         }
 
+        if (!context.User.HasScope(AuthorizationScope.ServiceProvider))
+        {
+            return _next(context);
+        }
+
         if (!context.Request.Query.TryGetValue(EndUserId, out var endUserIdQuery))
         {
             return _next(context);
@@ -53,21 +60,13 @@ private static void OverrideClaim(ClaimsPrincipal claimsPrincipal, string claimT
         {
             throw new InvalidOperationException("ClaimsPrincipal does not have a ClaimsIdentity.");
         }
-
-        if (!claimsPrincipal.HasClaim(claim => claim.Type == claimType))
+        var existingPidClaims = claimsPrincipal
+            .FindAll(c => c.Type == claimType)
+            .ToList();
+        foreach (var pidClaim in existingPidClaims)
         {
-            identity.AddClaim(new Claim(claimType, newClaimValue));
-            return;
+            pidClaim.Subject?.RemoveClaim(pidClaim);
         }
-
-        foreach (var ident in claimsPrincipal.Identities)
-        {
-            foreach (var claim in ident.FindAll(c => c.Type == claimType))
-            {
-                ident.RemoveClaim(claim);
-            }
-        }
-
         identity.AddClaim(new Claim(claimType, newClaimValue));
     }
 }