From 33a967df4d1a18faa6a380399e7293fed5293da8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B8rn=20Dybvik=20Langfors?= <bdl@digdir.no>
Date: Wed, 23 Oct 2024 15:58:23 +0200
Subject: [PATCH 1/2] Fix XACML attribute id for system users

---
 .../Altinn/Authorization/DecisionRequestHelper.cs               | 2 +-
 .../DecisionRequestHelperTests.cs                               | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Digdir.Domain.Dialogporten.Infrastructure/Altinn/Authorization/DecisionRequestHelper.cs b/src/Digdir.Domain.Dialogporten.Infrastructure/Altinn/Authorization/DecisionRequestHelper.cs
index 4315957fe..f2297fc3c 100644
--- a/src/Digdir.Domain.Dialogporten.Infrastructure/Altinn/Authorization/DecisionRequestHelper.cs
+++ b/src/Digdir.Domain.Dialogporten.Infrastructure/Altinn/Authorization/DecisionRequestHelper.cs
@@ -19,7 +19,7 @@ internal static class DecisionRequestHelper
     private const string AltinnAutorizationDetailsClaim = "authorization_details";
     private const string AttributeIdOrg = "urn:altinn:org";
     private const string AttributeIdApp = "urn:altinn:app";
-    private const string AttributeIdSystemUser = "urn:altinn:systemuser";
+    private const string AttributeIdSystemUser = "urn:altinn:systemuser:uuid";
     private const string AttributeIdUserId = "urn:altinn:userid";
     private const string ReservedResourcePrefixForApps = "app_";
     private const string AttributeIdAppInstance = "urn:altinn:instance-id";
diff --git a/tests/Digdir.Domain.Dialogporten.Infrastructure.Unit.Tests/DecisionRequestHelperTests.cs b/tests/Digdir.Domain.Dialogporten.Infrastructure.Unit.Tests/DecisionRequestHelperTests.cs
index f7a7538e7..e23c180e5 100644
--- a/tests/Digdir.Domain.Dialogporten.Infrastructure.Unit.Tests/DecisionRequestHelperTests.cs
+++ b/tests/Digdir.Domain.Dialogporten.Infrastructure.Unit.Tests/DecisionRequestHelperTests.cs
@@ -152,7 +152,7 @@ public void CreateDialogDetailsRequestShouldReturnCorrectRequestForSystemUser()
         var accessSubject = result.Request.AccessSubject.First();
         Assert.Equal("s1", accessSubject.Id);
         Assert.Contains(accessSubject.Attribute, a => a.AttributeId == "urn:altinn:foo" && a.Value == "bar");
-        Assert.Contains(accessSubject.Attribute, a => a.AttributeId == "urn:altinn:systemuser" && a.Value == "unique_systemuser_id");
+        Assert.Contains(accessSubject.Attribute, a => a.AttributeId == "urn:altinn:systemuser:uuid" && a.Value == "unique_systemuser_id");
     }
 
     [Fact]

From 32fba9b5df7d45766b5de184ee72d4d15751b9d1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B8rn=20Dybvik=20Langfors?= <bdl@digdir.no>
Date: Wed, 23 Oct 2024 16:09:27 +0200
Subject: [PATCH 2/2] Clarify constant names

---
 .../Common/Extensions/ClaimsPrincipalExtensions.cs        | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/Digdir.Domain.Dialogporten.Application/Common/Extensions/ClaimsPrincipalExtensions.cs b/src/Digdir.Domain.Dialogporten.Application/Common/Extensions/ClaimsPrincipalExtensions.cs
index 28e4f4df8..b25af8c28 100644
--- a/src/Digdir.Domain.Dialogporten.Application/Common/Extensions/ClaimsPrincipalExtensions.cs
+++ b/src/Digdir.Domain.Dialogporten.Application/Common/Extensions/ClaimsPrincipalExtensions.cs
@@ -21,8 +21,8 @@ public static class ClaimsPrincipalExtensions
     private const string IdPrefix = "0192";
     private const string AltinnClaimPrefix = "urn:altinn:";
     private const string IdportenAuthLevelClaim = "acr";
-    private const string AltinnAutorizationDetailsClaim = "authorization_details";
-    private const string AttributeIdSystemUser = "urn:altinn:systemuser";
+    private const string AuthorizationDetailsClaim = "authorization_details";
+    private const string AuthorizationDetailsType = "urn:altinn:systemuser";
     private const string AltinnAuthLevelClaim = "urn:altinn:authlevel";
     private const string ScopeClaim = "scope";
     private const char ScopeClaimSeparator = ' ';
@@ -85,7 +85,7 @@ private static bool TryGetAuthorizationDetailsClaimValue(this ClaimsPrincipal cl
     {
         authorizationDetails = null;
 
-        if (!claimsPrincipal.TryGetClaimValue(AltinnAutorizationDetailsClaim, out var authDetailsJson))
+        if (!claimsPrincipal.TryGetClaimValue(AuthorizationDetailsClaim, out var authDetailsJson))
         {
             return false;
         }
@@ -125,7 +125,7 @@ public static bool TryGetSystemUserId(this ClaimsPrincipal claimsPrincipal,
             return false;
         }
 
-        var systemUserDetails = authorizationDetails.FirstOrDefault(x => x.Type == AttributeIdSystemUser);
+        var systemUserDetails = authorizationDetails.FirstOrDefault(x => x.Type == AuthorizationDetailsType);
 
         if (systemUserDetails?.SystemUserIds is null)
         {