Skip to content

AuthorizedParties filter on the requesting serviceowner and specific resource access#1750

Merged
jonkjetiloye merged 16 commits intomainfrom
feat/POC_ProviderFilterOnAuthorizedParties
Jan 12, 2026
Merged

AuthorizedParties filter on the requesting serviceowner and specific resource access#1750
jonkjetiloye merged 16 commits intomainfrom
feat/POC_ProviderFilterOnAuthorizedParties

Conversation

@jonkjetiloye
Copy link
Member

@jonkjetiloye jonkjetiloye commented Nov 17, 2025
edited
Loading

Description

Both enduser and resourceowner endpoints:

  • Added new filter parameter: anyOfResourceIds
    • Used for filter response where subject has access to any of the specified resources

resourceowner endpoint:

  • Added new filter parameter: orgCode
    • Used to filter the response to a specific service owner code
    • Admin scope: can filter for any service owner code
    • Otherwise authorized against either
      • urn:altinn:org claim in token
      • lookup of consumer organization id against service owner register

Related Issue(s)

Verification

  • Your code builds clean without any errors or warnings
  • Manual testing done (required)
  • Relevant automated test added (if you find this hard, leave it and we'll help out)
  • All tests run green

Documentation

  • User documentation is updated with a separate linked PR in altinn-studio-docs. (if applicable)

github-advanced-security[bot]
github-advanced-security bot found potential problems Nov 17, 2025
View reviewed changes
Jon Kjetil Øye added 4 commits December 22, 2025 09:20
rollback RoleConstants.cs changes i poc branch after merge
4d402bb
- cleanup old outcommented code
2f400dd 
- implement role filtering of A2 authorizedParties
- prep A3 resource and package filtering
- add bruno request for testing provider filter
- completed provider and anyResource filter implementation
681f29f
- cleanup: moved provider and resource filter processing to its own m…
bbc6d4d 
…ethod
@jonkjetiloye jonkjetiloye marked this pull request as ready for review January 5, 2026 08:59
@jonkjetiloye jonkjetiloye changed the title POC attempt at filtering authorized parties based on the requesting serviceowner AuthorizedParties filter on the requesting serviceowner and specific resource access Jan 5, 2026
- Introduced orgCode filter as query param
5053094 
- Added authorization logic for orgCode param
- renamed AnyResource query param to AnyOfResourceIds
Thuen
Thuen reviewed Jan 9, 2026
View reviewed changes
Copy link
Contributor

@Thuen Thuen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fjern ubrukt IServiceProvider ellers ok, bare noen små kommentarer.
Ikke fått testet bruno testene, men antar de er ok,

Jon Kjetil Øye added 4 commits January 9, 2026 18:13
merge with main
84ffb9f
delete duplicate/conflicting requests
95e8c5c
- prep bruno tests OrgCode and AnyOfResourceIds filter
848dd76
- Bugfix: where if Provider and/or Resource filters does not include …
923822a 
…resources with accesspackages -> ConnectionQuery must be skipped

- Rewrite AuthorizedPartyRepoServiceEf to no longer use SortedDictionary
- Rewrite AuthorizedPartiesServiceEf.ProcessProviderAndResourceFilters logic for the change in AuthorizedPartyRepoServiceEf to no longer use SortedDictionary
@jonkjetiloye jonkjetiloye merged commit 7d1d931 into main Jan 12, 2026
6 of 8 checks passed
@jonkjetiloye jonkjetiloye deleted the feat/POC_ProviderFilterOnAuthorizedParties branch January 12, 2026 12:34
@jonkjetiloye jonkjetiloye mentioned this pull request Jan 12, 2026
Merged
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Thuen Thuen Thuen approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jonkjetiloye @Thuen