From 616c9bd6bd6e16e70c913a99b359d887829dd529 Mon Sep 17 00:00:00 2001
From: Philip Frerk <p.frerk@diamant-software.de>
Date: Thu, 7 Sep 2023 15:24:06 +0200
Subject: [PATCH] fix token validation

---
 .../Versteigerungs-App/Controllers/AuctionController.cs        | 1 -
 .../Versteigerungs-App/Controllers/BiddingController.cs        | 1 -
 .../Versteigerungs-App/Controllers/DeviceGroupsController.cs   | 1 -
 .../Versteigerungs-App/Controllers/DevicesController.cs        | 1 -
 backend/Versteigerungs-App/Versteigerungs-App/appsettings.json | 3 ++-
 frontend/components/api.ts                                     | 2 +-
 6 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/backend/Versteigerungs-App/Versteigerungs-App/Controllers/AuctionController.cs b/backend/Versteigerungs-App/Versteigerungs-App/Controllers/AuctionController.cs
index 151ffdc..63ac3e6 100644
--- a/backend/Versteigerungs-App/Versteigerungs-App/Controllers/AuctionController.cs
+++ b/backend/Versteigerungs-App/Versteigerungs-App/Controllers/AuctionController.cs
@@ -10,7 +10,6 @@ namespace Versteigerungs_App.Controllers
     [Route("api/auction")]
     [ApiController]
     [Authorize]
-    [RequiredScope("unrestricted")]
     public class AuctionController : ControllerBase
     {
         private readonly IAuctionService _auctionService;
diff --git a/backend/Versteigerungs-App/Versteigerungs-App/Controllers/BiddingController.cs b/backend/Versteigerungs-App/Versteigerungs-App/Controllers/BiddingController.cs
index 6abd3b9..6a38e35 100644
--- a/backend/Versteigerungs-App/Versteigerungs-App/Controllers/BiddingController.cs
+++ b/backend/Versteigerungs-App/Versteigerungs-App/Controllers/BiddingController.cs
@@ -10,7 +10,6 @@ namespace Versteigerungs_App.Controllers
     [Route("api/bid")]
     [ApiController]
     [Authorize]
-    [RequiredScope("unrestricted")]
     public class BiddingController : ControllerBase
     {
         private readonly IBiddingService _biddingService;
diff --git a/backend/Versteigerungs-App/Versteigerungs-App/Controllers/DeviceGroupsController.cs b/backend/Versteigerungs-App/Versteigerungs-App/Controllers/DeviceGroupsController.cs
index 997d7b8..1c6d6e1 100644
--- a/backend/Versteigerungs-App/Versteigerungs-App/Controllers/DeviceGroupsController.cs
+++ b/backend/Versteigerungs-App/Versteigerungs-App/Controllers/DeviceGroupsController.cs
@@ -10,7 +10,6 @@ namespace DeviceAuctionAPI.Controllers;
 [Route("api/device-groups")]
 [ApiController]
 [Authorize]
-[RequiredScope("unrestricted")]
 public class DeviceGroupsController : ControllerBase
 {
     private readonly IDevicesRepository _devicesRepository;
diff --git a/backend/Versteigerungs-App/Versteigerungs-App/Controllers/DevicesController.cs b/backend/Versteigerungs-App/Versteigerungs-App/Controllers/DevicesController.cs
index 9bf8be3..9673b0f 100644
--- a/backend/Versteigerungs-App/Versteigerungs-App/Controllers/DevicesController.cs
+++ b/backend/Versteigerungs-App/Versteigerungs-App/Controllers/DevicesController.cs
@@ -10,7 +10,6 @@ namespace Versteigerungs_App.Controllers
     [Route("api/device-groups/{groupId}/devices")]
     [ApiController]
     [Authorize]
-    [RequiredScope("unrestricted")]
     public class DevicesController : ControllerBase
     {
         private readonly IDeviceService _deviceService;
diff --git a/backend/Versteigerungs-App/Versteigerungs-App/appsettings.json b/backend/Versteigerungs-App/Versteigerungs-App/appsettings.json
index 66a9632..f88fc7e 100644
--- a/backend/Versteigerungs-App/Versteigerungs-App/appsettings.json
+++ b/backend/Versteigerungs-App/Versteigerungs-App/appsettings.json
@@ -27,6 +27,7 @@
     "Domain": "versteigerungen.onmicrosoft.com",
     "TenantId": "393f7f62-ffae-4740-b443-bd04273d7320",
     "SignedOutCallbackPath": "/signout/B2C_1_flow1",
-    "SignUpSignInPolicyId": "B2C_1_flow1"
+    "SignUpSignInPolicyId": "B2C_1_flow1",
+    "AllowWebApiToBeAuthorizedByACL" : true
   }
 }
diff --git a/frontend/components/api.ts b/frontend/components/api.ts
index 59eb911..c2011b4 100644
--- a/frontend/components/api.ts
+++ b/frontend/components/api.ts
@@ -17,7 +17,7 @@ instance.interceptors.request.use(async (config) => {
     });
 
     if (accessTokenResponse) {
-      const accessToken = accessTokenResponse.accessToken;
+      const accessToken = accessTokenResponse.idToken;
       if (config.headers && accessToken) {
         config.headers['Authorization'] = 'Bearer ' + accessToken;
       }