Client Roles not appearing in tokens generated for my API

[ikethecoder]

API Services Portal Issue

User Story

As an API Provider,

I want the generated credential to include the Client Roles in the JWT token

so that it can pass the authorization check on the Gateway before reaching my API.

Test Case

ENV

• DEV
• TEST
• PROD

TESTCASE

• Follow the tutorial to setup Client Credential Flow on the API Services Portal (https://bcgov.github.io/aps-infra-platform/guides/tutorial-idp-client-cred-flow/)
• Setup Client Roles (role-1, role-2) in the IdP and reference them in the Authorization Profile
• Request access and approve with roles role-1 and role-2

EXPECTED

• The generated credential has a "resource_access" claim in the token that shows the two roles, and the aud includes the Client ID used for integrating with the IdP

ACTUAL

• The Token does not include the resource_access claim and the aud is missing

ERROR

Notes

Some additional observations while testing:

• When setting the roles up in the Authorization Profile, some of the roles have a " " in front of it, leading to an error when trying to assign it to a Consumer
• On Approval and Consumer Environment Edit, changing Roles does not work as expected

[ikethecoder]

Feature branch: feature/fix-client-roles