Objects API integration: pausing and restarting DigiD form causes hashed BSNs to be sent to the Objects API (only Demo BSN?)

[alextreme]

Product versie / Product version

2.4.0

Omschrijf het probleem / Describe the bug

Submitted and analysed via DH OF Taiga 617

When pausing and restarting a DigiD form which uses the Objects API registration backend the bsn is sent to the Objects API as a hashed value.

After testing we can only reproduce this using the Demo BSN DigiD registration backend. Requires further analysis to first determine why this occurred for DH.

This seemed to be a regression of #2301 from Open Formulieren 1.1.8.

Further analysis from @LaurensBurger and me, this issue is applicable for:

• Demo BSN DigiD

This is not applicable:

• DigiD-SAML (because requires you to relogin)
• DigiD-OIDC within 15 minutes (continue during the same DigiD session)
• DigiD-OIDC >15 minutes (new DigiD session)

Unknown, to be tested:

• eHerkenning-SAML?
• eHerkenning-OIDC?

[joeribekker]

Refinement: Adding to milestone but low prio because it appears to only be happening with the demo plugin (which is still weird).

[alextreme]

@joeribekker the Taiga issue was updated that Laurens was able to reproduce this by pauzing and restarting twice in combination with the DigiD-OIDC integration. As such it is more relevant than only the demo plugin.

[SilviaAmAm]

I could reproduce it by logging in with DigiD (OIDC), pausing/resuming the form, and then submitting the form.

Edit:

Found how to reproduce consistently also on other environments/plugins:

• Create a form with a authentication plugin
• Create a step that does NOT require login
• Log in to fill in the form
• Pause the form
• Resume the form => Look in the submission, the BSN is hashed.

If the step DOES require login, then this problem does not happen.