From 2edb5f77a41aafbedf919c077a9d49fa2624209d Mon Sep 17 00:00:00 2001
From: Remy van der Wereld <r.van.der.wereld@amsterdam.nl>
Date: Mon, 16 Dec 2024 12:31:34 +0100
Subject: [PATCH] Update authentication token usage to access_token; modify
 OIDC scope for API permissions

---
 src/app/features/shared/routing/components/ProtectedRoute.tsx | 2 +-
 src/app/state/auth/oidc/oidcConfig.ts                         | 2 +-
 src/app/state/rest/hooks/useProtectedRequest.ts               | 4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/app/features/shared/routing/components/ProtectedRoute.tsx b/src/app/features/shared/routing/components/ProtectedRoute.tsx
index 6f8cd8ad3..ca1302f33 100644
--- a/src/app/features/shared/routing/components/ProtectedRoute.tsx
+++ b/src/app/features/shared/routing/components/ProtectedRoute.tsx
@@ -10,7 +10,7 @@ type Props = {
  */
 const ProtectedRoute: React.FC<Props> = ({ page: Page, ...restProps }) => {
   const auth = useAuth()
-  const token = auth.user?.id_token
+  const token = auth.user?.access_token
 
   return token
     ? <Page { ...restProps } />
diff --git a/src/app/state/auth/oidc/oidcConfig.ts b/src/app/state/auth/oidc/oidcConfig.ts
index 77298e248..8e6bfd10b 100644
--- a/src/app/state/auth/oidc/oidcConfig.ts
+++ b/src/app/state/auth/oidc/oidcConfig.ts
@@ -6,7 +6,7 @@ export const oidcConfig = {
   client_id: `${ env.VITE_OIDC_CLIENT_ID }`,
   redirect_uri: `${ env.VITE_OIDC_REDIRECT_URL }`,
   response_type: "code",
-  scope: "openid email",
+  scope: `openid email api://${ env.VITE_OIDC_CLIENT_ID }/user_impersonation`,
   post_logout_redirect_uri: `${ env.VITE_OIDC_REDIRECT_URL }`,
   metadata: {
     issuer: "https://login.microsoftonline.com/72fca1b1-2c2e-4376-a445-294d80196804/v2.0",
diff --git a/src/app/state/rest/hooks/useProtectedRequest.ts b/src/app/state/rest/hooks/useProtectedRequest.ts
index 4b43cebc5..bf8d20bff 100644
--- a/src/app/state/rest/hooks/useProtectedRequest.ts
+++ b/src/app/state/rest/hooks/useProtectedRequest.ts
@@ -9,7 +9,7 @@ const useProtectedRequest = () => {
   const request = useRequest()
 
   return useCallback(async (method: Method, url: string, data?: unknown, additionalHeaders = {}) => {
-    const token = auth.user?.id_token
+    const token = auth.user?.access_token
     const headers = {
       Authorization: `Bearer ${ token }`,
       ...additionalHeaders
@@ -21,7 +21,7 @@ const useProtectedRequest = () => {
       headers
     )
     return response
-  }, [auth.user?.id_token, request])
+  }, [auth.user?.access_token, request])
 }
 
 export default useProtectedRequest