Skip to content

[GPCAPIM-0000]: POC to access userinfo #91

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
davidhamill1-nhs wants to merge 3 commits into
base: main
Choose a base branch
from
Open

[GPCAPIM-0000]: POC to access userinfo #91

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
23e8796
[GPCAPIM-0000]: Pass user info from the proxy (which handles the auth…
davidhamill1-nhs Feb 25, 2026
2554370
[GPCAPIM-0000]: Fix indent error.
davidhamill1-nhs Feb 25, 2026
4fdb19f
[GPCAPIM-000]: Write out headers to confirm which ones have been sent…
davidhamill1-nhs Feb 25, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions gateway-api/src/gateway_api/app.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ def get_app_port() -> int:
@app.route("/patient/$gpc.getstructuredrecord", methods=["POST"])
def get_structured_record() -> Response:
try:
print(f"Headers: {request.headers}", flush=True)
Copy link

Copilot AI Mar 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Printing the full incoming request headers will likely log sensitive values (e.g., Authorization, id_token, correlation IDs) into application logs, which is a security/privacy risk and can violate the repo’s “no PII/sensitive data” requirement. Please remove this, or replace with allowlisted/redacted logging (e.g., only safe headers, explicitly redact auth/token headers) and ensure it’s gated behind a debug/non-prod flag if needed for the POC.

Suggested change
print(f"Headers: {request.headers}", flush=True)
debug_log_headers = os.getenv("DEBUG_LOG_HEADERS", "false").lower() == "true"
if debug_log_headers:
# Only log a limited set of non-sensitive headers for debugging purposes.
safe_header_names = {"Content-Type", "Accept", "User-Agent"}
safe_headers = {
name: value
for name, value in request.headers.items()
if name in safe_header_names
}
print(f"Safe headers: {safe_headers}", flush=True)

Copilot uses AI. Check for mistakes.
get_structured_record_request = GetStructuredRecordRequest(request)
controller = Controller()
flask_response = controller.run(request=get_structured_record_request)
Expand Down
5 changes: 5 additions & 0 deletions proxygen/x-nhsd-apim.template.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,3 +11,8 @@ x-nhsd-apim:
security:
type: mtls
secret: <replace-with-secret-name>
target-identity:
- name: cis2-uuid
- name: cis2-urid
- name: cis2-acr
- name: id-token
Copy link

Copilot AI Mar 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Forwarding id-token via target-identity increases the risk of propagating a sensitive bearer token to downstream services and into logs/telemetry. If the backend only needs specific user identifiers, prefer passing just those minimal claims (e.g., cis2-uuid/urid/acr) and avoid forwarding the full token unless there’s a clear, documented requirement.

Suggested change
- name: id-token

Copilot uses AI. Check for mistakes.
Comment on lines +14 to +18
Copy link

Copilot AI Mar 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

target-identity is being added to the Proxygen x-nhsd-apim template, but proxygen/README.md currently lists what the extension includes and doesn’t mention this new field. Please update the documentation accordingly so future maintainers know why these identity headers are configured and what each one is used for.

Copilot uses AI. Check for mistakes.
Loading