Merge pull request #1386 from ORCID/openAssertionServiceEndpoints

DanielPalafox · web-flow · commit 8719313ea0a3 · 2026-03-30T06:35:55.000-06:00
allowing permission link endpoint access
diff --git a/assertion-service-2/src/main/java/org/orcid/mp/assertion/config/SecurityConfig.java b/assertion-service-2/src/main/java/org/orcid/mp/assertion/config/SecurityConfig.java
@@ -29,6 +29,7 @@ public class SecurityConfig {
     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         http
                 .authorizeHttpRequests(authorize -> authorize
+                        .requestMatchers("/id-token", "/assertion/record/**").permitAll()
                         .requestMatchers("/internal/**").hasAuthority("SCOPE_internal")
                         .anyRequest().authenticated()
                 )

Original file line number	Diff line number	Diff line change
`@@ -29,6 +29,7 @@ public class SecurityConfig {`
`29`	`29`	`public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {`
`30`	`30`	`http`
`31`	`31`	`.authorizeHttpRequests(authorize -> authorize`
	`32`	`+ .requestMatchers("/id-token", "/assertion/record/**").permitAll()`
`32`	`33`	`.requestMatchers("/internal/**").hasAuthority("SCOPE_internal")`
`33`	`34`	`.anyRequest().authenticated()`
`34`	`35`	`)`