Ed-Fi-Alliance-OSS · axelmarquezh · Dec 17, 2024
diff --git a/Application/EdFi.Ods.Features/TokenInfo/TokenInfoOperation.cs b/Application/EdFi.Ods.Features/TokenInfo/TokenInfoOperation.cs
@@ -0,0 +1,14 @@
+// SPDX-License-Identifier: Apache-2.0
+// Licensed to the Ed-Fi Alliance under one or more agreements.
+// The Ed-Fi Alliance licenses this file to you under the Apache License, Version 2.0.
+// See the LICENSE and NOTICES files in the project root for more information.
+
+using System.Collections.Generic;
+
+namespace EdFi.Ods.Features.TokenInfo;
+
+public class TokenInfoOperation
+{
+    public string Name { get; set; }
+    public IReadOnlyCollection<string> AuthorizationStrategies { get; set; }
+}
diff --git a/Application/EdFi.Ods.Features/TokenInfo/TokenInfoProvider.cs b/Application/EdFi.Ods.Features/TokenInfo/TokenInfoProvider.cs
@@ -6,16 +6,17 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
+using System.Reflection;
 using System.Threading;
 using System.Threading.Tasks;
 using EdFi.Common.Extensions;
 using EdFi.Ods.Api.Security.Authorization.AuthorizationBasis;
+using EdFi.Ods.Api.Security.AuthorizationStrategies;
 using EdFi.Ods.Api.Security.Claims;
 using EdFi.Ods.Common.Extensions;
 using EdFi.Ods.Common.Models;
 using EdFi.Ods.Common.Security;
 using EdFi.Ods.Common.Security.Authorization;
-using EdFi.Ods.Common.Security.Claims;
 using EdFi.Security.DataAccess.Repositories;
 using NHibernate;
 using NHibernate.Transform;
@@ -28,7 +29,7 @@ public class TokenInfoProvider(
         IClaimSetClaimsProvider claimSetClaimsProvider,
         IResourceClaimUriProvider resourceClaimUriProvider,
         ISecurityRepository securityRepository,
-        IClaimSetRequestEvaluator claimSetRequestEvaluator)
+        IAuthorizationBasisMetadataSelector authorizationBasisMetadataSelector)
         : ITokenInfoProvider
     {
         public async Task<TokenInfo> GetTokenInfoAsync(ApiClientContext apiContext)
@@ -77,25 +78,37 @@ private IReadOnlyList<TokenInfoResource> GetAuthorizedResources(ApiClientContext
                     var claimUris = resourceClaimUriProvider.GetResourceClaimUris(r);
 
                     var authorizedActions = securityRepository.GetActions()
-                        .Where(action =>
+                        .Select(action =>
                         {
                             try
                             {
-                                return claimSetRequestEvaluator.EvaluateRequest(
-                                    apiContext.ClaimSetName, claimUris, action.ActionUri).Success;
+                                var authMetadata =
+                                      authorizationBasisMetadataSelector.SelectAuthorizationBasisMetadata(
+                                          apiContext.ClaimSetName, claimUris, action.ActionUri);
+
+                                return (action, authMetadata);
                             }
-                            catch (AuthorizationContextException)
+                            catch
                             {
-                                return false;
+                                // Action isn't authorized if an exception is thrown
+                                return default;
                             }
                         })
-                        .Select(action => action.ActionName)
+                        .Where(aa => aa != default)
                         .ToList();
 
                     return new TokenInfoResource
                     {
                         Resource = $"/{r.SchemaUriSegment()}/{r.PluralName.ToCamelCase()}",
-                        Operations = authorizedActions
+                        Operations = authorizedActions.Select(
+                            aa => new TokenInfoOperation
+                            {
+                                Name = aa.action.ActionName,
+                                AuthorizationStrategies =
+                                    aa.authMetadata.AuthorizationStrategies.Select(
+                                            aus => aus.GetType().GetCustomAttribute<AuthorizationStrategyNameAttribute>()?.Name)
+                                        .ToList()
+                            }).ToList()
                     };
                 })
                 .Where(tir => tir.Operations.Any())

diff --git a/Application/EdFi.Ods.Features/TokenInfo/TokenInfoResource.cs b/Application/EdFi.Ods.Features/TokenInfo/TokenInfoResource.cs
@@ -10,5 +10,5 @@ namespace EdFi.Ods.Features.TokenInfo;
 public class TokenInfoResource
 {
     public string Resource { get; set; }
-    public IReadOnlyList<string> Operations { get; set; }
+    public IReadOnlyList<TokenInfoOperation> Operations { get; set; }
 }
diff --git a/Application/EdFi.Ods.Tests/EdFi.Ods.Features/TokenInfo/TokenInfoProviderTests.cs b/Application/EdFi.Ods.Tests/EdFi.Ods.Features/TokenInfo/TokenInfoProviderTests.cs
@@ -124,7 +124,7 @@ public async Task Should_get_education_organization_identifiers_for_a_user_lea_c
                 A.Fake<IClaimSetClaimsProvider>(), 
                 A.Fake<IResourceClaimUriProvider>(), 
                 A.Fake<ISecurityRepository>(), 
-                A.Fake<IClaimSetRequestEvaluator>());
+                A.Fake<IAuthorizationBasisMetadataSelector>());
 
             var results = await tokenInfoProvider.GetTokenInfoAsync(CreateApiContext());