diff --git a/src/openforms/authentication/models.py b/src/openforms/authentication/models.py index 940bb467b1..a793c191fe 100644 --- a/src/openforms/authentication/models.py +++ b/src/openforms/authentication/models.py @@ -19,7 +19,7 @@ DigiDContext, DigiDMachtigenContext, EHerkenningContext, - EHerkenningMachtigenContext, + EHerkenningMachtigenContext, EmployeeContext, ) logger = logging.getLogger(__name__) @@ -254,6 +254,7 @@ def to_auth_context_data( | DigiDMachtigenContext | EHerkenningContext | EHerkenningMachtigenContext + | EmployeeContext ): if self.attribute_hashed: logger.debug( @@ -347,6 +348,21 @@ def to_auth_context_data( "branchNumber" ] = branch_number return ehm_context + + # Experimental feature that is different from the defined authentication context. + # This will have to be re-worked and re-thought-out, and will most definitely change. + # This is a fix for #4863 + case (AuthAttribute.employee_id, ""): + employee_context: EmployeeContext = { + "source": "custom", + "levelOfAssurance": self.loa, + "representee": { + "identifierType": "employee_id", + "identifier": self.value, + }, + } + return employee_context + case _: # pragma: no cover raise RuntimeError(f"Unknown attribute: {self.attribute}") diff --git a/src/openforms/authentication/types.py b/src/openforms/authentication/types.py index 96da16bb45..62e1dfad5b 100644 --- a/src/openforms/authentication/types.py +++ b/src/openforms/authentication/types.py @@ -80,3 +80,15 @@ class EHMandate(TypedDict): class EHerkenningMachtigenContext(EHerkenningContext): representee: EHRepresenteeEntity mandate: EHMandate + + +class EmployeeRepresenteeEntity(TypedDict): + identifierType: Literal["employee_id"] + identifier: str + + +# This type definition is highly experimental, and will most definitely change +class EmployeeContext(TypedDict): + source: Literal["custom"] + levelOfAssurance: None + representee: EmployeeRepresenteeEntity