make sure we only set the "sandbox" scope for Kaiser in the sandbox e…

…nvironment.

definitions/factory.go

@@ -68,8 +68,7 @@ func GetSourceDefinition(
  if err != nil {
  return nil, fmt.Errorf("error retrieving platform definition (%s): %w", platformType, err)
  }
- //TODO: merge endpoint data into platform definition
-
+ //platform environment specific customizations happen in Populate method
  platformDefinition.Populate(&endpoint, options.Env, options.ClientIdLookup)
 
  return platformDefinition, err
@@ -93,8 +92,6 @@ func getPlatformDefinition(platformType pkg.PlatformType) (*models.LighthouseSou
  return nil, fmt.Errorf("error retrieving platform definition (%s): %w", platformType, err)
  }
 
- //TODO: set the platform environment specific customizations
-
  return platformDefinition, nil
 }
 

definitions/models/lighthouse_endpoint_definition.go

@@ -93,8 +93,12 @@ func (def *LighthouseSourceDefinition) Populate(
  def.IntrospectionEndpoint = "https://authorization.cerner.com/tokeninfo"
  }
 
- def.Issuer = def.Url
+ if def.PlatformType == pkg.PlatformTypeKaiser && env == pkg.FastenLighthouseEnvSandbox {
+ def.Scopes = append(def.Scopes, "sandbox")
+ }
 
+ //Common defaults. All customizations should be above this line
+ def.Issuer = def.Url
  // retrieve client-id, if available
  if clientId, clientIdOk := clientIdLookup[def.PlatformType]; clientIdOk {
  def.ClientId = clientId

definitions/platform/kaiser.yaml

@@ -5,7 +5,7 @@ scopes_supported:
  - patient/*.read
  - launch/patient
  - offline_access
- - sandbox
+# - sandbox # this scope will be added dynamically depending on the Lighthouse environment (required for sandbox, not for production)
 grant_types_supported:
  - authorization_code
 response_types_supported: