diff --git a/src/Api/Controllers/PhishingDomainsController.cs b/src/Api/Controllers/PhishingDomainsController.cs index f35522c9d4..08a063ad25 100644 --- a/src/Api/Controllers/PhishingDomainsController.cs +++ b/src/Api/Controllers/PhishingDomainsController.cs @@ -5,7 +5,7 @@ using Microsoft.AspNetCore.Mvc; namespace Bit.Api.Controllers; [Route("phishing-domains")] -[Authorize("Application")] +[Authorize("PhishingDomains")] public class PhishingDomainsController(IPhishingDomainRepository phishingDomainRepository) : Controller { [HttpGet] diff --git a/src/Api/Startup.cs b/src/Api/Startup.cs index 0b80625175..d16259b9e6 100644 --- a/src/Api/Startup.cs +++ b/src/Api/Startup.cs @@ -143,6 +143,14 @@ public class Startup (c.Value.Contains(ApiScopes.Api) || c.Value.Contains(ApiScopes.ApiSecrets)) )); }); + config.AddPolicy("PhishingDomains", policy => + { + policy.RequireAuthenticatedUser(); + policy.RequireAssertion(ctx => + ctx.User.HasClaim(c => c.Type == JwtClaimTypes.Scope && + (c.Value == ApiScopes.ApiLicensing || c.Value == ApiScopes.Api)) + ); + }); }); services.AddScoped(); diff --git a/src/Core/PhishingDomainFeatures/CloudPhishingDomainRelayQuery.cs b/src/Core/PhishingDomainFeatures/CloudPhishingDomainRelayQuery.cs index da279dab9a..2685d36a7f 100644 --- a/src/Core/PhishingDomainFeatures/CloudPhishingDomainRelayQuery.cs +++ b/src/Core/PhishingDomainFeatures/CloudPhishingDomainRelayQuery.cs @@ -21,7 +21,7 @@ public class CloudPhishingDomainRelayQuery : BaseIdentityClientService, ICloudPh httpFactory, globalSettings.Installation.ApiUri, globalSettings.Installation.IdentityUri, - "api.installation", + "api.licensing", $"installation.{globalSettings.Installation.Id}", globalSettings.Installation.Key, logger)