digipolisantwerp · Jan-Bart · Nov 17, 2022 · Nov 17, 2022 · Nov 17, 2022 · Nov 17, 2022
diff --git a/assets/callback.png b/assets/callback.png
diff --git a/assets/consent.png b/assets/consent.png
diff --git a/assets/oauth-config.png b/assets/oauth-config.png
diff --git a/assets/shared-identity.png b/assets/shared-identity.png
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@digipolis/auth",
-  "version": "2.3.2",
+  "version": "2.3.4",
   "description": "",
   "main": "dist/index.cjs.js",
   "module": "dist/index.es.js",

diff --git a/readme.md b/readme.md
@@ -133,12 +133,10 @@ After creating your application on the api store, you should create a contract w
 and the Consent API (if you want to enable SSO)
 ![Create Contract consent](/assets/consent.png "Create contract consent")
 
-The next step is to navigate to your applications and clicking on actions
+The next step is to navigate to your applications in the publisher and clicking on Instellingen > Client Keys > `<environment>`
 
-![actions](/assets/oauth-config.png "actions")
 
-
-Click on oauth2 config. You'll find your clientId and secret here.
+You'll find your clientId and secret here.
 
 ![configure callback](/assets/callback.png "callback")
 
@@ -259,7 +257,7 @@ after logout.
 | Name                  | Assurance level | Context    | Description                                                    |
 | --------------------- | --------------- | -----------|--------------------------------------------------------------- |
 | iam-aprofiel-userpass | low             | citizen    | Our default aprofiel authentication with username and password |
-| iam-aprofiel-phone   | low             | citizen    | Our aprofiel authentication with phone and code |
+| iam-aprofiel-phone    | low             | citizen    | Our aprofiel authentication with phone and code |
 | fas-citizen-bmid      | substantial     | citizen    | Belgian Mobile ID (e.g. Itsme)                                 |
 | fas-citizen-otp       | substantial     | citizen    | Authentication with one time password      (e.g. sms)          |
 | fas-citizen-totp      | substantial     | citizen    | Time-based one time password   (e.g. Google Authenticator)     |

diff --git a/src/controller.js b/src/controller.js
@@ -73,8 +73,10 @@ export default function createController(config) {
     } = options;
 
     if (auth_methods && auth_methods.length > 0) {
+      auth_methods = auth_methods.replace('astad.aprofiel.v1', 'iam-aprofiel-userpass');
       return auth_methods;
     }
+
     if (!['citizen', 'enterprise', 'enterprise-citizen'].includes(context)) {
       logger.info(`context ${context} not known, fallback to citizen`);
       context = 'citizen';

diff --git a/test/login.js b/test/login.js
@@ -86,6 +86,41 @@ describe('GET /login', function onDescribe() {
     router.handle(req, res);
   });
 
+  it('should replace auth method "astad.aprofiel.v1" with "iam-aprofiel-userpass"', function onIt(done) {
+    const router = createRouter(mockExpress, correctConfig);
+    const host = 'http://www.app.com';
+    let redirectUrl = false;
+
+    const req = reqres.req({
+      url: '/auth/login',
+      query: {
+        auth_methods: 'astad.aprofiel.v1'
+      },
+      get: () => host,
+      session: {
+        save: (cb) => cb(),
+      },
+    });
+
+    const res = reqres.res({
+      header: () => { },
+      redirect(val) {
+        redirectUrl = val
+        this.emit('end');
+      }
+    });
+
+    res.redirect.bind(res);
+
+    res.on('end', () => {
+      assert(redirectUrl);
+      assert(redirectUrl.includes('auth_methods=iam-aprofiel-userpass'));
+      return done();
+    });
+
+    router.handle(req, res);
+  });
+
   it('should redirect to login with extra scopes if scopeGroups query param is supplied', function onIt(done) {
     const config = Object.assign({}, correctConfig, {
       scopeGroups: {