From 253225932ea448152fd8aa28d1eca42c5c13f0a6 Mon Sep 17 00:00:00 2001
From: Behnam Mozafari <behnam.mozafari@thetradedesk.com>
Date: Thu, 21 May 2026 14:18:40 +1000
Subject: [PATCH] UID2-XXXX: accept euid.admin.ss-portal Okta scope

Adds EUID_SS_PORTAL enum entry to OktaCustomScope so the uid2-admin
auth middleware accepts the new euid.admin.ss-portal scope. Same
Role.SHARING_PORTAL mapping as the existing uid2.admin.ss-portal entry.
---
 src/main/java/com/uid2/admin/auth/OktaCustomScope.java   | 1 +
 .../java/com/uid2/admin/auth/OktaCustomScopeTest.java    | 9 +++++++++
 2 files changed, 10 insertions(+)

diff --git a/src/main/java/com/uid2/admin/auth/OktaCustomScope.java b/src/main/java/com/uid2/admin/auth/OktaCustomScope.java
index c60a08141..d1fd7aed0 100644
--- a/src/main/java/com/uid2/admin/auth/OktaCustomScope.java
+++ b/src/main/java/com/uid2/admin/auth/OktaCustomScope.java
@@ -8,6 +8,7 @@
 @Getter
 public enum OktaCustomScope {
     SS_PORTAL("uid2.admin.ss-portal", Role.SHARING_PORTAL),
+    EUID_SS_PORTAL("euid.admin.ss-portal", Role.SHARING_PORTAL),
     SECRET_ROTATION("uid2.admin.secret-rotation", Role.SECRET_ROTATION),
     SITE_SYNC("uid2.admin.site-sync", Role.PRIVATE_OPERATOR_SYNC),
     METRICS_EXPORT("uid2.admin.metrics-export", Role.METRICS_EXPORT),
diff --git a/src/test/java/com/uid2/admin/auth/OktaCustomScopeTest.java b/src/test/java/com/uid2/admin/auth/OktaCustomScopeTest.java
index 400f3afcc..e249c4cb7 100644
--- a/src/test/java/com/uid2/admin/auth/OktaCustomScopeTest.java
+++ b/src/test/java/com/uid2/admin/auth/OktaCustomScopeTest.java
@@ -1,6 +1,8 @@
 package com.uid2.admin.auth;
 
+import com.uid2.shared.auth.Role;
 import org.junit.jupiter.api.Assertions;
+import org.junit.jupiter.api.Test;
 import org.junit.jupiter.params.ParameterizedTest;
 import org.junit.jupiter.params.provider.Arguments;
 import org.junit.jupiter.params.provider.MethodSource;
@@ -23,4 +25,11 @@ private static Stream<Arguments> testFromNameData() {
     public void testFromName(final String name, final OktaCustomScope scope) {
         Assertions.assertEquals(scope, OktaCustomScope.fromName(name));
     }
+
+    @Test
+    void euidSsPortalScopeIsRecognised() {
+        OktaCustomScope scope = OktaCustomScope.fromName("euid.admin.ss-portal");
+        Assertions.assertNotNull(scope);
+        Assertions.assertEquals(Role.SHARING_PORTAL, scope.getRole());
+    }
 }