From b2fe8810bb68df5c073a7d12af26e426bdab9c9d Mon Sep 17 00:00:00 2001
From: Young-Jin Chung <young-jin.chung@bc.gov.ca>
Date: Thu, 2 Dec 2021 10:16:50 -0800
Subject: [PATCH 1/2] security fix

---
 Server/HetsApi/Startup.cs | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/Server/HetsApi/Startup.cs b/Server/HetsApi/Startup.cs
index d4400cc3a..b704eabf2 100644
--- a/Server/HetsApi/Startup.cs
+++ b/Server/HetsApi/Startup.cs
@@ -108,13 +108,8 @@ public void ConfigureServices(IServiceCollection services)
             {
                 options.Authority = Configuration.GetValue<string>("JWT:Authority");
                 options.Audience = Configuration.GetValue<string>("JWT:Audience");
-                options.RequireHttpsMetadata = false;
                 options.IncludeErrorDetails = true;
                 options.EventsType = typeof(HetsJwtBearerEvents);
-                //options.TokenValidationParameters = new TokenValidationParameters()
-                //{
-                //    ValidateAudience = false
-                //};
             });
 
             // setup authorization

From 8659ebec7243bb0563fea508dfb6e1b8c34609bd Mon Sep 17 00:00:00 2001
From: Young-Jin Chung <young-jin.chung@bc.gov.ca>
Date: Thu, 2 Dec 2021 10:26:47 -0800
Subject: [PATCH 2/2] version 1.10.2

---
 Server/HetsApi/HetsApi.csproj   | 2 +-
 Server/HetsApi/appsettings.json | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/Server/HetsApi/HetsApi.csproj b/Server/HetsApi/HetsApi.csproj
index 99ca1bb90..54d787d59 100644
--- a/Server/HetsApi/HetsApi.csproj
+++ b/Server/HetsApi/HetsApi.csproj
@@ -12,7 +12,7 @@
   <PropertyGroup>
     <VersionPrefix>1.0.0.0</VersionPrefix>
     <VersionSuffix>sprint1</VersionSuffix>
-    <Version>1.10.1.0</Version>
+    <Version>1.10.2.0</Version>
   </PropertyGroup>
 
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|AnyCPU'">
diff --git a/Server/HetsApi/appsettings.json b/Server/HetsApi/appsettings.json
index cba32c1dc..38c0c27b8 100644
--- a/Server/HetsApi/appsettings.json
+++ b/Server/HetsApi/appsettings.json
@@ -13,8 +13,8 @@
     "LogoffUrl-Training": "https://logontest.gov.bc.ca/clp-cgi/logoff.cgi?returl=https://trn-hets.th.gov.bc.ca&retnow=1",
     "LogoffUrl-UAT": "https://logontest.gov.bc.ca/clp-cgi/logoff.cgi?returl=https://uat-hets.th.gov.bc.ca&retnow=1",
     "LogoffUrl-Production": "https://logon.gov.bc.ca/clp-cgi/logoff.cgi?returl=https://hets.th.gov.bc.ca&retnow=1",
-    "Version-Application": "Release 1.10.1.0",
-    "Version-Database": "Release 1.10.1.0",
+    "Version-Application": "Release 1.10.2.0",
+    "Version-Database": "Release 1.10.2.0",
     "Maximum-Blank-Agreements": "3",
     "ExceptionDescriptions": {
       "HETS-01": "Record not found",