feat(portal-self-service): NL DS + DigiD self-service submit form (closes #67) #71

Merged
not merged 5 commits from feat/67-self-service-form into main 2026-07-01 11:52:33 +00:00
Contributor

What & why

S-08c — the self-service submit form. A zorgprofessional logs in via mock DigiD and submits a
BIG registration through the portal; the bsn comes from the token (confirm-and-submit, no bsn field),
and the page confirms with the BFF's returned reference. NL Design System styling.

Closes #67

Definition of Done

  • Failing tests before implementation (component + axe → red; page → green).
  • Conventional Commits (refs #67).
  • CI: frontend lane green — lint + test + build across all 4 projects.
  • Component tests (@testing-library/angular) + axe WCAG 2.1 AA on the submit page.
  • Docs — docs/frontend-decisions.md entries + demo note.

Notes for reviewers

  • libs/ui — NL DS via Utrecht (@utrecht/component-library-angular + design-tokens). The v3
    components are NgModule-based, so libs/ui re-exports UtrechtComponentsModule (+ the classes, so
    AOT resolves the template directives); standalone components import the module. §10's "no NgModules"
    = our code, not third-party.
  • libs/auth — DigiD OIDC (angular-auth-oidc-client, auth-code + PKCE, digid realm). A small
    mockable AuthService abstraction + a token HttpInterceptor + an authenticatedGuard (unit-
    tested). OIDC authority/secureApiOrigin are dev defaults; the compose-served app overrides them
    and handles the browser-vs-container issuer alignment in S-08d (where the real login is e2e-tested).
  • Tests are headless: component tests mock auth + the api-client; axe runs scoped to WCAG 2.1 AA
    tags with lang set. The real DigiD browser round-trip + NL DS visual rendering are not validated
    here — that's S-08d (Playwright). Flagging that explicitly.
  • Cleaned up two demo-template leftovers: eslint depConstraints (scope:shop/shared → permissive
    *) and raised the self-service bundle budget (NL DS + OIDC legitimately add weight).

🤖 Generated with Claude Code

## What & why **S-08c** — the self-service submit form. A zorgprofessional logs in via **mock DigiD** and submits a BIG registration through the portal; the bsn comes from the token (confirm-and-submit, no bsn field), and the page confirms with the BFF's returned reference. **NL Design System** styling. Closes #67 ## Definition of Done - [x] Failing tests before implementation (component + axe → red; page → green). - [x] Conventional Commits (`refs #67`). - [x] CI: `frontend` lane green — lint + test + build across all 4 projects. - [x] Component tests (`@testing-library/angular`) + **axe WCAG 2.1 AA** on the submit page. - [x] Docs — `docs/frontend-decisions.md` entries + demo note. ## Notes for reviewers - **`libs/ui` — NL DS via Utrecht** (`@utrecht/component-library-angular` + design-tokens). The v3 components are NgModule-based, so `libs/ui` re-exports `UtrechtComponentsModule` (+ the classes, so AOT resolves the template directives); standalone components import the module. §10's "no NgModules" = our code, not third-party. - **`libs/auth` — DigiD OIDC** (`angular-auth-oidc-client`, auth-code + PKCE, `digid` realm). A small mockable **`AuthService`** abstraction + a token `HttpInterceptor` + an `authenticatedGuard` (unit- tested). OIDC `authority`/`secureApiOrigin` are dev defaults; the compose-served app overrides them and handles the browser-vs-container issuer alignment in **S-08d** (where the real login is e2e-tested). - **Tests are headless:** component tests mock auth + the api-client; axe runs scoped to WCAG 2.1 AA tags with `lang` set. The real DigiD browser round-trip + NL DS visual rendering are **not** validated here — that's S-08d (Playwright). Flagging that explicitly. - Cleaned up two demo-template leftovers: eslint `depConstraints` (`scope:shop/shared` → permissive `*`) and raised the self-service bundle budget (NL DS + OIDC legitimately add weight). 🤖 Generated with [Claude Code](https://claude.com/claude-code)
not added 3 commits 2026-07-01 11:13:42 +00:00
Scaffold libs/ui (NL Design System via Utrecht components) and libs/auth (DigiD OIDC
over angular-auth-oidc-client: mockable AuthService, provider, token interceptor,
authenticated guard). Failing component + axe tests for the RegistrationPage: it must
show the signed-in BSN, submit to the BFF (mocked api-client) and confirm, with no
WCAG 2.1 AA violations. The page is a stub, so the behaviour tests fail; green follows.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
RegistrationPage shows the signed-in BSN and submits to the BFF via the generated
api-client, confirming with the returned reference; built from NL Design System
(Utrecht) components. Wire the guarded route + app providers (DigiD OIDC + token
interceptor + HttpClient), the NL DS theme, and lang=nl. Component tests
(Testing Library) + axe (WCAG 2.1 AA) pass; a guard test covers libs/auth. Replace
the demo eslint depConstraints (scope:shop/shared) with a permissive default.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
docs(portal-self-service): record NL DS + DigiD decisions and demo note (refs #67)
All checks were successful
CI / lint (pull_request) Successful in 1m6s
CI / build (pull_request) Successful in 50s
CI / unit (pull_request) Successful in 1m0s
CI / verify-stack (pull_request) Successful in 5m46s
CI / frontend (pull_request) Successful in 1m27s
CI / mutation (pull_request) Successful in 3m56s
29f3dcc6cf
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
not added the type:slicearea:portal-self-service labels 2026-07-01 11:13:53 +00:00
not added 1 commit 2026-07-01 11:23:21 +00:00
fix(portal-self-service): re-export the full Utrecht package from libs/ui (refs #67)
Some checks failed
CI / lint (pull_request) Successful in 1m5s
CI / build (pull_request) Successful in 51s
CI / unit (pull_request) Successful in 59s
CI / mutation (pull_request) Successful in 3m54s
CI / frontend (pull_request) Successful in 1m30s
CI / verify-stack (pull_request) Has been cancelled
5089c2aea6
Importing UtrechtComponentsModule pulls every component it exports into the AOT
compiler scope, so all must be resolvable through the ui barrel; a partial
re-export failed a fresh build with NG3004 (masked locally by the Nx build cache,
surfaced by nx serve / a --skip-nx-cache build). Re-export the whole package.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
not added 1 commit 2026-07-01 11:26:44 +00:00
fix(portal-self-service): run checkAuth() at startup to end the login redirect loop (refs #67)
All checks were successful
CI / lint (pull_request) Successful in 1m6s
CI / build (pull_request) Successful in 53s
CI / unit (pull_request) Successful in 1m3s
CI / frontend (pull_request) Successful in 1m56s
CI / mutation (pull_request) Successful in 3m55s
CI / verify-stack (pull_request) Successful in 4m34s
074101e836
Without an app-init auth check, the DigiD callback (?code=…) was never processed, so
the guard kept seeing 'not authenticated' and re-triggered login — an infinite
redirect loop. Add withAppInitializerAuthCheck() so checkAuth() runs before the router
and guard, establishing the session on the callback.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
not merged commit 4416d1f4ed into main 2026-07-01 11:52:33 +00:00
Sign in to join this conversation.