From 423c0c17bd8cc9a1dd093bbbaf54cafbb596a1d4 Mon Sep 17 00:00:00 2001
From: simonredfern <simon@tesobe.com>
Date: Wed, 14 Jan 2026 13:44:02 +0100
Subject: [PATCH] JKS endpoint tagged OAuth and OIDC 2 adding tags - and adding
 SuperAdmin Entitlement

---
 obp-api/src/main/scala/code/api/util/ApiTag.scala    |  2 ++
 .../main/scala/code/api/v6_0_0/APIMethods600.scala   | 12 ++++++++++--
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/obp-api/src/main/scala/code/api/util/ApiTag.scala b/obp-api/src/main/scala/code/api/util/ApiTag.scala
index bd4c41f01..38208d32d 100644
--- a/obp-api/src/main/scala/code/api/util/ApiTag.scala
+++ b/obp-api/src/main/scala/code/api/util/ApiTag.scala
@@ -18,6 +18,8 @@ object ApiTag {
   val apiTagTransactionRequestAttribute = ResourceDocTag("Transaction-Request-Attribute")
   val apiTagVrp = ResourceDocTag("VRP")
   val apiTagApi = ResourceDocTag("API")
+  val apiTagOAuth = ResourceDocTag("OAuth")
+  val apiTagOIDC = ResourceDocTag("OIDC")
   val apiTagBank = ResourceDocTag("Bank")
   val apiTagBankAttribute = ResourceDocTag("Bank-Attribute")
   val apiTagAccount = ResourceDocTag("Account")
diff --git a/obp-api/src/main/scala/code/api/v6_0_0/APIMethods600.scala b/obp-api/src/main/scala/code/api/v6_0_0/APIMethods600.scala
index d7a601178..38abee8f3 100644
--- a/obp-api/src/main/scala/code/api/v6_0_0/APIMethods600.scala
+++ b/obp-api/src/main/scala/code/api/v6_0_0/APIMethods600.scala
@@ -1074,7 +1074,15 @@ trait APIMethods600 {
             entitlements <- NewStyle.function.getEntitlementsByUserId(u.userId, callContext)
           } yield {
             val permissions: Option[Permission] = Views.views.vend.getPermissionForUser(u).toOption
-            val currentUser = UserV600(u, entitlements, permissions)
+            // Add SuperAdmin virtual entitlement if user is super admin
+            // NOTE: We ONLY use this Role in order to create CanCreateEntitlementAtAnyBank and also delete.
+            // Thus it is a boot straping Role. Useful to have in response so the API Manager shows Create Entitlement page to the User.
+            val finalEntitlements = if (APIUtil.isSuperAdmin(u.userId)) {
+              entitlements ::: List(Entitlement.entitlement.vend.addEntitlement("", u.userId, "SuperAdmin"))
+            } else {
+              entitlements
+            }
+            val currentUser = UserV600(u, finalEntitlements, permissions)
             val onBehalfOfUser = if(cc.onBehalfOfUser.isDefined) {
               val user = cc.onBehalfOfUser.toOption.get
               val entitlements = Entitlement.entitlement.vend.getEntitlementsByUserId(user.userId).headOption.toList.flatten
@@ -5449,7 +5457,7 @@ trait APIMethods600 {
                 description = Constant.ABAC_POLICY_DESCRIPTIONS.getOrElse(policy, "No description available")
               )
             }
-            
+
             (AbacPoliciesJsonV600(policies), HttpCode.`200`(callContext))
           }
       }