get connect user siret and store it in local storage

back/src/config/bootstrap/appConfig.ts

@@ -324,7 +324,7 @@ export class AppConfig {
           ? "https://fake-pro-connect.url"
           : undefined,
       ),
-      scope: "openid given_name usual_name email custom",
+      scope: "openid given_name usual_name email custom siret",
     };
   }
 

back/src/domains/core/authentication/inclusion-connect/adapters/oauth-gateway/HttpOAuthGateway.ts

@@ -152,6 +152,7 @@ export class HttpOAuthGateway implements OAuthGateway {
         lastName: oAuthIdTokenPayload.usual_name,
         email: oAuthIdTokenPayload.email,
         structure_pe: oAuthIdTokenPayload.custom.structureTravail,
+        siret: oAuthIdTokenPayload.siret,
       },
     };
   }

back/src/domains/core/authentication/inclusion-connect/entities/OAuthIdTokenPayload.ts

@@ -1,4 +1,4 @@
-import { Email, ExternalId, emailSchema } from "shared";
+import { Email, ExternalId, SiretDto, emailSchema, siretSchema } from "shared";
 import { z } from "zod";
 
 type ProviderTokenPayloadBase = {
@@ -15,6 +15,7 @@ export type IcOAuthIdTokenPayload = ProviderTokenPayloadBase & {
 
 export type ProConnectOAuthIdTokenPayload = ProviderTokenPayloadBase & {
   usual_name: string;
+  siret: SiretDto;
   custom: {
     structureTravail?: string;
   };
@@ -39,4 +40,5 @@ export const proConnectAuthTokenPayloadSchema: z.Schema<ProConnectOAuthIdTokenPa
     custom: z.object({
       structureTravail: z.string().optional(),
     }),
+    siret: siretSchema,
   });

back/src/domains/core/authentication/inclusion-connect/port/OAuthGateway.ts

@@ -22,6 +22,7 @@ export type GetAccessTokenPayload = {
   lastName: string;
   email: Email;
   structure_pe?: string;
+  siret?: string; // remove optional when inclusion connect is removed
 };
 
 export type GetAccessTokenResult = {

back/src/domains/core/authentication/inclusion-connect/use-cases/AuthenticateWithInclusionCode.ts

@@ -189,6 +189,7 @@ export class AuthenticateWithInclusionCode extends TransactionalUseCase<
       firstName: newOrUpdatedAuthenticatedUser.firstName,
       lastName: newOrUpdatedAuthenticatedUser.lastName,
       email: newOrUpdatedAuthenticatedUser.email,
+      siret: payload.siret,
       idToken,
     })}`;
   }

front/src/app/routes/InclusionConnectedPrivateRoute.tsx

@@ -22,6 +22,7 @@ import { useAppSelector } from "src/app/hooks/reduxHooks";
 import { FrontAdminRouteTab } from "src/app/pages/admin/AdminTabs";
 import { routes } from "src/app/routes/routes";
 import { loginIllustration } from "src/assets/img/illustrations";
+import { outOfReduxDependencies } from "src/config/dependencies";
 import { authSelectors } from "src/core-logic/domain/auth/auth.selectors";
 import { authSlice } from "src/core-logic/domain/auth/auth.slice";
 import { featureFlagSelectors } from "src/core-logic/domain/featureFlags/featureFlags.selector";
@@ -133,6 +134,7 @@ export const InclusionConnectedPrivateRoute = ({
       firstName = "",
       lastName = "",
       idToken = "",
+      siret = "",
     } = route.params;
 
     if (token) {
@@ -149,6 +151,10 @@ export const InclusionConnectedPrivateRoute = ({
           feedbackTopic: "auth-global",
         }),
       );
+      outOfReduxDependencies.localDeviceRepository.set(
+        "connectedUserSiret",
+        siret,
+      );
       const { token: _, ...routeParams } = route.params;
       routes[route.name](routeParams as any).replace();
     }

front/src/app/routes/routes.ts

@@ -33,6 +33,7 @@ export type AcquisitionParams = Partial<{
 type AcquisitionParamsKeys = keyof typeof acquisitionParams;
 
 const inclusionConnectedParams = createInclusionConnectedParams({
+  siret: param.query.optional.string,
   page: param.query.optional.string,
   token: param.query.optional.string,
   firstName: param.query.optional.string,

front/src/core-logic/domain/auth/auth.epics.ts

@@ -79,6 +79,7 @@ const deleteFederatedIdentityFromDevice: AuthEpic = (
   action$.pipe(
     filter(authSlice.actions.federatedIdentityDeletionTriggered.match),
     tap(() => localDeviceRepository.delete("federatedIdentityWithUser")),
+    tap(() => localDeviceRepository.delete("connectedUserSiret")),
     tap(() => localDeviceRepository.delete("partialConventionInUrl")),
     map(() => authSlice.actions.federatedIdentityInDeviceDeletionSucceeded()),
   );

front/src/core-logic/ports/DeviceRepository.ts

@@ -13,7 +13,8 @@ export type LocalStoragePair =
   | GenericPair<"partialConventionInUrl", Partial<ConventionParamsInUrl>>
   | GenericPair<"adminToken", string>
   | GenericPair<"federatedIdentityWithUser", FederatedIdentityWithUser>
-  | GenericPair<"searchResultExternal", SearchResultDto>;
+  | GenericPair<"searchResultExternal", SearchResultDto>
+  | GenericPair<"connectedUserSiret", string>;
 
 export type SessionStoragePair =
   | GenericPair<"acquisitionParams", WithAcquisition>

shared/src/inclusionConnect/inclusionConnect.dto.ts

@@ -28,6 +28,7 @@ export type WithSourcePage = {
 export type AuthenticatedUserQueryParams = {
   token: InclusionConnectJwt;
   idToken: string;
+  siret?: string; // remove optional when inclusion connect is removed
 } & Pick<User, "email" | "firstName" | "lastName">;
 
 type InclusionConnectConventionManageAllowedRole =