OpenConext · pablothedude · May 27, 2025 · Apr 16, 2025 · Apr 22, 2025
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,9 @@
 # Changelog
 
+# 5.0.6
+- Fix: Vetting with a self asserted token is not allowed when adding a token, the user is always
+  directed to the RA vetting page #466
+
 # 5.0.5
 - Use a SAML (entitlement) attribute to decide what activation flows
   a user may use #336

diff --git a/composer.lock b/composer.lock
diff --git a/src/Surfnet/StepupSelfService/SelfServiceBundle/Service/AuthorizationService.php b/src/Surfnet/StepupSelfService/SelfServiceBundle/Service/AuthorizationService.php
@@ -36,7 +36,7 @@ public function mayRegisterSelfAssertedTokens(Identity $identity): bool
 
     public function maySelfVetSelfAssertedTokens(Identity $identity): bool
     {
-        return $this->authorizationService->assertRegistrationOfSelfAssertedTokensIsAllowed($identity);
+        return $this->authorizationService->assertSelfVettingOfSelfAssertedTokensIsAllowed($identity);
     }
 
     public function mayRegisterRecoveryTokens(Identity $identity): bool