- A Maskinporten client registered with a JWK pubkey for your target environment. Business certificates are not supported by this implementation.
- An Altinn Studio host application
- A local copy of the app-lib-dotnet branch containing the
IMaskinportenClient
service implementation
-
App.csproj: Point to the local version of Altinn.App.Api and Altinn.App.Core packages with
ProjectReference
instead ofPackageReference
-
appsettings.json:
- Option 1: Add a property named
MaskinportenSettingsFilepath
which will point to a .json file containing the Maskinporten settings - Option 2: Add the Maskinporten settings directly, using the property name
MaskinportenSettings
- The
MaskinportenSettings
object can take ajwk
property containing public an private key pair (for instance from https://mkjwk.org), or it can take ajwkBase64
property containing a base64 encoded version of the same data
Example:
appsettings.Development.json
{ "MaskinportenSettingsFilepath": "../secrets/maskinporten-settings.json" }
maskinporten-settings.json
{ "MaskinportenSettings": { "authority": "https://test.maskinporten.no/", "clientId": "the-client-id", "jwk": { "kty": "RSA", "use": "sig", "kid": "asdf1234", "alg": "RS256", "e": "AQAB", "p": "...", "q": "...", "d": "...", "qi": "...", "dp": "...", "dq": "...", "n": "..." } } }
- Option 1: Add a property named
-
Program.cs
void RegisterCustomAppServices(IServiceCollection services, IConfiguration config, IWebHostEnvironment env) { // You can also use a named client, if you prefer services.AddHttpClient<IFancyClient>().UseMaskinportenAuthorization("scope1", "scope2"); }
-
Wherever you wish to use the authorization:
- Ask the serviceprovider/DI for an
IFancyClient
instance, and use this instance to invoke whichever http request you've implemented. The request will automatically be amended with anAuthorization: Bearer xxx
header - If you registered a named client, ask for an
IHttpClientFactory
instance and invokeCreateClient("client-name")
. Use this client as you would use any other http client. Authorization headers are added automatically, as with the typed client
- Ask the serviceprovider/DI for an