Skip to content

Instantly share code, notes, and snippets.

@danielskovli

danielskovli/Maskinporten.md

Last active June 14, 2024 08:42
Show Gist options
  • Save danielskovli/28cea1bb63ab2cd2c129002f8c7f08fc to your computer and use it in GitHub Desktop.
Save danielskovli/28cea1bb63ab2cd2c129002f8c7f08fc to your computer and use it in GitHub Desktop.
Download ZIP
Altinn IMaskinportenClient service implementation
Raw
Maskinporten.md

Basic Maskinporten implementation

Prerequisites

  1. A Maskinporten client registered with a JWK pubkey for your target environment. Business certificates are not supported by this implementation.
  2. An Altinn Studio host application
  3. A local copy of the app-lib-dotnet branch containing the IMaskinportenClient service implementation

Usage

  1. App.csproj: Point to the local version of Altinn.App.Api and Altinn.App.Core packages with ProjectReference instead of PackageReference

  2. appsettings.json:

    • Option 1: Add a property named MaskinportenSettingsFilepath which will point to a .json file containing the Maskinporten settings
    • Option 2: Add the Maskinporten settings directly, using the property name MaskinportenSettings
    • The MaskinportenSettingsobject can take a jwk property containing public an private key pair (for instance from https://mkjwk.org), or it can take a jwkBase64 property containing a base64 encoded version of the same data

    Example:

    appsettings.Development.json

    {
    "MaskinportenSettingsFilepath": "../secrets/maskinporten-settings.json"
}

    maskinporten-settings.json

    {
    "MaskinportenSettings": {
        "authority": "https://test.maskinporten.no/",
        "clientId": "the-client-id",
        "jwk": {
            "kty": "RSA",
            "use": "sig",
            "kid": "asdf1234",
            "alg": "RS256",
            "e": "AQAB",
            "p": "...",
            "q": "...",
            "d": "...",
            "qi": "...",
            "dp": "...",
            "dq": "...",
            "n": "..."
        }
    }
}

  3. Program.cs

    void RegisterCustomAppServices(IServiceCollection services, IConfiguration config, IWebHostEnvironment env)
{
    // You can also use a named client, if you prefer
    services.AddHttpClient<IFancyClient>().UseMaskinportenAuthorization("scope1", "scope2");
}

  4. Wherever you wish to use the authorization:

    • Ask the serviceprovider/DI for an IFancyClient instance, and use this instance to invoke whichever http request you've implemented. The request will automatically be amended with an Authorization: Bearer xxx header
    • If you registered a named client, ask for an IHttpClientFactory instance and invoke CreateClient("client-name"). Use this client as you would use any other http client. Authorization headers are added automatically, as with the typed client
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment