Wenche.Maskinporten (wenche v0.1.1)

Copy Markdown View Source

Authentication against Maskinporten via JWT grant (RFC 7523).

Ported from wenche/auth.py in the original Python Wenche project.

Flow

  1. Build a JWT signed with your private RSA key
  2. Exchange it at Maskinporten for an access token
  3. Exchange the Maskinporten token for an Altinn platform token

Configuration

Pass a keyword list with:

  • :client_id — Maskinporten client ID from Digdir
  • :kid — Key ID (UUID) from Digdir
  • :private_key_pem — PEM-encoded RSA private key (binary)
  • :env"test" or "prod" (default: "prod")
  • :req_options — optional extra options passed to Req (default: [])

Summary

Functions

admin_scopes()

Returns the admin scopes for system register operations.

build_jwt_grant(config, scope, opts \\ [])

Builds a JWT grant assertion (RFC 7523) signed with RS256.

default_scopes()

Returns the default scopes for instance operations.

get_admin_token(config)

Obtains a raw Maskinporten token with admin scopes for system register and system user administration.

get_altinn_token(config, scope \\ "altinn:instances.read altinn:instances.write")

Obtains an Altinn platform token by

get_skd_aksjonaer_token(config, org_nummer)

Obtains a Maskinporten token with SKD aksjonærregister scope and system user.

get_systemuser_token(config, org_nummer)

Obtains an Altinn token with system user authorization details.

skd_aksjonaer_scope()

Returns the SKD aksjonærregister scope.

Functions

admin_scopes()

Returns the admin scopes for system register operations.

build_jwt_grant(config, scope, opts \\ [])

Builds a JWT grant assertion (RFC 7523) signed with RS256.

Options

  • :org_nummer — if provided, adds authorization_details for system user token

Returns {:ok, jwt_string} or {:error, reason}.

default_scopes()

Returns the default scopes for instance operations.

get_admin_token(config)

Obtains a raw Maskinporten token with admin scopes for system register and system user administration.

Does NOT exchange for an Altinn token.

Returns {:ok, maskinporten_token} or {:error, reason}.

get_altinn_token(config, scope \\ "altinn:instances.read altinn:instances.write")

Obtains an Altinn platform token by:

  1. Building a JWT grant assertion
  2. Exchanging it at Maskinporten for an access token
  3. Exchanging the Maskinporten token for an Altinn platform token

Returns {:ok, altinn_token} or {:error, reason}.

get_skd_aksjonaer_token(config, org_nummer)

Obtains a Maskinporten token with SKD aksjonærregister scope and system user.

SKD's API uses the Maskinporten token directly (no Altinn exchange). Requires that scope skatteetaten:innrapporteringaksjonaerregisteroppgave has been granted by Skatteetaten for the client.

Returns {:ok, maskinporten_token} or {:error, reason}.

get_systemuser_token(config, org_nummer)

Obtains an Altinn token with system user authorization details.

Use this for organization-specific operations using the system user flow.

Returns {:ok, altinn_token} or {:error, reason}.

skd_aksjonaer_scope()

Returns the SKD aksjonærregister scope.