# `Wenche.Maskinporten` [🔗](https://github.com/jarls-side-projects/elixir-wenche/blob/main/lib/wenche/maskinporten.ex#L1) Authentication against Maskinporten via JWT grant (RFC 7523). Ported from `wenche/auth.py` in the original Python Wenche project. ## Flow 1. Build a JWT signed with your private RSA key 2. Exchange it at Maskinporten for an access token 3. Exchange the Maskinporten token for an Altinn platform token ## Configuration Pass a keyword list with: - `:client_id` — Maskinporten client ID from Digdir - `:kid` — Key ID (UUID) from Digdir - `:private_key_pem` — PEM-encoded RSA private key (binary) - `:env` — `"test"` or `"prod"` (default: `"prod"`) - `:req_options` — optional extra options passed to `Req` (default: `[]`) # `admin_scopes` Returns the admin scopes for system register operations. # `build_jwt_grant` Builds a JWT grant assertion (RFC 7523) signed with RS256. ## Options - `:org_nummer` — if provided, adds authorization_details for system user token Returns `{:ok, jwt_string}` or `{:error, reason}`. # `default_scopes` Returns the default scopes for instance operations. # `get_admin_token` Obtains a raw Maskinporten token with admin scopes for system register and system user administration. Does NOT exchange for an Altinn token. Returns `{:ok, maskinporten_token}` or `{:error, reason}`. # `get_altinn_token` Obtains an Altinn platform token by: 1. Building a JWT grant assertion 2. Exchanging it at Maskinporten for an access token 3. Exchanging the Maskinporten token for an Altinn platform token Returns `{:ok, altinn_token}` or `{:error, reason}`. # `get_skd_aksjonaer_token` Obtains a Maskinporten token with SKD aksjonærregister scope and system user. SKD's API uses the Maskinporten token directly (no Altinn exchange). Requires that scope `skatteetaten:innrapporteringaksjonaerregisteroppgave` has been granted by Skatteetaten for the client. Returns `{:ok, maskinporten_token}` or `{:error, reason}`. # `get_systemuser_token` Obtains an Altinn token with system user authorization details. Use this for organization-specific operations using the system user flow. Returns `{:ok, altinn_token}` or `{:error, reason}`. # `skd_aksjonaer_scope` Returns the SKD aksjonærregister scope. --- *Consult [api-reference.md](api-reference.md) for complete listing*