{"id":18352551,"url":"https://github.com/felleslosninger/jwt-grant-generator","last_synced_at":"2025-07-17T02:32:16.566Z","repository":{"id":141567058,"uuid":"159129006","full_name":"felleslosninger/jwt-grant-generator","owner":"felleslosninger","description":"Example code in java on how to generate jwt-grants used to retrieve tokens for accessing Maskinporten protected APIs","archived":false,"fork":false,"pushed_at":"2024-06-12T12:44:35.000Z","size":38,"stargazers_count":19,"open_issues_count":1,"forks_count":10,"subscribers_count":15,"default_branch":"main","last_synced_at":"2025-04-06T11:46:09.178Z","etag":null,"topics":["java","jwt","maskinporten","team-idporten","testing-tool"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/felleslosninger.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-11-26T07:35:51.000Z","updated_at":"2025-02-21T15:46:14.000Z","dependencies_parsed_at":"2024-11-05T21:41:01.716Z","dependency_job_id":null,"html_url":"https://github.com/felleslosninger/jwt-grant-generator","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/felleslosninger/jwt-grant-generator","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/felleslosninger%2Fjwt-grant-generator","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/felleslosninger%2Fjwt-grant-generator/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/felleslosninger%2Fjwt-grant-generator/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/felleslosninger%2Fjwt-grant-generator/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/felleslosninger","download_url":"https://codeload.github.com/felleslosninger/jwt-grant-generator/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/felleslosninger%2Fjwt-grant-generator/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":265560765,"owners_count":23788232,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["java","jwt","maskinporten","team-idporten","testing-tool"],"created_at":"2024-11-05T21:36:23.747Z","updated_at":"2025-07-17T02:32:16.498Z","avatar_url":"https://github.com/felleslosninger.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"# jwt-grant-generator\n\nThis project demonstrates how clients of Maskinporten can make a jwt grant used to retrieve tokens for accessing services like Kontakt- og reservasjonsregisteret REST-API or ID-porten self-service APIs.\n\nBefore you can retrieve any tokens you need to be a customer of Digdir and have a client registration, see https://samarbeid.digdir.no\n\nIt is important to understand the authorization flow used for these apis, see https://docs.digdir.no/docs/Maskinporten/maskinporten_guide_apikonsument \n\nNote: The access token is only retrieved if an token.endpoint property is given. Without this a jwt bearer grant will only be printed.\n\nFor questions, please contact servicedesk@digdir.no\n\n### Client configuration\nTo generate a jwt-grant you need a property file holding your client configuration:\n\n```\nissuer=\u003cYour client_id\u003e\naudience=\u003cIdentifier of the Maskinporten instance you want to use, i.e. for test env:  https://test.maskinporten.no/\u003e\nresource=\u003cThe intended audience for token. If included, the value will be transparantly set as the aud-claim in the access token\u003e\nscope=\u003cscopes to request access for (space delimited list), i.e. for id-porten self service api use: idporten:dcr.read idporten:dcr.write\u003e\n\nkeystore.type=\u003ckeystore type, default is JKS\u003e\nkeystore.file=\u003cpath to your keystore file holding your virksomhetssertifikat / keypair, or base64-encoded keystore\u003e\nkeystore.password=\u003ckeystore password\u003e\nkeystore.alias=\u003calias for your virksomhetssertifikat's key\u003e\nkeystore.alias.password=\u003calias password\u003e\n\nauthorization_details.\u003cauth_detail_index\u003e.type=urn:altinn:systemuser\nauthorization_details.\u003cauth_detail_index\u003e.systemuser_org.ID=0192:\u003csystem_org_no\u003e\nauthorization_details.\u003cauth_detail_index\u003e.systemuser_org.authority=iso6523-actorid-upis\n```\n\nTo use base64-encoded keystore, use:\n\n```\nkeystore.file=base64:/u3+7QAAAAIAAAADAAAAAQAPY29tbWZp...\n```\n\nTo also retrieve an access-token from an authorization server, add this property to the properties file:\n\n```\ntoken.endpoint=\u003cToken endpoint to use, i.e. in test env: https://test.maskinporten.no/token\u003e\n```\n\nIf you want to generate a token utilising the delegation capabilities in Maskinporten, add this property to the properties file:\n```\nconsumer_org=\u003cthe orgnumber of the consumer that has delegated the access\u003e\n```\n\nYou may authenticate with a self-signed certificate if your client in Maskinporten holds a JSON Web Key Set with your public key, simply add your key ID to the properties file:\n```\nkeystore.kid=\u003cguid to key id used in Maskinporten client jwks\u003e\n```  \n\nAuthorization details will be decoded, and can contain more than one, so that each \u003cauth_detail_index\u003e makes a separate authorization_details. Using sub-values (like systemuser_org) creates sub object in jwt, the example config above will be included like this:\n```json\n{\n  ...\n  \"authorization_details\" : [ {\n    \"type\" : \"urn:altinn:systemuser\",\n    \"systemuser_org\" : {\n      \"ID\" : \"0192:\u003csysterm_org_no\u003e\",\n      \"authority\" : \"iso6523-actorid-upis\"\n    }\n  } ],\n  ...\n}\n```\n\n## Usage\n\nTo build and run use:\n\n```\nmvn package\n\njava -jar target\\jwt-grant-generator-1.1.0-SNAPSHOT-jar-with-dependencies.jar myclient.properties\n\n```\n\n### Output as JSON\nIf you want the response as json, you can add an additional parameter so the command to build and run is\n```\nmvn package\n\njava -jar target\\jwt-grant-generator-1.1.0-SNAPSHOT-jar-with-dependencies.jar myclient.properties json\n\n```\n\nThe JSON will be a single line so it is easy to capture in a script and can then be parsed with tools like jq.\nA pretty representation of the JSON schema is\n```\n{\n    \"grant\": \"...\",\n    \"token\": {\n        \"access_token\": \"...\",\n        \"token_type\": \"Bearer\",\n        \"expires_in\": 7199,\n        \"scope\": \"...\"\n    }\n}\n\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffelleslosninger%2Fjwt-grant-generator","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffelleslosninger%2Fjwt-grant-generator","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffelleslosninger%2Fjwt-grant-generator/lists"}