Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/felleslosninger/jwt-grant-generator

Example code in java on how to generate jwt-grants used to retrieve tokens for accessing Maskinporten protected APIs
https://github.com/felleslosninger/jwt-grant-generator

java jwt maskinporten team-idporten testing-tool

Last synced: 11 months ago
JSON representation

Example code in java on how to generate jwt-grants used to retrieve tokens for accessing Maskinporten protected APIs

Awesome Lists containing this project

README 

          
# jwt-grant-generator



This project demonstrates how clients of Maskinporten can make a jwt grant used to retrieve tokens for accessing services like Kontakt- og reservasjonsregisteret REST-API or ID-porten self-service APIs.



Before you can retrieve any tokens you need to be a customer of Digdir and have a client registration, see https://samarbeid.digdir.no



It is important to understand the authorization flow used for these apis, see https://docs.digdir.no/docs/Maskinporten/maskinporten_guide_apikonsument 



Note: The access token is only retrieved if an token.endpoint property is given. Without this a jwt bearer grant will only be printed.



For questions, please contact servicedesk@digdir.no



### Client configuration

To generate a jwt-grant you need a property file holding your client configuration:



```

issuer=

audience=

resource=

scope=



keystore.type=

keystore.file=

keystore.password=

keystore.alias=

keystore.alias.password=



authorization_details..type=urn:altinn:systemuser

authorization_details..systemuser_org.ID=0192:

authorization_details..systemuser_org.authority=iso6523-actorid-upis

```



To use base64-encoded keystore, use:



```

keystore.file=base64:/u3+7QAAAAIAAAADAAAAAQAPY29tbWZp...

```



To also retrieve an access-token from an authorization server, add this property to the properties file:



```

token.endpoint=

```



If you want to generate a token utilising the delegation capabilities in Maskinporten, add this property to the properties file:

```

consumer_org=

```



You may authenticate with a self-signed certificate if your client in Maskinporten holds a JSON Web Key Set with your public key, simply add your key ID to the properties file:

```

keystore.kid=

```  



Authorization details will be decoded, and can contain more than one, so that each  makes a separate authorization_details. Using sub-values (like systemuser_org) creates sub object in jwt, the example config above will be included like this:

```json

{

  ...

  "authorization_details" : [ {

    "type" : "urn:altinn:systemuser",

    "systemuser_org" : {

      "ID" : "0192:",

      "authority" : "iso6523-actorid-upis"

    }

  } ],

  ...

}

```



## Usage



To build and run use:



```

mvn package



java -jar target\jwt-grant-generator-1.1.0-SNAPSHOT-jar-with-dependencies.jar myclient.properties



```



### Output as JSON

If you want the response as json, you can add an additional parameter so the command to build and run is

```

mvn package



java -jar target\jwt-grant-generator-1.1.0-SNAPSHOT-jar-with-dependencies.jar myclient.properties json



```



The JSON will be a single line so it is easy to capture in a script and can then be parsed with tools like jq.

A pretty representation of the JSON schema is

```

{

    "grant": "...",

    "token": {

        "access_token": "...",

        "token_type": "Bearer",

        "expires_in": 7199,

        "scope": "..."

    }

}



```