Authentication against Maskinporten via JWT grant (RFC 7523).
Ported from wenche/auth.py in the original Python Wenche project.
Flow
- Build a JWT signed with your private RSA key
- Exchange it at Maskinporten for an access token
- Exchange the Maskinporten token for an Altinn platform token
Configuration
Pass a keyword list with:
:client_id— Maskinporten client ID from Digdir:kid— Key ID (UUID) from Digdir:private_key_pem— PEM-encoded RSA private key (binary):env—"test"or"prod"(default:"prod"):req_options— optional extra options passed toReq(default:[])
Summary
Functions
Returns the admin scopes for system register operations.
Builds a JWT grant assertion (RFC 7523) signed with RS256.
Returns the default scopes for instance operations.
Obtains a raw Maskinporten token with admin scopes for system register and system user administration.
Obtains an Altinn platform token by
Obtains a Maskinporten token with SKD aksjonærregister scope and system user.
Obtains a Maskinporten token with skattemelding scope and system user authorization for the given organisation.
Obtains an Altinn token with system user authorization details.
Returns the MVA-melding validation scope used against Skatteetaten's standalone validation API (ID-porten end-user flow).
Returns the skattemeldingen scope.
Returns the SKD aksjonærregister scope.
Functions
Returns the admin scopes for system register operations.
Builds a JWT grant assertion (RFC 7523) signed with RS256.
Options
:org_nummer— if provided, adds authorization_details for system user token
Returns {:ok, jwt_string} or {:error, reason}.
Returns the default scopes for instance operations.
Obtains a raw Maskinporten token with admin scopes for system register and system user administration.
Does NOT exchange for an Altinn token.
Returns {:ok, maskinporten_token} or {:error, reason}.
Obtains an Altinn platform token by:
- Building a JWT grant assertion
- Exchanging it at Maskinporten for an access token
- Exchanging the Maskinporten token for an Altinn platform token
Returns {:ok, altinn_token} or {:error, reason}.
Obtains a Maskinporten token with SKD aksjonærregister scope and system user.
SKD's API uses the Maskinporten token directly (no Altinn exchange).
Requires that scope skatteetaten:innrapporteringaksjonaerregisteroppgave
has been granted by Skatteetaten for the client.
Returns {:ok, maskinporten_token} or {:error, reason}.
Obtains a Maskinporten token with skattemelding scope and system user authorization for the given organisation.
SKD's skattemelding API uses the Maskinporten token directly (no Altinn
exchange). Requires that scope skatteetaten:formueinntekt/skattemelding
has been granted by Skatteetaten for the client.
For validation only. Skatteetaten requires submission of the
skattemelding to go through Altinn 3 with an ID-porten-derived token —
a system user cannot submit. See Wenche.Skattemelding for the full
picture.
Returns {:ok, maskinporten_token} or {:error, reason}.
Obtains an Altinn token with system user authorization details.
Use this for organization-specific operations using the system user flow.
Returns {:ok, altinn_token} or {:error, reason}.
Returns the MVA-melding validation scope used against Skatteetaten's standalone validation API (ID-porten end-user flow).
Returns the skattemeldingen scope.
Returns the SKD aksjonærregister scope.