A small python module that simplifies authentication and authorization with Maskinporten, either via enterprise certificates or pre-registered keys.
More information about Maskinporten can be found here: https://samarbeid.digdir.no/maskinporten/maskinporten/25.
- A reasonably new version of Python
- Packages as defined in requirements.txt
- A Maskinporten client registered in your target environment
The Maskinporten client must be entitled to grant type urn:ietf:params:oauth:grant-type:jwt-bearer
, with integration type maskinporten
and authorization method private_key_jwt
.
More Maskinporten help: creating clients, registering keys, enterprise certificates primer + registering certificates.
The maskinporten_auth module exposes two primary methods: authorize_enterprise_cert
and authorize_key_pair
.
For a complete demo of both methods, please check out example.py.
The usage itself is very simple, but some of the surrounding setup can initially be a bit challenging. Primarily in relation to setting up a Maskinporten client and correctly adding a key pair or enterprise certificate. Please refer to the linked docs in the previous section.
In order to run the demo, you must have a certificate keystore and/or private key available and the following environment variables present:
# Keystore
CERTIFICATE_CLIENT_ID=...
CERTIFICATE_STORE_PASSWORD=...
CERTIFICATE_KEY_ALIAS=...
# Key pair
JWKS_CLIENT_ID=...
JWKS_KID=...
# Common (space separated)
SCOPES=scope1 scope2 scope3
ℹ️ Side note: The three available Maskinporten environments and associated authority URIs are defined in config.py.