The easiest way to integrate with HelseID! This library conforms to the requirements from the HelseID security profile for the client credentials grant (also known as machine-to-machine).
See the docs on https://selvbetjening.nhn.no/docs
You start by installing the NuGet package HelseID.Library.ClientCredentials.
The simplest setting is where the configuration is hard-coded:
// This comes from the .NET Generic Host (https://learn.microsoft.com/en-us/dotnet/core/extensions/generic-host?tabs=appbuilder)
HostApplicationBuilder builder = Host.CreateApplicationBuilder(args);
var helseIdConfiguration = new HelseIdConfiguration
{
ClientId = "7e3816ca-7d11-41cd-be55-fb9e8954e058",
Scope = "nhn:hgd-persontjenesten-api/restricted-access nhn:selvbetjening/client",
IssuerUri = "https://helseid-sts.test.nhn.no",
};
builder.Services
.AddHelseIdClientCredentials(helseIdConfiguration)
.AddJwkForClientAuthentication(YOUR_PRIVATE_KEY_HERE);
var host = builder.Build();
host.Run();
// The service is now configuredLater on you will need to use an instance of the IHelseIdClientCredentialsFlow to retrieve an Access token response:
// This is constructed by the service locator
IHelseIdClientCredentialsFlow helseIdClientCredentialsFlow;
...
var tokenResponse = await helseIdClientCredentialsFlow.GetTokenResponseAsync();
// If the token response is successful, you will get an AccessTokenResponse object:
if (tokenResponse.IsSuccessful(out var accessTokenResponse))
{
...
}
else
{
// If the token response failed, you can inspect the error response from the TokenErrorResponse object:
var errorResponse = tokenResponse.AsError();
Console.WriteLine(errorResponse.Error + " " + errorResponse.ErrorDescription);
...
}If you have a multi-tenant client, you will probably need to setup organization numbers; see the document Performing token requests for this scenario.
To retrieve a DPoP Proof you can use the IDPoPProofCreatorForApiRequests:
...
// This is constructed by the service locator
IDPoPProofCreatorForApiRequests dPoPProofCreator;
var url = "URL TO THE HTTP ENDPOINT";
var dPoPProof = await dPoPProofCreator.CreateDPoPProofForApiRequest(HttpMethod.Get, url, accessTokenResponse);
...Finally, to make a request to an API you can do the following: using our SetDPoPTokenAndProof extension method to set both Access Token and DPoP proof on the HTTP request:
...
var apiRequest = new HttpRequestMessage(HttpMethod.Get, url);
apiRequest.SetDPoPTokenAndProof(accessTokenResponse, dPoPProof);
var response = await httpClient.SendAsync(apiRequest);
...