The client credentials grant type is commonly used for server-to-server interactions that runs in the background, without immediate interaction with a user.
The client credentials grant type MUST only be used by confidential clients (e.g., client implemented on a secure server with restricted access to the client credentials).
+------------+ +---------------+
| | | |
| Client |>--(A)- Client Authentication --->| Authorization |
| (Example | | Server |
| code) |<--(B)---- Access Token ---------<| (HelseID) |
| | | |
+------------+ +---------------+
This sample is created as a command-line application. It demonstrates how to generate a signed JSON Web Token (JWT) which then is used to request access to a HelseID. The code for this functionality can be found in the TokenRequests
folder.
When HelseID approves the request, an access token is returned. The application then uses the access token to access the Sample API.
By using options on the command line, you can instruct the application to
- Make use of a child organization number (underenhet) to get a claim in the access token
- Use the multi-tenant pattern to send an organization number (for the tenant) to HelseID
- The main folder contains
- The
Program
class that configures the machine-to-machine client
- The
- Client: this folder contains the application proper; the
Machine2MachineClient
, which orchestrates the actual work - ClientInfoEndpoint: this folder contains code that consumes the clientinfo endpoint from HelseID (for debugging purposes)
- Configuration: this folder contains code that creates and configures
Machine2MachineClient
- Interfaces: this folder contains interfaces that are implemented elsewhere in the code
- TokenRequests: this folder contains the code that requests an access token from HelseID
The .NET 8 SDK is required to build the program.
First, you will need to start the Sample API project in a separate terminal. Then, you can run this application, either with or without a request for a child organization number.
dotnet run
This makes use of a child organization number. The organization must be whitelisted in HelseID.
dotnet run --use-child-org-number
This option makes use of both parent and child units in the call to the token endpoint
dotnet run --use-multi-tenant-pattern
dotnet run -- --help