This tutorial is for creating HelseID clients through Selvbetjening for HelseID's api.
More details can be found at Utviklerportalen.
After creating a client system with an api key, which is described in the following section, the flow is like this:
- Create a client draft using the api
- Open a web browser and direct the end user to the confirmation page in Selvbetjening for HelseID
- The end user confirms and is redirected to your local http server
- You can check the status of the client's access to the specified scopes
- When all is good, you can request access tokens for the specified apis
A client system must be created in Selvbetjening for HelseID
You probably want to enable support for refresh tokens, and it's important to specify which apis (services) are supported by the system. The redirect URI should be set to http://localhost:1337/callback when using the default config.
After the client system has been created, go to the 'Automatisering' tab, and generate an api key:
Now, move into your clone of appsettings.json, and paste the api key. This key is used for authenticating against the client drafts endpoint.
{
...
"Selvbetjening": {
...
"ClientDraftApiKeyHeader": "api-key",
"ClientDraftApiKey": "[PASTE here]"
}
...
}
Follow the sample code in ClientRegistrationExample
- Create the client draft using the
client-draftsendpoint - Direct the end user to Selvbetjening for HelseID:
/confirm-client/<client_id>?redirectPort=<port>&redirectPath=<path>, where:
<client_id>is the id of the client draft<port>and<path>is the port and path to redirect the end user back to your local http server
- Check the status of the client's access to the specified scopes
- Authenticate the end user and request access tokens for the specified apis
- You're ready to go
Look at the sample code in ClientUpdateExample
There are two separate endpoints:
- Updating the client secret
- Updating the rest of the client configuration
The update operation will affect all properties in the payload as submitted. If a property is set to null in the payload, the property will not be ignored and will be updated in the client configuration.
If you want to add a redirect uri, you also need to submit the previous redirect uris, along with the rest of the relevant data for the client configuration.
If you want to delete a redirect uri, just remove it from the array and call the update endpoint with the rest of the data.
If you set redirect uris to be null, the update will fail if the client system isn't configured to use the same redirect uris for all client configurations.