Open kristianlie opened 3 years ago
Hi, @kristianlie. Is this still an issue for Skatteetaten? We are in the process of rolling out a change that enforces a static IP to be used whenever events are pushed from Altinn. Please let us know how to proceed with this issue :)
The documentation https://docs.altinn.studio/api/events/ describes using Maskinporten for authentication as of November 2021. This issue can probably be closed.
Leaving issue open for now as we still see the value of Digdir authenticating themselves for those that receive the events
Description
There is a need for authentication of Altinn Events (push events) between Altinn 3 and Skatteetaten. This could probably be realized by Maskinporten, but we would like Altinn to propose a solution.
Considerations
Maskinporten scope
Do we need to support scopes?
If so, who owns the scope? The subscriber? If so then we cant share same token accross events? We need some way to cache
We need to decide what kind of maskinporten scope to use. Should this be a scope
Performance
Pushing events with high frequency requires that we think about performance. We cant just reauthenticate
Ops requirements
Acceptance criteria
Specification tasks
Development tasks
Test
Definition of done
Verify that this issue meets DoD (Only for project members) before closing.