search

Altinn / altinn-events

Altinn platform microservice for handling events
MIT License
1 stars 2 forks source link

Authentication of Altinn Events #249

Open kristianlie opened 3 years ago

kristianlie commented 3 years ago

Description

There is a need for authentication of Altinn Events (push events) between Altinn 3 and Skatteetaten. This could probably be realized by Maskinporten, but we would like Altinn to propose a solution.

Considerations

Maskinporten scope

Do we need to support scopes?

If so, who owns the scope? The subscriber? If so then we cant share same token accross events? We need some way to cache

We need to decide what kind of maskinporten scope to use. Should this be a scope

Performance

Pushing events with high frequency requires that we think about performance. We cant just reauthenticate

Ops requirements

Are there any requirements for monitoring? What is being built and what could go wrong? Are there any requirements related to backup?

Acceptance criteria

Describe criteria here (i.e. What is allowed/not allowed (negative tesing), validations, error messages and warnings etc.)

Specification tasks

Development tasks

Add tasks here

Test

Add test cases here as checkboxes that are being tested as part of the changes.

Definition of done

Verify that this issue meets DoD (Only for project members) before closing.

acn-sbuad commented 1 year ago

Hi, @kristianlie. Is this still an issue for Skatteetaten? We are in the process of rolling out a change that enforces a static IP to be used whenever events are pushed from Altinn. Please let us know how to proceed with this issue :)

kristianlie commented 1 year ago

The documentation https://docs.altinn.studio/api/events/ describes using Maskinporten for authentication as of November 2021. This issue can probably be closed.

acn-sbuad commented 3 weeks ago

Leaving issue open for now as we still see the value of Digdir authenticating themselves for those that receive the events