tokenx how-to

Generate a token from TokenX for development ΒΆ

This how-to guides you through the steps required to generate a token that you can use against an API secured with TokenX in the development environments.

Grant access ΒΆ

Grant access to the token generator service:

app.yaml

Generate token ΒΆ

Generate a token interactively ΒΆ

This method requires user interaction with ID-porten to authenticate the end-user.

  1. Visit https://tokenx-token-generator.intern.dev.nav.no/api/obo?aud=<audience> in your browser.
    • Replace <audience> with the intended audience of the token, in this case the API application.
    • The audience value must be on the form of <cluster>:<namespace>:<application>
    • For example: dev-gcp:my-team:my-app
  2. You will be redirected to log in at ID-porten (if not already logged in).
  3. After logging in, you should be redirected back to the token generator and presented with a JSON response containing an access_token.
  4. Use the access_token as a Bearer token to consume the API application.

Generate a token headlessly ΒΆ

This method does not require user interaction, but also doesn't use ID-porten to obtain a user token. If you want a production-like user token, you should instead use the interactive method above.

Perform a POST request to https://tokenx-token-generator.intern.dev.nav.no/api/public/obo:

http

where

  • <audience> is the intended audience of the token, in this case the target API application
  • <pid> is the personal identification number (PID) of the intended end-user. This value is not validated.
  • acr (optional) is the security level for the user authentication

For example, in curl:

bash

This returns an access token which can be used as a Bearer token to consume the target API application.