Test Token Service

The Test Token Service ("test-token-tjenesten"), hereafter called TTT, is an API that is meant to simplify the use of tokens for testing purposes. With this API, you can obtain tokens that are signed with the same signing key as any "real" Access and ID tokens from the HelseID test environment.

Usage Patterns

TTT offers you two different usage patterns:

  1. if you own an API and want to test authentication of valid and invalid tokens
  2. if you are a system provider and want to test access to one or more APIs that require user login

How to Use TTT

In order to use the API, you must get an API-key for authentication in HelseID Selvbetjening (self-service). This key must be present in the header X-Auth-Key in the kall to TTT.

Example of Use

Below, you will find examples of how the parameters in TTT can be adjusted. The overview shows what the JSON object sent to the endpoint in the API will look like. In order to get a test token from TTT, you must use the endpoint /v2/create-test-token-with-key with a POST request.

For a code example of using TTT, check out TestTokenTool on GitHub.

You want to use TTT to obtain

  • a generic token
{ 
  "audience": "nhn:mynewapi"
}

Be advised that you must always use "audience" as a parameter

  • a token with only mandatory claims
{
  "audience": "nhn:mynewapi",
  "withoutDefaultClientClaims": true,
  "withoutDefaultUserClaims": true
}
  • an invalid token to test an API (set only one of the possible parameters below)
{
  "audience": "nhn:mynewapi",
  "signJwtWithInvalidSigningKey": true,
  "setInvalidIssuer": true
}
  • an expired token to test an API (set either expirationTimeInSeconds, or expirationTimeInDays)
{
  "audience": "nhn:mynewapi",
  "expirationParameters": {
    "setExpirationTimeAsExpired": true,
    "expirationTimeInSeconds": 300,
    "expirationTimeInDays": 1
  }
}
  • a token with a specific header
{
  "audience": "nhn:mynewapi",
  "headerParameters": {
    "typ": "at+jwt"
  }
}
  • a token with specific client claims (set only those that are relevant)
{
  "audience": "nhn:mynewapi",
  "withoutDefaultClientClaims": true,
  "withoutDefaultUserClaims": true,
  "clientClaimsParameters": {
    "scope": [
      "openid", 
      "profile", 
      "read",
      "mitt:supre:api/scope"
    ],
    "clientId": "eeb808a2-6e6f-42ae-849a-505432cf128f",
    "sfmJournalId": "ed30a6a5-4834-40be-a32b-1e4f5217e378",
    "orgnrParent": "883974832",
    "orgnrSupplier": "994598759",
    "clientTenancy": true,
    "clientAuthenticationMethodsReferences": "private_key_jwt",
    "clientName": "Mitt Klientnavn",
    "jti": "F4F832F0C68E24F0011F773B71CC6739"
  }
}

Be advised that you must set "withoutDefaultClientClaims": true to be able to set specific client claims.

  • a token with specific user claims (set only those that are relevant)
{
  "audience": "nhn:mynewapi",
  "withoutDefaultUserClaims": true,
  "userClaimsParameters": {
    "pid": "06828399789",
    "pidPseudonym": "PGzVzvP2JvlXV\u002B\u002BOJSJAQG5d99BH8QsikmxpdIAKSZk=",
    "hprNumber": "565505933",
    "name": "KVART GREVLING",
    "givenName": "KVART",
    "middleName": "",
    "familyName": "GREVLING",
    "identityProvider": "idporten-oidc",
    "securityLevel": "4",
    "assuranceLevel": "high",
    "network": "internett",
    "amr": "pwd",
    "subject": "PGzVzvP2JvlXV\u002B\u002BOJSJAQG5d99BH8QsikmxpdIAKSZk=",
    "sid": "0970F0ED60C552597BFC254150FA406D"
  }
}

Be advised that you must set "withoutDefaultUserClaims": true to be able to set specific user claims.

  • a token with the user identity being fulled from Persontjenesten
{
  "audience": "nhn:mittferskeapi",
  "withoutDefaultUserClaims": true,
  "userClaimsParameters": {
    "pid": "06670157480"
  },
  "getPersonFromPersontjenesten": true,
  "onlySetNameForPerson": true,
  "getHprNumberFromHprregisteret": true,
  "setSubject": true
}
  • a DPoP proof assigned to the token
  "audience": "nhn:mynewapi",
  "createDPoPTokenWithDPoPProof": true,
  "DPoPProofParameters": {
    "htmClaimValue": "POST",
    "htuClaimValue": "https://my.new.api.no"
  }
  • a token with altered DPoP parameters (values for invalidDPoPProofParameters are DontSetHtuClaimValue, DontSetHtmClaimValue, SetIatValueInThePast, SetIatValueInTheFuture, DontSetAthClaimValue, DontSetAlgHeader, DontSetJwkHeader, DontSetJtiClaim, SetAlgHeaderToASymmetricAlgorithm, SetPrivateKeyInJwkHeader, SetInvalidTypHeaderValue, and SetAnInvalidSignature)
{
  "audience": "nhn:mynewapi",
  "createDPoPTokenWithDPoPProof": true,
  "dPoPProofParameters": {
    "invalidDPoPProofParameters": "DontSetAthClaimValue",
    "htmClaimValue": "POST",
    "htuClaimValue": "https://mitt.ferske.api.no"
  }
}
  • a token using the "Tillitsrammeverk" method
{
  "audience": "nhn:mynewapi",
  "createTillitsrammeverkClaims": true,
  "withoutDefaultUserClaims": true,
  "userClaimsParameters": {
    "pid": "06828399789",
    "hprNumber": "565505933",
    "name": "KVART GREVLING"
  }
}
  • a token with altered parameters for the "tillitsrammeverk" (set only those that are relevant)
{
  "audience": "nhn:mynewapi",
  "createTillitsrammeverkClaims": true,
  "tillitsrammeverkClaimsParameters": {
    "practitionerAuthorizationCode": "AA",
    "practitionerAuthorizationText": "",
    "practitionerLegalEntityId": "946469045",
    "practitionerLegalEntityName": "Helse Først",
    "practitionerPointOfCareId": "983658776",
    "practitionerPointOfCareName": "Sjukehus AS",
    "practitionerDepartmentId": "4206043",
    "practitionerDepartmentName": "Avdeling 4",
    "careRelationshipHealthcareServiceCode": "210", 	
    "careRelationshipHealthcareServiceText": "Anestesiologi",
    "careRelationshipPurposeOfUseCode": "TREAT",
    "careRelationshipPurposeOfUseText": "Behandling",
    "careRelationshipPurposeOfUseDetailsCode": "28",
    "careRelationshipPurposeOfUseDetailsText": "Digitalt tilsyn",
    "careRelationshipTracingRefId": "30F4AB40-DBC2-41A7-8AC4-181AD3FDC25B",
    "patientsPointOfCareId": "983658776",
    "patientsPointOfCareName": "Sjukehus AS",
    "patientsDepartmentId": "4206043",
    "patientsDepartmentName": "Avdeling 4"
  },
  "withoutDefaultUserClaims": true,
  "userClaimsParameters": {
    "pid": "06828399789",
    "hprNumber": "565505933",
    "name": "KVART GREVLING"
  }  
}
  • a token with one or more API specific claims
{
  "audience": "nhn:mynewapi",
  "apiSpecificClaims": [
    {"type": "e-helse:sfm.api/client/claims/sfm-id", "value":"e37233c0-e649-4b70-92bd-7f1e12eac897"},
    {"type": "...", "value":"..."}
  ]
}