Altinn/altinn-authentication

Implement System register for system vendors in Altinn Authentication

Opened this issue · 0 comments

TheTechArch commented

Description

To give end users a good experience with using systems for system vendors, we need a system register in Altinn.

The system register will contain all systems defined by system vendors.

{
 "SystemId": "turbo_tax",
"Title": {
  "en": "Turbo Tax",
  "nb": "Turbo skatt",
  "nb": "Kjapt avgarde skatt"
},
"Description": {
        "en": "This service provides full access to aquaculture applications for county municipalities and other sector authorities.",
        "nb": "Denne tjenesten gir full tilgang til akvakultursøknader for fylkeskommuner og andre sektormyndigheter.",
        "nn": "Denne tenesta gir full tilgang til akvakultursøknader for fylkeskommunar og andre sektormyndigheiter."
    },
"ResourceRights": [
   {
  "ResourceId": " mva_dialog"
   }
],
"AccessGroups": [
"mva",
"salestax",
]
,"SystemAdmin":
{
"orgno": "936796702",
"name": "Visma AS"
},
"Visible":  true,
ClientId: ["2342345", "asdftygwe3245"]
}

In scope

We need to develop API in Authentication components for registering.

Access will be given through a new dedicated scope for the system register.

The system vendor can registrate any rights as needed. There will be no control on this in register, but they would be prevented on API level for API that require special scopes that the system vendor has not been given

The system vendor can registrate 1 - many clientIDs for a given system.

A client can only be registered in one system. We need to prevent this from happening.

So when clientId is added to the list of allowed clients for a system, all other systems should be searched for the same clientID. If found, it should fail.

Out of scope

There has been some discussion on how to approve systems. This is outside the scope of this. We assume that anyone with access to the system register scope can create any system they like. This is handled in the following issue

#347

Additional Information

No response

Tasks

  • Create database table for systems

  • Create functions for

  • Create persistence layer

  • Create API for CRUD operations on end-user systems

  • Create API for clientId manipulations clientIDs on a given system

  • Create API for Listing systems

  • Define Scope for systemregister access in maskinporten

  • Define unit tests

  • Define testdata