Open
Conversation
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
…ent/_index.nb.md Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
…serrequest/_index.nb.md Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
…nb.md Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Endret tekst
Contributor
WalkthroughDocumentation revamp around “System User/Systembruker”: reorganized guides, added new overview pages (en/nb), introduced demo client docs (en/nb), refined getting-started and vendor guides, and made minor text/link fixes. No code or API changes; edits are purely content-focused, including updated scopes and onboarding references. Changes
Sequence Diagram(s)sequenceDiagram
autonumber
participant Vendor as System Vendor
participant EUS as End User System
participant User as End User
participant MP as Maskinporten
participant AA as Altinn Authorization
participant SR as System Registry
participant PDP as PDP
Note over Vendor,EUS: Leverandørstyrt opprettelse (provider-initiated)
Vendor->>MP: Client assertion (JWT) -> Token (scope: systemuser.request.write)
MP-->>Vendor: Access token
Vendor->>AA: Create System User Request (incl. return URL)
AA-->>Vendor: Request ID / approval URL
Vendor->>User: Redirect to approval URL
User->>AA: Authenticate & approve
AA->>SR: Persist System User + permissions
SR-->>AA: Confirm
AA-->>EUS: Callback to return URL (approved/denied)
Note over EUS,MP: Runtime use of System User
EUS->>MP: JWT Grant -> Access token (scoped)
MP-->>EUS: Access token (audience: Altinn/Service)
EUS->>PDP: Authorization decision (subject=System User, delegation)
PDP-->>EUS: Permit/Deny
EUS->>AA: Invoke API with token (if Permit)
AA-->>EUS: Response
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~25 minutes Possibly related PRs
Poem
Pre-merge checks and finishing touches❌ Failed checks (1 warning)
✅ Passed checks (2 passed)
✨ Finishing touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Actionable comments posted: 8
📜 Review details
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
⛔ Files ignored due to path filters (18)
content/authorization/guides/system-vendor/eget_system.pngis excluded by!**/*.pngcontent/authorization/guides/system-vendor/system-user/democlient/delegering1.pngis excluded by!**/*.pngcontent/authorization/guides/system-vendor/system-user/democlient/delegering2.pngis excluded by!**/*.pngcontent/authorization/guides/system-vendor/system-user/democlient/delegering3.pngis excluded by!**/*.pngcontent/authorization/guides/system-vendor/system-user/democlient/onboarding1.pngis excluded by!**/*.pngcontent/authorization/guides/system-vendor/system-user/democlient/onboarding2.pngis excluded by!**/*.pngcontent/authorization/guides/system-vendor/system-user/democlient/onboarding3.pngis excluded by!**/*.pngcontent/authorization/guides/system-vendor/system-user/democlient/onboarding4.pngis excluded by!**/*.pngcontent/authorization/guides/system-vendor/system-user/democlient/onboarding5.pngis excluded by!**/*.pngcontent/authorization/guides/system-vendor/system-user/democlient/onboarding6.pngis excluded by!**/*.pngcontent/authorization/guides/system-vendor/system-user/democlient/onboarding7.pngis excluded by!**/*.pngcontent/authorization/guides/system-vendor/system-user/eget_system.pngis excluded by!**/*.pngcontent/authorization/guides/system-vendor/system-user/image-1.pngis excluded by!**/*.pngcontent/authorization/guides/system-vendor/system-user/image-2.pngis excluded by!**/*.pngcontent/authorization/guides/system-vendor/system-user/image-3.pngis excluded by!**/*.pngcontent/authorization/guides/system-vendor/system-user/image-4.pngis excluded by!**/*.pngcontent/authorization/guides/system-vendor/system-user/klient_system.pngis excluded by!**/*.pngcontent/authorization/what-do-you-get/systemuser/runtime.pngis excluded by!**/*.png
📒 Files selected for processing (8)
content/authorization/getting-started/systemuser/_index.nb.md(1 hunks)content/authorization/guides/system-vendor/system-user/_index.en.md(0 hunks)content/authorization/guides/system-vendor/system-user/_index.nb.md(1 hunks)content/authorization/guides/system-vendor/system-user/democlient/_index.en.md(1 hunks)content/authorization/guides/system-vendor/system-user/democlient/_index.nb.md(1 hunks)content/authorization/guides/system-vendor/system-user/systemuserrequest/_index.nb.md(2 hunks)content/authorization/what-do-you-get/systemuser/_index.en.md(1 hunks)content/authorization/what-do-you-get/systemuser/_index.nb.md(1 hunks)
💤 Files with no reviewable changes (1)
- content/authorization/guides/system-vendor/system-user/_index.en.md
🧰 Additional context used
📓 Path-based instructions (2)
content/**/*
⚙️ CodeRabbit configuration file
Check for links, markdown formatting, headings, grammar, and spelling in multiple languages (en-US, nb-NO, nn-NO).
Files:
content/authorization/what-do-you-get/systemuser/_index.en.mdcontent/authorization/guides/system-vendor/system-user/democlient/_index.en.mdcontent/authorization/guides/system-vendor/system-user/_index.nb.mdcontent/authorization/guides/system-vendor/system-user/democlient/_index.nb.mdcontent/authorization/what-do-you-get/systemuser/_index.nb.mdcontent/authorization/guides/system-vendor/system-user/systemuserrequest/_index.nb.mdcontent/authorization/getting-started/systemuser/_index.nb.md
**/*.nb.md
⚙️ CodeRabbit configuration file
Check for Norwegian Bokmål (nb-NO) grammar and spelling with extra care. Pay special attention to specialized terminology and Norwegian-specific words.
Files:
content/authorization/guides/system-vendor/system-user/_index.nb.mdcontent/authorization/guides/system-vendor/system-user/democlient/_index.nb.mdcontent/authorization/what-do-you-get/systemuser/_index.nb.mdcontent/authorization/guides/system-vendor/system-user/systemuserrequest/_index.nb.mdcontent/authorization/getting-started/systemuser/_index.nb.md
🪛 markdownlint-cli2 (0.18.1)
content/authorization/what-do-you-get/systemuser/_index.en.md
35-35: Link text should be descriptive
(MD059, descriptive-link-text)
37-37: Emphasis used instead of a heading
(MD036, no-emphasis-as-heading)
46-46: Link text should be descriptive
(MD059, descriptive-link-text)
48-48: Emphasis used instead of a heading
(MD036, no-emphasis-as-heading)
53-53: Link text should be descriptive
(MD059, descriptive-link-text)
content/authorization/what-do-you-get/systemuser/_index.nb.md
37-37: Emphasis used instead of a heading
(MD036, no-emphasis-as-heading)
48-48: Emphasis used instead of a heading
(MD036, no-emphasis-as-heading)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
- GitHub Check: Analyze (javascript-typescript)
Comment on lines
+45
to
48
| Følg fremgangsmåten for å koble opp til [Maskinporten](https://samarbeid.digdir.no/maskinporten/ta-i-bruk-maskinporten/97) | ||
| 2. Opprette en Maskinporten-klient. | ||
| En maskinporten-klient kan opprettes enten i Samarbeidsportal eller ved bruk av API. Opprettelse av en maskinporten-klient forutsetter oppkobling til Maskinporten. For mer informasjon, se[Maskinporten klient](https://docs.altinn.studio/nb/correspondence/getting-started/developer-guides/maskinporten/). | ||
|
|
Contributor
There was a problem hiding this comment.
Mellomrom før lenke
Line 47 mangler mellomrom i “se[Maskinporten…]”. Sett inn mellomrom for korrekt typografi.
🤖 Prompt for AI Agents
In content/authorization/getting-started/systemuser/_index.nb.md around lines 45
to 48, the text "se[Maskinporten klient](...)" is missing a space before the
link; insert a single space so it reads "se [Maskinporten klient](...)" to fix
the typography and ensure proper Markdown/link spacing.
|
|
||
| Ved sluttbrukerstyrt opprettelse er det kunden selv som går inn i altinn og velger systemet han ønsker opprette systembruker for fra en nedtrekksliste. | ||
| Etter systemet er valg blir det presentert hvilke rettigheter sluttbrukersystemetsystemet krever. Ved å akseptere dette blir systembrukeren opprettet. | ||
| Under [Guider](./../../guides/system-vendor/system-user/) kan du lese hvordan du setter opp systembruker for forkjellige frormål |
Contributor
There was a problem hiding this comment.
Stavefeil i “formål”
Line 87: “forkjellige frormål” bør være “forskjellige formål”.
🤖 Prompt for AI Agents
content/authorization/getting-started/systemuser/_index.nb.md around line 87:
fix the spelling typo in the sentence so that “forkjellige frormål” is replaced
with “forskjellige formål” (i.e., correct both misspelled words) keeping the
rest of the sentence and link unchanged.
Comment on lines
+9
to
+32
| ### Reference implementation and setup | ||
|
|
||
| A reference implementation has been developed to demonstrate the use of system user. It is developed in C# and can be run as a console application. | ||
| It does the following: | ||
|
|
||
| 1. Creates a token based on configured JSON Web Key, client ID, scope, and organization number of the system user creator. | ||
| 2. Based on the token received, it makes calls to reference APIs that require system user. | ||
|
|
||
| See code with documentation [here](https://github.com/TheTechArch/altinn-systemuser). | ||
|
|
||
| ### Setting up reference implementation with own configuration | ||
|
|
||
| A reference implementation has been developed to demonstrate the use of system user. It is developed in C# and can be run as a console application. | ||
|
|
||
| It does the following: | ||
|
|
||
| 1. Creates a token based on configured JSON Web Key, client ID, scope, and organization number of the system user creator. | ||
| 2. Based on the token received, it makes calls to reference APIs that require system user. | ||
|
|
||
| See code with documentation [here](https://github.com/TheTechArch/altinn-systemuser). | ||
|
|
||
| ### Setting up reference implementation with own configuration | ||
|
|
||
| The repository contains the necessary test certificate to run the application. The following must be done to set up your own integration as a system provider: |
Contributor
There was a problem hiding this comment.
Remove duplicated section
Paragraphs 21‑29 repeat the content already stated in 9‑27, and the heading at Line 30 is identical to Line 19. Please drop the duplicate block so the doc flows once.
🤖 Prompt for AI Agents
In
content/authorization/guides/system-vendor/system-user/democlient/_index.en.md
around lines 9 to 32, there is a duplicated block (lines 21–29 repeat lines 9–17
and the heading at line 30 duplicates the heading at line 19); remove the
repeated paragraphs (lines 21–29) and the duplicate heading (line 30) so the
reference implementation description appears only once and the document flows
correctly.
Comment on lines
+25
to
+40
| ## Oppsett av referanseimplementasjon med egen konfigurasjon | ||
|
|
||
| En referanseimplementasjon er utviklet for å demonstrere bruk av systembruker. Den er utviklet i C# og kan kjøres som en konsollapplikasjon. | ||
|
|
||
| Den gjør følgende: | ||
|
|
||
| Oppretter et token basert på konfigurert JSON Web Key, klient-ID, scope og organisasjonsnummeret til systembrukeroppretteren. | ||
|
|
||
| Basert på mottatt token, gjør den kall mot referanse-API-er som krever systembruker. | ||
|
|
||
| Se kode med dokumentasjon [her](https://github.com/TheTechArch/altinn-systemuser). | ||
|
|
||
| ## Oppsett av referanseimplementasjon med egen konfigurasjon | ||
|
|
||
| Repositoryet inneholder nødvendig testsertifikat for å kjøre applikasjonen. Følgende må gjøres for å sette opp en egen integrasjon som systemtilbyder: | ||
| {.floating-bullet-numbers-sibling-ol} |
Contributor
There was a problem hiding this comment.
Unngå dobbelt overskrift
“Oppsett av referanseimplementasjon med egen konfigurasjon” står to ganger (Line 25 og 37). Fjern den dupliserte overskriften/punktet for å unngå forvirring.
🤖 Prompt for AI Agents
In
content/authorization/guides/system-vendor/system-user/democlient/_index.nb.md
around lines 25 to 40, there is a duplicated heading "Oppsett av
referanseimplementasjon med egen konfigurasjon" (appears at lines 25 and 37);
remove the second occurrence (the duplicate at ~line 37) and adjust surrounding
text so the flow and any list/numbering remain correct (remove the duplicate
heading and any redundant blank line so the following paragraph/list remains a
single coherent section).
Comment on lines
+35
to
+53
| A detailed guide to get started can be found [here](./../../guides/resource-owner/system-user/) | ||
|
|
||
| **For end user system vendors** | ||
|
|
||
| System User gives you a simple and secure way to create a user that can be used to automate actions on behalf of your customers, without the need to exchange certificates or other secrets. | ||
| System User supports both customers who work on behalf of themselves in your system and on behalf of clients (accountants, etc.). | ||
| You can choose whether you want your customers to be able to create System Users from the Altinn portal, or if you want to control and guide them through the process in your end user system. | ||
| To use System User, you must ensure that the service owner supports this on their service. | ||
|
|
||
| <!--Describe support in apps--> | ||
|
|
||
| For more information to get started, see [here](./../../guides/system-vendor/system-user/) | ||
|
|
||
| **For end users** | ||
|
|
||
| System User enables your end user system vendor to perform actions on behalf of your organization in a simple and secure way. | ||
| At any time, you can see which authorizations you have granted the System User via the Altinn user interface and delete the System User if the vendor no longer needs the authorizations. | ||
|
|
||
| For more information to get started, see [here](./../../guides/end-user/system-user/) |
Contributor
There was a problem hiding this comment.
Make link text descriptive
Lines 35, 47, and 53 use “see [here]”, which markdownlint flags (MD059). Replace with meaningful link text, e.g., “See the resource-owner guide”, “See the system-vendor guide”, etc.
🧰 Tools
🪛 markdownlint-cli2 (0.18.1)
35-35: Link text should be descriptive
(MD059, descriptive-link-text)
37-37: Emphasis used instead of a heading
(MD036, no-emphasis-as-heading)
46-46: Link text should be descriptive
(MD059, descriptive-link-text)
48-48: Emphasis used instead of a heading
(MD036, no-emphasis-as-heading)
53-53: Link text should be descriptive
(MD059, descriptive-link-text)
🤖 Prompt for AI Agents
In content/authorization/what-do-you-get/systemuser/_index.en.md around lines
35-53, replace the three non-descriptive "see [here]" link texts to satisfy
MD059: change the link at line 35 to something like "See the resource-owner
guide" (keeping the existing href ./../../guides/resource-owner/system-user/),
change the link at line 47 to "See the system-vendor guide" (keeping href
./../../guides/system-vendor/system-user/), and change the link at line 53 to
"See the end-user guide" (keeping href ./../../guides/end-user/system-user/); do
not change the target URLs, only update the visible link text to be descriptive.
Comment on lines
+9
to
+43
| En stor del av kommunikasjonen mellom det offentlige og næringslivet skjer via API i Altinn og hos andre platformleverandører i det offentlige. Mye av denne kommunikasjonen skjer på vegne av virksomheten og trenger ikke utføres av en spesifikk person. | ||
| Systembruker gjør det enkelt å opprette en bruker, som gis nødvendige fullmakter i forhold til oppgavene den skal utføre. | ||
|
|
||
| Systembruker bygger videre på Maskinporten, som gir sikker autentisering og grovkornet tilgangsstyring, og utvider dette med finkornet tilgangsstyring | ||
|
|
||
| Systembruker gjør det enkelt å sette opp en virtuell bruker som kan operere på vegne av virksomheten, enten som egenopprettet system eller i et kunde–leverandørforhold | ||
| Systembruker kan både brukes mot tjenester som kjører i Altinn og mot eksterne tjenester som bruker Altinn Autorisasjon som autorisasjonsløsning. | ||
|
|
||
| > Systembruker er ikke ment å erstatte ID-porten eller Maskinporten, men suplere og utvide det man allerede får gjennom disse komponentene. | ||
| > ID-porten og systembruker kan brukes hver for seg eller i kombinasjon på samme tjeneste ut fra tjenesteeiers behov for å vite om det er en person eller system som kaller tjenesten. | ||
| > | ||
| > Ved behov for å koble operasjonene som utføres med hvilken person som utfører dem person bruk **ID-Porten**. | ||
| > | ||
| > Ved behov for å koble operasjonene som utføres med system som ligger bak bruk **Systembruker**. | ||
| > | ||
| > Dersom man kun trenger å vite hvilke virksomhet og ev scope bruk **Maskinporten**. | ||
|
|
||
| For en overordnet funsjonell gjennomgang og brukerreise se [Samarbeidsportalen](https://samarbeid.digdir.no/altinn/systembruker/2542). | ||
|
|
||
| ## Egenskaper med systembruker | ||
|
|
||
| Systembruker gir en rekke fordeler sammenlignet med dagens virksomhetsbruker og sluttbrukersystemkonsept i Altinn 2. | ||
|
|
||
| **For tjenesteeier** | ||
| For å støtte systembruker på tjenesten din må du velge maskinporten som autentiseringsmetod og gjøre oppslag mot vårt autorisasjons-API (PDP) med systembrukerinformasjonen som finnes i maskinportentokenet. | ||
|
|
||
| Detaljert guide for å komme i gang finnes [her](./../../guides/resource-owner/system-user/) | ||
|
|
||
| **For sluttbrukersystemleverandør** | ||
|
|
||
| Systembruker gir deg en enkel og sikker måte å opprette en bruker som kan brukes til å automatisere handlinger på vegne av dine kunder, uten at det er behov for å utveksle sertifikat eller andre hemmeligheter. | ||
| Systembruker støtter både kunder som jobber på vegne av seg selv i ditt system og på vegne av klienter (regnskapsførere etc.). | ||
| Du velger selv om du ønsker dine kunder skal kunne opprette systembruker fra Altinn portal, eller om du ønsker kontrollere og lede de gjennom prosessen i ditt sluttbrukersystem. | ||
| For å kunne bruke systembruker må du sikre at tjenesteeier støtter dette på sin tjeneste. | ||
|
|
Contributor
There was a problem hiding this comment.
Flere skrivefeil i innledningen
Korriger blant annet “platformleverandører” → “plattformleverandører” (Line 9), manglende punktum etter Line 12, “suplere” → “supplere” (Line 17), “operasjonene … person bruk” → “operasjonene … personen må bruke” (Line 21), og “virksomhet … scope bruk” → “virksomheten … scope må bruke” (Line 24). Disse feilene svekker forståelsen av introen.
🧰 Tools
🪛 markdownlint-cli2 (0.18.1)
37-37: Emphasis used instead of a heading
(MD036, no-emphasis-as-heading)
🤖 Prompt for AI Agents
In content/authorization/what-do-you-get/systemuser/_index.nb.md around lines
9–43, fix several typos and awkward phrases: change “platformleverandører” to
“plattformleverandører” (line 9), add a missing period at the end of the
sentence after line 12, change “suplere” to “supplere” (line 17), replace
“operasjonene ... person bruk” with “operasjonene ... personen må bruke” (line
21), and replace “virksomhet ... scope bruk” with “virksomheten ... scope må
bruke” (line 24); ensure punctuation and spacing around these edits remain
consistent and run a quick spell/grammar check on the surrounding sentences for
any remaining minor issues.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary by CodeRabbit