TokenXΒΆ
TokenX is Nais' own implementation of OAuth 2.0 Token Exchange.
This allows internal applications to act on behalf of a citizen that originally authenticated with ID-porten, while maintaining the zero trust security model between applications throughout a request chain.
Nais provides support for declarative registration and configuration of TokenX resources. These cover two distinct use cases:
Consume an APIΒΆ
To consume an API secured with TokenX on behalf of a citizen, you'll need to exchange their token for a new token.
The new token preserves the citizen's identity context and is only valid for the specific API you want to access.
Learn how to consume an internal API on behalf of a citizen
Secure your APIΒΆ
To secure your API with TokenX, you'll need to grant consumers access to your application.
Once configured, your consumers can exchange a token with TokenX to consume your API.
Your application code must verify inbound requests by validating the included tokens.
Learn how to secure your API with TokenX
Generate a token for developmentΒΆ
In some cases, you want to locally develop and test against a secured API in the development environments. You will need a token to access said API.