Sample app - Source code: https://github.com/danmarksmiljoeportal/DkJord/tree/master/Sample

The sample app is consuming full authorization flow (OIDC/OAuth2) on user authentication and DKJord Api client to make requests to DKJord API (Test) https://jord-api.test.miljoeportal.dk/. For setting DKJord Api client up, you should contact Danmarks Miljøportal's support at [email protected] to get client credential info. It comprises authority, client id, client secret, redirectUri. This info will be set up in detail as the guideline at section 2.

In the sample app, developers can utilize third party tools to generate API clients with many endpoints, which take more time when you make it manually. We suggest NSwagStudio as utilization tool to do that. The following sub content is a guideline for generating C# API Client from Swagger via NSwagStudio.

With NSwag, you don't need an existing API—you can use third-party APIs that incorporate Swagger and generate a client implementation. NSwag allows you to expedite the development cycle and easily adapt to API changes.

• Download NSwagStudio and document at here: https://github.com/RicoSuter/NSwag/wiki/NSwagStudio
• After installing, use the config.nswag file in Dmp.Jord.Integration.Sample.Rest folder to generate API Client. If the config.nswag file is not latest, you can go to the openapi document page (eg. https://dkjord-api.test.miljoeportal.dk/openapi) and download the latest config file.
• If there is any issue with Required = Newtonsoft.Json.Required.DisallowNull when trying to generate the code (please refer to https://github.com/RicoSuter/NSwag/issues/1991).

The image below describes how the sample app requests authorization code and access token.

1. Sample app opens a browser tab with the authorization request (https://log-in.test.miljoeportal.dk/runtime/oauth2).

2. Authorization endpoint receives the authorization request, authenticates the user, and obtains authorization. Authenticating the user may involve chaining to other authentication systems.

3. Authorization server issues an authorization code to the redirect URI (https://127.0.0.1:7890).

4. Client receives the authorization code from the redirect URI.

5. Client app presents the authorization code at the token endpoint.

6. Token endpoint validates the authorization code and issues the tokens requested.

7. Contact DMP to get Identify connection (Integration) with the information: authority, client id and client secret, redirectUri (https://127.0.0.1:7890)

8. Update client id and client secret In Rest/RestFactorycs

    private static OidcClient InitializeLoginClient()
    {
        int port = 7890;
   
        string authority = "https://log-in.test.miljoeportal.dk/runtime/oauth2";
   
        string clientId = "** insert client id **";
        string clientSecret = "** insert client secret **";
   
        string redirectUri = string.Format($"https://127.0.0.1:{port}");
        .......
        ........
    }
   

9. User roles are required by Jord Api

   The login user must have valid roles to access Jord api methods:

   • Read DKJordLaes
   • Write DKJordVedligehold
   • Delete DKJordSlet

   In the case, Jord Api return Forbidden (403), just contact DMP to get correct roles for the user.

The JordClient code is generated based on the config.nswag by using NSwagStudio. The client code exposes an easy way to get started consuming API's via a provided end point.

How to initialize a JordClient:

• Update apiUrl In Program..cs

   var apiUrl = "https://jord-api.test.miljoeportal.dk/";
   var jordClient = await RestFactory.CreateAsync(apiUrl);
  

• JordClient is initialized In Rest/RestFactorycs

   public static async Task<JordClient> CreateAsync(string apiUrl)
    {
        var oidcClient = InitializeLoginClient();
  
        Console.WriteLine("Logging in");
        var loginResult = await Login(oidcClient);
  
        // Request a new access token using the refresh token if it is expired.
        //var refreshResult = await oidcClient.RefreshTokenAsync(loginResult.RefreshToken);
        //Console.WriteLine(refreshResult.IdentityToken);
  
        var httpClient = new HttpClient();
        httpClient.SetBearerToken(loginResult.AccessToken);
  
        Console.WriteLine("Initializing Jord client");
        var jordClient = new JordClient(apiUrl, httpClient);
  
        return jordClient;
    }
  

After logining with the oidcClient(we've already setup this), httpClient will consume the AccessToken returned after the authorization as a bearer token to create a JordClient. After creating the JordClient successfully, you can use all the methods the client exposes itself.

For example: jordClient.IsAliveAsync(), jordClient.GetClaimsAsync()...