NVE Account Authentication

Introduction

This is going to be a brief intro on how to aquire an access token from a Microsoft AzureAD B2C Tenant, and then use it to access a protected API utilizing the NVE-account.

Microsoft AzureAd B2C

The NVE account is a user account stored and managed by a Microsoft AzureAD B2C.

Certain NVE APIs are protected by this, and in order to access these APIs you'll need to provide an access token. And before you can aquire this, you need an NVE account, and an Application registered in the AzureAD B2C. We have a test environment where you can test everything, and a production environment for operational use.

Create NVE account

Create an NVE account by using the NVE Account Web Application. Follow the instructions there:

B2C Application Registration

NB! You only need a B2C Application Registration if you are going to send data to an API (RegObs API). 

For reading you do not need it.

Registering a B2C Application Registration is a manual process that an employee at NVE must do for you (for now send email to: awa@nve.no). When your application is registered you will get an Application Client ID. This is yours, and yours alone. 

Aquire Access Token

This is the process of getting an access token so you can use the protected NVE APIs. For now we have decided that the Resource Owner Password Credentials (ROPC) flow will suit your and our needs.

You will need to send a POST request to:

  • Test environment: https://nveb2c01test.b2clogin.com/nveb2c01test.onmicrosoft.com/oauth2/v2.0/token?p=B2C_1_ROPC_Auth
  • Production environment: https://nveb2c01prod.b2clogin.com/nveb2c01prod.onmicrosoft.com/oauth2/v2.0/token?p=B2C_1_ROPC_Auth

The post request should send the following body in x-www-form-urlencoded format:

{
"client_id": "00000000-0000-0000-0000-000000000000",
"scope": "openid 00000000-0000-0000-0000-000000000000",
"grant_type": "password",
"username": "john.smith@example.com",
"password": "correcthorsebatterystaple",
}

Replace the UUID above with your client id. In return you will get a JSON structure containing your token as well as its expire time in seconds. After the specified number of seconds has passed you will need to request a new token.

Using Access Token

When interacting with the APIs, set the following HTTP header:

Authorization: Bearer eyJ0eXAiO...

Versjoner

Produksjon

Authority URL with ROPC flow

Versjon Base URL: https://nveb2c01prod.b2clogin.com/tfp/nveb2c01prod.onmicrosoft.com/B2C_1_ROPC_Auth

Test

Versjon Base URL: https://nveb2c01test.b2clogin.com/tfp/nveb2c01test.onmicrosoft.com/B2C_1_ROPC_Auth