From d839a1e95a2c5eb07312887535ede4c05223c50c Mon Sep 17 00:00:00 2001 From: Roar Mjelde Date: Thu, 22 Feb 2024 10:59:35 +0100 Subject: [PATCH 1/7] Added support for Altinn2-generated tokens --- src/Altinn.Broker.API/Program.cs | 46 +++++++++++++------ .../appsettings.Development.json | 1 + .../Options/AltinnOptions.cs | 1 + 3 files changed, 33 insertions(+), 15 deletions(-) diff --git a/src/Altinn.Broker.API/Program.cs b/src/Altinn.Broker.API/Program.cs index 08cb1807..895b62ec 100644 --- a/src/Altinn.Broker.API/Program.cs +++ b/src/Altinn.Broker.API/Program.cs @@ -105,22 +105,38 @@ static void ConfigureServices(IServiceCollection services, IConfiguration config services.ConfigureHangfire(); - services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme).AddJwtBearer(options => - { - var altinnOptions = new AltinnOptions(); - config.GetSection(nameof(AltinnOptions)).Bind(altinnOptions); - options.SaveToken = true; - options.MetadataAddress = altinnOptions.OpenIdWellKnown; - options.TokenValidationParameters = new TokenValidationParameters + services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) + .AddJwtBearer(options => { - ValidateIssuerSigningKey = true, - ValidateIssuer = true, - ValidateAudience = false, - RequireExpirationTime = true, - ValidateLifetime = !hostEnvironment.IsDevelopment(), // Do not validate lifetime in tests - ClockSkew = TimeSpan.Zero - }; - }); + var altinnOptions = new AltinnOptions(); + config.GetSection(nameof(AltinnOptions)).Bind(altinnOptions); + options.SaveToken = true; + options.MetadataAddress = altinnOptions.OpenIdWellKnown; + options.TokenValidationParameters = new TokenValidationParameters + { + ValidateIssuerSigningKey = true, + ValidateIssuer = true, + ValidateAudience = false, + RequireExpirationTime = true, + ValidateLifetime = !hostEnvironment.IsDevelopment(), // Do not validate lifetime in tests + ClockSkew = TimeSpan.Zero + }; + }) + .AddJwtBearer("Legacy", options => { // To support "overgangslosningen" + var altinnOptions = new AltinnOptions(); + config.GetSection(nameof(AltinnOptions)).Bind(altinnOptions); + options.SaveToken = true; + options.MetadataAddress = altinnOptions.LegacyOpenIdWellKnown; + options.TokenValidationParameters = new TokenValidationParameters + { + ValidateIssuerSigningKey = true, + ValidateIssuer = true, + ValidateAudience = false, + RequireExpirationTime = true, + ValidateLifetime = !hostEnvironment.IsDevelopment(), // Do not validate lifetime in tests + ClockSkew = TimeSpan.Zero + }; + }); services.AddTransient(); services.AddAuthorization(options => diff --git a/src/Altinn.Broker.API/appsettings.Development.json b/src/Altinn.Broker.API/appsettings.Development.json index c7173ed8..d993ad06 100644 --- a/src/Altinn.Broker.API/appsettings.Development.json +++ b/src/Altinn.Broker.API/appsettings.Development.json @@ -18,6 +18,7 @@ }, "AltinnOptions": { "OpenIdWellKnown": "https://platform.tt02.altinn.no/authentication/api/v1/openid/.well-known/openid-configuration", + "LegacyOpenIdWellKnown": "https://test.maskinporten.no/.well-known/oauth-authorization-server", "PlatformGatewayUrl": "https://platform.tt02.altinn.no/", "PlatformSubscriptionKey": "" } diff --git a/src/Altinn.Broker.Core/Options/AltinnOptions.cs b/src/Altinn.Broker.Core/Options/AltinnOptions.cs index f95dd921..08412183 100644 --- a/src/Altinn.Broker.Core/Options/AltinnOptions.cs +++ b/src/Altinn.Broker.Core/Options/AltinnOptions.cs @@ -3,6 +3,7 @@ public class AltinnOptions { public string OpenIdWellKnown { get; set; } + public string LegacyOpenIdWellKnown { get; set; } public string PlatformGatewayUrl { get; set; } public string PlatformSubscriptionKey { get; set; } } From 036557da66a50f891cac2879e8dd26259b9967cb Mon Sep 17 00:00:00 2001 From: Roar Mjelde Date: Thu, 22 Feb 2024 11:01:14 +0100 Subject: [PATCH 2/7] Re-factor --- src/Altinn.Broker.API/Program.cs | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/src/Altinn.Broker.API/Program.cs b/src/Altinn.Broker.API/Program.cs index 895b62ec..11a539a3 100644 --- a/src/Altinn.Broker.API/Program.cs +++ b/src/Altinn.Broker.API/Program.cs @@ -105,11 +105,11 @@ static void ConfigureServices(IServiceCollection services, IConfiguration config services.ConfigureHangfire(); + var altinnOptions = new AltinnOptions(); + config.GetSection(nameof(AltinnOptions)).Bind(altinnOptions); services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) .AddJwtBearer(options => { - var altinnOptions = new AltinnOptions(); - config.GetSection(nameof(AltinnOptions)).Bind(altinnOptions); options.SaveToken = true; options.MetadataAddress = altinnOptions.OpenIdWellKnown; options.TokenValidationParameters = new TokenValidationParameters @@ -123,8 +123,6 @@ static void ConfigureServices(IServiceCollection services, IConfiguration config }; }) .AddJwtBearer("Legacy", options => { // To support "overgangslosningen" - var altinnOptions = new AltinnOptions(); - config.GetSection(nameof(AltinnOptions)).Bind(altinnOptions); options.SaveToken = true; options.MetadataAddress = altinnOptions.LegacyOpenIdWellKnown; options.TokenValidationParameters = new TokenValidationParameters From 7c31611913436691050394c640db4e199684d4ff Mon Sep 17 00:00:00 2001 From: Roar Mjelde Date: Thu, 22 Feb 2024 11:48:22 +0100 Subject: [PATCH 3/7] Made only legacy controller accessible with legacy token --- .../Controllers/LegacyFileController.cs | 2 +- src/Altinn.Broker.API/Program.cs | 14 +++++++++----- 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/src/Altinn.Broker.API/Controllers/LegacyFileController.cs b/src/Altinn.Broker.API/Controllers/LegacyFileController.cs index ffc02ee1..a60ddb39 100644 --- a/src/Altinn.Broker.API/Controllers/LegacyFileController.cs +++ b/src/Altinn.Broker.API/Controllers/LegacyFileController.cs @@ -27,7 +27,7 @@ namespace Altinn.Broker.Controllers /// [ApiController] [Route("broker/api/legacy/v1/file")] - [Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)] + [Authorize(AuthenticationSchemes = AuthorizationConstants.Legacy)] [Authorize(Policy = AuthorizationConstants.Legacy)] public class LegacyFileController : Controller { diff --git a/src/Altinn.Broker.API/Program.cs b/src/Altinn.Broker.API/Program.cs index 11a539a3..aebed5c9 100644 --- a/src/Altinn.Broker.API/Program.cs +++ b/src/Altinn.Broker.API/Program.cs @@ -105,11 +105,11 @@ static void ConfigureServices(IServiceCollection services, IConfiguration config services.ConfigureHangfire(); - var altinnOptions = new AltinnOptions(); - config.GetSection(nameof(AltinnOptions)).Bind(altinnOptions); services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) .AddJwtBearer(options => { + var altinnOptions = new AltinnOptions(); + config.GetSection(nameof(AltinnOptions)).Bind(altinnOptions); options.SaveToken = true; options.MetadataAddress = altinnOptions.OpenIdWellKnown; options.TokenValidationParameters = new TokenValidationParameters @@ -121,10 +121,14 @@ static void ConfigureServices(IServiceCollection services, IConfiguration config ValidateLifetime = !hostEnvironment.IsDevelopment(), // Do not validate lifetime in tests ClockSkew = TimeSpan.Zero }; - }) - .AddJwtBearer("Legacy", options => { // To support "overgangslosningen" + }); + + services.AddAuthentication(AuthorizationConstants.Legacy) + .AddJwtBearer(AuthorizationConstants.Legacy, options => { // To support "overgangslosningen" + var altinnOptions = new AltinnOptions(); + config.GetSection(nameof(AltinnOptions)).Bind(altinnOptions); options.SaveToken = true; - options.MetadataAddress = altinnOptions.LegacyOpenIdWellKnown; + options.MetadataAddress = "https://test.maskinporten.no/.well-known/oauth-authorization-server"; options.TokenValidationParameters = new TokenValidationParameters { ValidateIssuerSigningKey = true, From 3c934e087c48dbb1855406ad53b976284b8b392c Mon Sep 17 00:00:00 2001 From: Roar Mjelde Date: Thu, 22 Feb 2024 12:47:46 +0100 Subject: [PATCH 4/7] test --- Test/Altinn.Broker.Tests/Helpers/TestConstants.cs | 2 +- src/Altinn.Broker.API/Controllers/LegacyFileController.cs | 2 +- src/Altinn.Broker.API/Program.cs | 4 +--- 3 files changed, 3 insertions(+), 5 deletions(-) diff --git a/Test/Altinn.Broker.Tests/Helpers/TestConstants.cs b/Test/Altinn.Broker.Tests/Helpers/TestConstants.cs index 6cabf8c4..e35ffad6 100644 --- a/Test/Altinn.Broker.Tests/Helpers/TestConstants.cs +++ b/Test/Altinn.Broker.Tests/Helpers/TestConstants.cs @@ -5,7 +5,7 @@ internal class TestConstants internal const string DUMMY_RECIPIENT_TOKEN = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzY29wZSI6ImFsdGlubjpicm9rZXIucmVhZCIsImlzcyI6Imh0dHBzOi8vcGxhdGZvcm0udHQwMi5hbHRpbm4ubm8vYXV0aGVudGljYXRpb24vYXBpL3YxL29wZW5pZC8iLCJjbGllbnRfYW1yIjoicHJpdmF0ZV9rZXlfand0IiwidG9rZW5fdHlwZSI6IkJlYXJlciIsImV4cCI6MTcwMTY5Mzg5MiwiaWF0IjoxNzAxNjkzNzcyLCJjbGllbnRfaWQiOiIxMTExMTExMS0xMTExLTExMTEtMTExMS0xMTExMTExMTExMTEiLCJqdGkiOiIzU3IyZ1Y5dDdqTThFczk0SlMzTnhoUGl5OUNoTHpndGpXSGRGLTQ5YTdJIiwiY29uc3VtZXIiOnsiYXV0aG9yaXR5IjoiaXNvNjUyMy1hY3RvcmlkLXVwaXMiLCJJRCI6IjAxOTI6OTg2MjUyOTMyIn0sInVybjphbHRpbm46b3JnTnVtYmVyIjoiOTg2MjUyOTMyIiwidXJuOmFsdGlubjphdXRoZW50aWNhdGVtZXRob2QiOiJtYXNraW5wb3J0ZW4iLCJ1cm46YWx0aW5uOmF1dGhsZXZlbCI6MywiYWN0dWFsX2lzcyI6ImFsdGlubi10ZXN0LXRvb2xzIiwibmJmIjoxNzA3OTk2NTE4LCJ1cm46YWx0aW5uOm9yZyI6InR0ZCJ9.hS-oZnDXiZlwt_i0ajrmnHSHQ2usruuIZlP82ZvZjD0"; - internal const string DUMMY_LEGACY_TOKEN = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzY29wZSI6ImFsdGlubjpicm9rZXIubGVnYWN5IiwiaXNzIjoiaHR0cHM6Ly90ZXN0Lm1hc2tpbnBvcnRlbi5uby8iLCJjbGllbnRfYW1yIjoicHJpdmF0ZV9rZXlfand0IiwidG9rZW5fdHlwZSI6IkJlYXJlciIsImV4cCI6MTcwMTY5Mzg5MiwiaWF0IjoxNzAxNjkzNzcyLCJjbGllbnRfaWQiOiI5OTk5OTk5OS05OTk5LTk5OTktOTk5OS05OTk5OTk5OTk5OTkiLCJqdGkiOiIzU3IyZ1Y5dDdqTThFczk0SlMzTnhoUGl5OUNoTHpndGpXSGRGLTQ5YTdJIiwiY29uc3VtZXIiOnsiYXV0aG9yaXR5IjoiaXNvNjUyMy1hY3RvcmlkLXVwaXMiLCJJRCI6IjAxOTI6OTkxODI1ODI3In0sInVybjphbHRpbm46b3JnTnVtYmVyIjoiOTkxODI1ODI3IiwidXJuOmFsdGlubjphdXRoZW50aWNhdGVtZXRob2QiOiJtYXNraW5wb3J0ZW4iLCJ1cm46YWx0aW5uOmF1dGhsZXZlbCI6MywibmJmIjoxNzA3OTk2MTA5LCJ1cm46YWx0aW5uOm9yZyI6ImRpZ2RpciJ9.hSzHCExKCctuV3V97sXKE9qEwLub3KKEuscpjnm1NGc"; + internal const string DUMMY_LEGACY_TOKEN = "eyJraWQiOiJiZFhMRVduRGpMSGpwRThPZnl5TUp4UlJLbVo3MUxCOHUxeUREbVBpdVQwIiwiYWxnIjoiUlMyNTYifQ.eyJzY29wZSI6ImFsdGlubjpicm9rZXIubGVnYWN5IiwiaXNzIjoiaHR0cHM6Ly90ZXN0Lm1hc2tpbnBvcnRlbi5uby8iLCJjbGllbnRfYW1yIjoidmlya3NvbWhldHNzZXJ0aWZpa2F0IiwidG9rZW5fdHlwZSI6IkJlYXJlciIsImV4cCI6MTcwODU5Nzg3OCwiaWF0IjoxNzA4NTk0Mjc4LCJjbGllbnRfaWQiOiI2NzFjNTE2Zi03YWIwLTRhMTUtOTU1Yi1hODJkMTg2Y2VjYzAiLCJqdGkiOiJSTU90Mmk5NkxWZ3d4Z29NaWtXTnFNeDI0TndNZlBHc082Tl9YQjBQZzZ3IiwiY29uc3VtZXIiOnsiYXV0aG9yaXR5IjoiaXNvNjUyMy1hY3RvcmlkLXVwaXMiLCJJRCI6IjAxOTI6OTkxODI1ODI3In19.G268zp-aLUvmR1aTkkaMsZ9j6FT9FmvqKfTFOSP277F8X4BX5kLkm5v7G1MTgDybG0CUXxNGsyhMMlsGQscOZIsOe6QW05aoBFa1vWGOCsTLBaRbBm-LEU41dEPYqKzsDCh61p-zvINdNswuc5CG5vOwkKZi_PBbYUCEF6wIwe3eJ8ttNmunmEjBvOQcSIRllo-unIbzm4nsSQADnXRDAgeJ_jdl8k2s2N_Ose7qIE-usoVlKY53Ayax-V3ws8L22YxKHEbYnhx3oswfKg-ux2PrNFFFWfarUlpVnj1CFqY11ZlxXOS7sDRcwgc1gSnpTZWgysxAU0mGCoV03KwkYOMkVJp4UXkxL6WZ25RqTVb2YsIVq7g6m5BbAPJmZW-_OnpP6KZYQ8fCILYo6EIdn9TEot5Ffm8RzjlbXNseMS10oPCmQswe18TnzKaqFk2U6hOVhhakCvKxSsN0yDj9tsZitP_MOZPZ9ybVmK_jYrYNViJ02PLqnF5n3DMqcXDT"; internal const string RESOURCE_WITH_NO_ACCESS = "altinn-broker-test-resource-1-failed-access"; } diff --git a/src/Altinn.Broker.API/Controllers/LegacyFileController.cs b/src/Altinn.Broker.API/Controllers/LegacyFileController.cs index a60ddb39..ffc02ee1 100644 --- a/src/Altinn.Broker.API/Controllers/LegacyFileController.cs +++ b/src/Altinn.Broker.API/Controllers/LegacyFileController.cs @@ -27,7 +27,7 @@ namespace Altinn.Broker.Controllers /// [ApiController] [Route("broker/api/legacy/v1/file")] - [Authorize(AuthenticationSchemes = AuthorizationConstants.Legacy)] + [Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)] [Authorize(Policy = AuthorizationConstants.Legacy)] public class LegacyFileController : Controller { diff --git a/src/Altinn.Broker.API/Program.cs b/src/Altinn.Broker.API/Program.cs index aebed5c9..b04e9f5f 100644 --- a/src/Altinn.Broker.API/Program.cs +++ b/src/Altinn.Broker.API/Program.cs @@ -121,9 +121,7 @@ static void ConfigureServices(IServiceCollection services, IConfiguration config ValidateLifetime = !hostEnvironment.IsDevelopment(), // Do not validate lifetime in tests ClockSkew = TimeSpan.Zero }; - }); - - services.AddAuthentication(AuthorizationConstants.Legacy) + }) .AddJwtBearer(AuthorizationConstants.Legacy, options => { // To support "overgangslosningen" var altinnOptions = new AltinnOptions(); config.GetSection(nameof(AltinnOptions)).Bind(altinnOptions); From 508bd087e120e354a9e9f604b1a90761d5aff91e Mon Sep 17 00:00:00 2001 From: Roar Mjelde Date: Fri, 23 Feb 2024 08:42:15 +0100 Subject: [PATCH 5/7] Fixed authentication configuration --- src/Altinn.Broker.API/Controllers/LegacyFileController.cs | 2 +- src/Altinn.Broker.API/Program.cs | 7 ++++--- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/src/Altinn.Broker.API/Controllers/LegacyFileController.cs b/src/Altinn.Broker.API/Controllers/LegacyFileController.cs index ffc02ee1..a60ddb39 100644 --- a/src/Altinn.Broker.API/Controllers/LegacyFileController.cs +++ b/src/Altinn.Broker.API/Controllers/LegacyFileController.cs @@ -27,7 +27,7 @@ namespace Altinn.Broker.Controllers /// [ApiController] [Route("broker/api/legacy/v1/file")] - [Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)] + [Authorize(AuthenticationSchemes = AuthorizationConstants.Legacy)] [Authorize(Policy = AuthorizationConstants.Legacy)] public class LegacyFileController : Controller { diff --git a/src/Altinn.Broker.API/Program.cs b/src/Altinn.Broker.API/Program.cs index b04e9f5f..e659cea4 100644 --- a/src/Altinn.Broker.API/Program.cs +++ b/src/Altinn.Broker.API/Program.cs @@ -106,7 +106,7 @@ static void ConfigureServices(IServiceCollection services, IConfiguration config services.ConfigureHangfire(); services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) - .AddJwtBearer(options => + .AddJwtBearer(JwtBearerDefaults.AuthenticationScheme, options => { var altinnOptions = new AltinnOptions(); config.GetSection(nameof(AltinnOptions)).Bind(altinnOptions); @@ -122,7 +122,8 @@ static void ConfigureServices(IServiceCollection services, IConfiguration config ClockSkew = TimeSpan.Zero }; }) - .AddJwtBearer(AuthorizationConstants.Legacy, options => { // To support "overgangslosningen" + .AddJwtBearer(AuthorizationConstants.Legacy, options => // To support "overgangslosningen" + { var altinnOptions = new AltinnOptions(); config.GetSection(nameof(AltinnOptions)).Bind(altinnOptions); options.SaveToken = true; @@ -133,7 +134,7 @@ static void ConfigureServices(IServiceCollection services, IConfiguration config ValidateIssuer = true, ValidateAudience = false, RequireExpirationTime = true, - ValidateLifetime = !hostEnvironment.IsDevelopment(), // Do not validate lifetime in tests + ValidateLifetime = !hostEnvironment.IsDevelopment(), ClockSkew = TimeSpan.Zero }; }); From 78ad08aef81242535b22d47d93510e2118862f89 Mon Sep 17 00:00:00 2001 From: Roar Mjelde Date: Fri, 23 Feb 2024 08:48:56 +0100 Subject: [PATCH 6/7] Fixed tests --- .../Helpers/CustomWebApplicationFactory.cs | 54 +++++++++++++------ 1 file changed, 38 insertions(+), 16 deletions(-) diff --git a/Test/Altinn.Broker.Tests/Helpers/CustomWebApplicationFactory.cs b/Test/Altinn.Broker.Tests/Helpers/CustomWebApplicationFactory.cs index ef9ab14f..79c2d6fa 100644 --- a/Test/Altinn.Broker.Tests/Helpers/CustomWebApplicationFactory.cs +++ b/Test/Altinn.Broker.Tests/Helpers/CustomWebApplicationFactory.cs @@ -1,7 +1,9 @@ using System.Net.Http.Headers; +using Altinn.Broker.API.Configuration; using Altinn.Broker.Core.Domain; using Altinn.Broker.Core.Domain.Enums; +using Altinn.Broker.Core.Options; using Altinn.Broker.Core.Repositories; using Altinn.Broker.Tests.Helpers; @@ -14,6 +16,7 @@ using Microsoft.AspNetCore.Mvc.Testing; using Microsoft.AspNetCore.TestHost; using Microsoft.Extensions.DependencyInjection; +using Microsoft.Extensions.Hosting; using Microsoft.IdentityModel.JsonWebTokens; using Microsoft.IdentityModel.Tokens; @@ -34,24 +37,43 @@ protected override void ConfigureWebHost( o.SchemeMap.Clear(); ((IList)o.Schemes).Clear(); }); - services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme).AddJwtBearer(async options => - { - options.RequireHttpsMetadata = false; - options.SaveToken = true; - options.TokenValidationParameters = new TokenValidationParameters + services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) + .AddJwtBearer(async options => { - ValidateIssuer = false, - ValidateAudience = false, - ValidateLifetime = false, - RequireExpirationTime = false, - RequireSignedTokens = false, - SignatureValidator = delegate (string token, TokenValidationParameters parameters) + options.RequireHttpsMetadata = false; + options.SaveToken = true; + options.TokenValidationParameters = new TokenValidationParameters { - var jwt = new JsonWebToken(token); - return jwt; - } - }; - }); + ValidateIssuer = false, + ValidateAudience = false, + ValidateLifetime = false, + RequireExpirationTime = false, + RequireSignedTokens = false, + SignatureValidator = delegate (string token, TokenValidationParameters parameters) + { + var jwt = new JsonWebToken(token); + return jwt; + } + }; + }).AddJwtBearer(AuthorizationConstants.Legacy, options => // To support "overgangslosningen" + { + options.RequireHttpsMetadata = false; + options.SaveToken = true; + options.TokenValidationParameters = new TokenValidationParameters + { + ValidateIssuer = false, + ValidateAudience = false, + ValidateLifetime = false, + RequireExpirationTime = false, + RequireSignedTokens = false, + SignatureValidator = delegate (string token, TokenValidationParameters parameters) + { + var jwt = new JsonWebToken(token); + return jwt; + } + }; + }); + services.AddHangfire(config => config.UseMemoryStorage() ); From 3ce6567eea3de250326e4c3a1cca275e8f7caa15 Mon Sep 17 00:00:00 2001 From: Roar Mjelde Date: Fri, 23 Feb 2024 08:49:33 +0100 Subject: [PATCH 7/7] Format --- src/Altinn.Broker.API/Program.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Altinn.Broker.API/Program.cs b/src/Altinn.Broker.API/Program.cs index e659cea4..46fe9f7d 100644 --- a/src/Altinn.Broker.API/Program.cs +++ b/src/Altinn.Broker.API/Program.cs @@ -123,7 +123,7 @@ static void ConfigureServices(IServiceCollection services, IConfiguration config }; }) .AddJwtBearer(AuthorizationConstants.Legacy, options => // To support "overgangslosningen" - { + { var altinnOptions = new AltinnOptions(); config.GetSection(nameof(AltinnOptions)).Bind(altinnOptions); options.SaveToken = true;