fix: Use correct party urn separator

[oskogstad]

Summary by CodeRabbit

• Documentation
  • Updated Dialogporten token reference to use single-colon URN syntax for c, u, and p claim values (person, organization, and party identifiers).
  • Refreshed decoded-token example to reflect the new URN formats.
  • Adjusted party-identifier username example to the single-colon form.
  • Updated example value for the a field.
  • Revised accompanying examples and descriptions to align with the new syntax.

[coderabbitai]

Walkthrough

Documentation examples in the Dialog tokens reference were updated to use single-colon URN separators for c, u, and p claims. The decoded-token sample reflects the new URN forms, and the a field value changes to autorisasjonsattributt1. Only the English (en-US) page was modified.

Changes

Cohort / File(s)	Summary
Docs: Dialog tokens reference content/dialogporten/reference/authorization/dialog-tokens/_index.en.md	Updated URN syntax in examples from double-colon to single-colon for c, u, p claims; adjusted decoded-token sample accordingly; changed a field example to autorisasjonsattributt1.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

Colons align in a tidy parade,
Tokens now march in single-file grade;
c, u, and p with cleaner signs,
a shifts its tune to new-design lines.
Docs hum along—one page refined,
A small, neat fix, precisely aligned.

Tip

🔌 Remote MCP (Model Context Protocol) integration is now available!

Pro plan users can now connect to remote MCP servers from the Integrations page. Connect with popular remote MCPs such as Notion and Linear to add more context to your reviews and chats.

✨ Finishing Touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch oskogstad-patch-1

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbit in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbit in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbit gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbit read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbit help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbit ignore or @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbit summary or @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbit or @coderabbitai anywhere in the PR title to generate the title automatically.

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

content/dialogporten/reference/authorization/dialog-tokens/_index.en.md (1)

33-43: Replace all double-colon identifier-no:: URNs with single-colon identifier-no:

Update each occurrence of

urn:altinn:<type>:identifier-no::<id>

to

urn:altinn:<type>:identifier-no:<id>

in:

• content/dialogporten/reference/authorization/dialog-tokens/_index.nb.md (lines 35, 37)
• content/dialogporten/reference/events/_index.nb.md (lines 72, 108)
• content/dialogporten/reference/events/_index.en.md (lines 72, 108)

Scan the rest of content/ for any remaining identifier-no:: instances and correct them accordingly.

🧹 Nitpick comments (5)

content/dialogporten/reference/authorization/dialog-tokens/_index.en.md (5)

15-17: Typos and article fix; subject–verb agreement

Minor grammar/clarity improvements.

-Dialog tokens are embedded withing the [single dialog response model]({{<relref "../../entities/dialog">}}) (see `dialogToken`), and is a self-contained, signed JWT containing claims from the authenticated user and the dialog itself, including what actions and authorization attributes the user is authorized for.
+Dialog tokens are embedded within the [single dialog response model]({{<relref "../../entities/dialog">}}) (see `dialogToken`), and are self-contained, signed JWTs containing claims from the authenticated user and the dialog itself, including what actions and authorization attributes the user is authorized for.
@@
-The dialog tokens should be transferred as-is as a bearer token in a `Authorization` HTTP header. The contents of the dialog token should normally not be considered by the clients, ie. the token should be treated as an opaque string. 
+The dialog tokens should be transferred as-is as a bearer token in an `Authorization` HTTP header. The contents of the dialog token should normally not be considered by the clients, i.e., the token should be treated as an opaque string. 

---

19-29: Style/typo fixes: “Altinn.no portal”, “Receiving…”, article use, and hyphenation

Consistent product naming and small grammar tweaks.

-The altinn.no-portal will be using dialog tokens on all URLs associated with [write actions]({{<relref "../../front-end/write-actions">}}) and [front channel embeds]({{<relref "../../front-end/write-actions">}}). Other end user systems might also use the dialog token for API actions, subject to service specific protocols defined by the respective service owner.
+The Altinn.no portal will use dialog tokens on all URLs associated with [write actions]({{<relref "../../front-end/write-actions">}}) and [front channel embeds]({{<relref "../../front-end/write-actions">}}). Other end-user systems might also use the dialog token for API actions, subject to service-specific protocols defined by the respective service owner.
@@
-## Receving and verifying dialog tokens (OAuth resource servers)
+## Receiving and verifying dialog tokens (OAuth resource servers)
@@
-The resource server will with the help of dialog tokens be able to fully authenticate and authorize requests that are otherwise unauthenticated (ie. without cookies or any other state). The dialog tokens should be transferred as a bearer token using a `Authorization` HTTP header. 
+With the help of dialog tokens, the resource server can fully authenticate and authorize requests that are otherwise unauthenticated (i.e., without cookies or any other state). The dialog tokens should be transferred as a bearer token using an `Authorization` HTTP header. 
@@
-Note that for clients that are browser-based, including the Altinn.no-portal, the resource server will also have to implement the [CORS-protocol](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) in order to handle requests 
+Note that for clients that are browser-based, including the Altinn.no portal, the resource server will also have to implement the [CORS protocol](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) in order to handle requests 

---

71-71: Grammar: “utilize an…”, “for consumers”

Minor fixes for readability.

-Dialog tokens utilizes a [Edwards-Curve Digital Signature Algorithm (EdDSA)](https://datatracker.ietf.org/doc/html/rfc8032) using the Ed25519 curve to sign the dialog tokens, making it possible to consumers to verify that the token has been issued by Dialogporten and trust the information in the claims. Also see [RFC 8037](https://datatracker.ietf.org/doc/html/rfc8037) for information about using EdDSA in JOSE contexts.
+Dialog tokens utilize an [Edwards-Curve Digital Signature Algorithm (EdDSA)](https://datatracker.ietf.org/doc/html/rfc8032) using the Ed25519 curve to sign the dialog tokens, making it possible for consumers to verify that the token has been issued by Dialogporten and trust the information in the claims. Also see [RFC 8037](https://datatracker.ietf.org/doc/html/rfc8037) for information about using EdDSA in JOSE contexts.

---

78-78: Plural agreement

Endpoints (plural) → accept (plural).

-The JSON Web Key sets published on the well-known-endpoints will always contain at least two JWKs. All endpoints that accepts and verifies dialog tokens issued by Dialogporten, should allow tokens signed by any of the keys present in the key set for the given environment. 
+The JSON Web Key sets published on the well-known endpoints will always contain at least two JWKs. All endpoints that accept and verify dialog tokens issued by Dialogporten should allow tokens signed by any of the keys present in the key set for the given environment. 

---

41-41: Keep ‘a’ claim example consistent with JSON

The table uses “…authorizationattribute1” while the JSON uses “…autorisasjonsattributt1”. Align both to the same value (either is fine) to reduce cognitive load.

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 2ab5d81 and 6ae0401.

📒 Files selected for processing (1)

• content/dialogporten/reference/authorization/dialog-tokens/_index.en.md (2 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

content/**/*

⚙️ CodeRabbit configuration file

Check for links, markdown formatting, headings, grammar, and spelling in multiple languages (en-US, nb-NO, nn-NO).

Files:

• content/dialogporten/reference/authorization/dialog-tokens/_index.en.md

🪛 LanguageTool

content/dialogporten/reference/authorization/dialog-tokens/_index.en.md

[grammar] ~38-~38: There might be a mistake here.
Context: ...ifier:username:[email protected]"` | | i | Unique identifier o...

(QB_NEW_EN)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Analyze (javascript-typescript)

[coderabbitai]

⚠️ Potential issue

Fix URN example formatting (broken backticks/quotes) and improve readability

The table cell mixes quotes/backticks and misses a closing backtick; it will render incorrectly. Also standardize examples with backticks and line breaks.

Apply this diff:

-| c                | Authenticated as a consumer of Dialogporten. The prefix for either individuals (typically ID-porten), organizations (typically Maskinporten), or self-registered users. | `"urn:altinn:person:identifier-no:12018212345` `"urn:altinn:organization:identifier-no:991825827"` `"urn:altinn:party-identifier:username:[email protected]"` |
+| c                | Authenticated as a consumer of Dialogporten. The prefix for either individuals (typically ID-porten), organizations (typically Maskinporten), or self-registered users. | `urn:altinn:person:identifier-no:12018212345`<br>`urn:altinn:organization:identifier-no:991825827`<br>`urn:altinn:party-identifier:username:[email protected]` |
@@
-| u                | Optional. If a provider token in Maskinporten has been used, the authenticated provider's organization number will be given here.                                     | `"urn:altinn:organization:identifier-no:991825827"`                                                                  |
+| u                | Optional. If a provider token in Maskinporten has been used, the authenticated provider's organization number will be given here.                                     | `urn:altinn:organization:identifier-no:991825827`                                                                    |
@@
-| p                | Whom the consumer is acting on behalf of (if not themselves), i.e., who owns the relevant dialogue.                                                                 | `"urn:altinn:person:identifier-no:12018212345"` `"urn:altinn:organization:identifier-no:991825827"`  `"urn:altinn:party-identifier:username:[email protected]"` |
+| p                | Whom the consumer is acting on behalf of (if not themselves), i.e., who owns the relevant dialogue.                                                                 | `urn:altinn:person:identifier-no:12018212345`<br>`urn:altinn:organization:identifier-no:991825827`<br>`urn:altinn:party-identifier:username:[email protected]` |

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	| c | Authenticated as a consumer of Dialogporten. The prefix for either individuals (typically ID-porten), organizations (typically Maskinporten), or self-registered users. | `"urn:altinn:person:identifier-no:12018212345` `"urn:altinn:organization:identifier-no:991825827"` `"urn:altinn:party-identifier:username:[email protected]"` |
	| l | Security level of authentication (4) | `4` |
	| u | Optional. If a provider token in Maskinporten has been used, the authenticated provider's organization number will be given here. | `"urn:altinn:organization:identifier-no::991825827"` |
	| p | Whom the consumer is acting on behalf of (if not themselves), i.e., who owns the relevant dialogue. | `"urn:altinn:person:identifier-no::12018212345"` `"urn:altinn:organization:identifier-no::991825827"` `"urn:altinn:party-identifier:username::[email protected]"` |
	| u | Optional. If a provider token in Maskinporten has been used, the authenticated provider's organization number will be given here. | `"urn:altinn:organization:identifier-no:991825827"` |
	| p | Whom the consumer is acting on behalf of (if not themselves), i.e., who owns the relevant dialogue. | `"urn:altinn:person:identifier-no:12018212345"` `"urn:altinn:organization:identifier-no:991825827"` `"urn:altinn:party-identifier:username:[email protected]"` |
	| c | Authenticated as a consumer of Dialogporten. The prefix for either individuals (typically ID-porten), organizations (typically Maskinporten), or self-registered users. | `urn:altinn:person:identifier-no:12018212345`<br>`urn:altinn:organization:identifier-no:991825827`<br>`urn:altinn:party-identifier:username:[email protected]` |
	| l | Security level of authentication (4) | `4` |
	| u | Optional. If a provider token in Maskinporten has been used, the authenticated provider's organization number will be given here. | `urn:altinn:organization:identifier-no:991825827` |
	| p | Whom the consumer is acting on behalf of (if not themselves), i.e., who owns the relevant dialogue. | `urn:altinn:person:identifier-no:12018212345`<br>`urn:altinn:organization:identifier-no:991825827`<br>`urn:altinn:party-identifier:username:[email protected]` |

🧰 Tools

🪛 LanguageTool

[grammar] ~38-~38: There might be a mistake here.
Context: ...ifier:username:[email protected]"` | | i | Unique identifier o...

(QB_NEW_EN)

🤖 Prompt for AI Agents

In content/dialogporten/reference/authorization/dialog-tokens/_index.en.md
around lines 35-38, the URN examples in the table cells are misformatted
(missing/incorrect backticks and mixed quotes) and need to be standardized;
update the c, p and u cells so each example URN is wrapped in inline code
backticks (e.g. `urn:altinn:person:identifier-no:12018212345`), ensure any
missing closing backticks are added, and separate multiple examples with
explicit line breaks (use <br> within the table cell) or commas for readability
so the table renders correctly and consistently.

[coderabbitai]

⚠️ Potential issue

Inconsistent org number in JSON 'u' claim (likely transposed digits)

'u' uses 825827991 while 'p' and table examples use 991825827. Align to avoid confusion.

-  "u": "urn:altinn:organization:identifier-no:825827991",
+  "u": "urn:altinn:organization:identifier-no:991825827",

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	"c": "urn:altinn:person:identifier-no:12018212345",
	"l": 4,
	"u": "urn:altinn:organization:identifier-no::825827991",
	"p": "urn:altinn:organization:identifier-no::991825827",
	"u": "urn:altinn:organization:identifier-no:825827991",
	"p": "urn:altinn:organization:identifier-no:991825827",
	"c": "urn:altinn:person:identifier-no:12018212345",
	"l": 4,
	"u": "urn:altinn:organization:identifier-no:991825827",
	"p": "urn:altinn:organization:identifier-no:991825827",

🤖 Prompt for AI Agents

In content/dialogporten/reference/authorization/dialog-tokens/_index.en.md
around lines 53 to 56, the "u" claim contains an inconsistent organization
number "825827991" (digits transposed) while "p" and the surrounding examples
use "991825827"; update the "u" claim to
"urn:altinn:organization:identifier-no:991825827" to match the other examples
and verify any nearby table examples and sample JSON sections use the same org
number for consistency.