Support tokens from Altinn Test Tools in IAuthenticationContext/Authenticated and correctly set InAltinnPortal for localtest tokens (#1204)

Author: martinothamar

src/Altinn.App.Core/Features/Auth/Authenticated.cs

@@ -594,8 +594,21 @@ public async Task<Details> LoadDetails()
     // TODO: app token?
     // public sealed record App(string Token) : Authenticated;
 
+    internal delegate Authenticated Parser(
+        string tokenStr,
+        bool isAuthenticated,
+        ApplicationMetadata appMetadata,
+        Func<string?> getSelectedParty,
+        Func<int, Task<UserProfile?>> getUserProfile,
+        Func<int, Task<Party?>> lookupUserParty,
+        Func<string, Task<Party>> lookupOrgParty,
+        Func<int, Task<List<Party>?>> getPartyList,
+        Func<int, int, Task<bool?>> validateSelectedParty
+    );
+
     internal static Authenticated FromLocalTest(
         string tokenStr,
+        bool isAuthenticated,
         ApplicationMetadata appMetadata,
         Func<string?> getSelectedParty,
         Func<int, Task<UserProfile?>> getUserProfile,
@@ -607,7 +620,7 @@ internal static Authenticated FromLocalTest(
     {
         var context = new ParseContext(
             tokenStr,
-            !string.IsNullOrWhiteSpace(tokenStr),
+            isAuthenticated,
             appMetadata,
             getSelectedParty,
             getUserProfile,
@@ -622,14 +635,15 @@ internal static Authenticated FromLocalTest(
         var handler = new JwtSecurityTokenHandler();
         var token = handler.ReadJwtToken(tokenStr);
 
-        context.TokenIssuer = TokenIssuer.Altinn;
-        context.IsExchanged = true;
-
         context.ReadClaims(token);
 
+        context.TokenIssuer = context.OrgNoClaim.Exists ? TokenIssuer.Maskinporten : TokenIssuer.Altinn;
+        context.IsExchanged =
+            context.TokenIssuer == TokenIssuer.Maskinporten || context.TokenIssuer == TokenIssuer.IDporten;
         context.Scopes = context.ScopeClaim.IsValidString(out var scopeClaimValue)
             ? new Scopes(scopeClaimValue)
             : new Scopes(null);
+        context.IsInAltinnPortal = context.UserIdClaim.Exists;
 
         int? partyId = null;
         if (context.PartyIdClaim.Exists)
@@ -709,6 +723,7 @@ internal record struct ParseContext(
     )
     {
         public TokenClaim IssuerClaim = default;
+        public TokenClaim ActualIssuerClaim = default;
         public TokenClaim AuthLevelClaim = default;
         public TokenClaim AuthMethodClaim = default;
         public TokenClaim ScopeClaim = default;
@@ -804,6 +819,7 @@ public void ReadClaims(JwtSecurityToken token)
             foreach (var claim in token.Payload)
             {
                 TryAssign(claim, JwtClaimTypes.Issuer, ref IssuerClaim);
+                TryAssign(claim, "actual_iss", ref ActualIssuerClaim);
                 TryAssign(claim, AltinnCoreClaimTypes.AuthenticationLevel, ref AuthLevelClaim);
                 TryAssign(claim, AltinnCoreClaimTypes.AuthenticateMethod, ref AuthMethodClaim);
                 TryAssign(claim, JwtClaimTypes.Scope, ref ScopeClaim);
@@ -867,7 +883,13 @@ internal static Authenticated From(
         context.Scopes = context.ScopeClaim.IsValidString(out var scopeClaimValue)
             ? new Scopes(scopeClaimValue)
             : new Scopes(null);
-        context.IsInAltinnPortal = context.Scopes.HasScope("altinn:portal/enduser");
+        context.IsInAltinnPortal =
+            context.Scopes.HasScope("altinn:portal/enduser")
+            || (
+                context.ActualIssuerClaim.IsValidString(out var actualIssuer)
+                && actualIssuer == "altinn-test-tools"
+                && context.UserIdClaim.Exists
+            );
 
         context.ResolveIssuer();
 
@@ -918,12 +940,13 @@ static Authenticated NewUser(ref ParseContext context)
     {
         if (!context.UserIdClaim.Exists)
             throw new AuthenticationContextException("Missing user ID claim for user token");
-        if (!context.UserIdClaim.IsValidString(out var userIdStr))
+
+        if (!context.UserIdClaim.IsValidInt(out var userId))
+        {
             throw new AuthenticationContextException(
                 $"Invalid user ID claim value for user token: {context.UserIdClaim.Value}"
             );
-        if (!int.TryParse(userIdStr, CultureInfo.InvariantCulture, out var userId))
-            throw new AuthenticationContextException($"Invalid user ID claim value for user token: {userIdStr}");
+        }
 
         if (!context.PartyIdClaim.Exists)
             throw new AuthenticationContextException("Missing party ID for user token");
@@ -941,7 +964,13 @@ static Authenticated NewUser(ref ParseContext context)
             if (!context.UsernameClaim.IsValidString(out var usernameClaimValue))
                 throw new AuthenticationContextException("Missing username claim for self-identified user token");
 
-            return new SelfIdentifiedUser(usernameClaimValue, userId, partyId.Value, authMethodClaimValue, ref context);
+            return new SelfIdentifiedUser(
+                usernameClaimValue,
+                userId.Value,
+                partyId.Value,
+                authMethodClaimValue,
+                ref context
+            );
         }
 
         int selectedPartyId = partyId.Value;
@@ -953,7 +982,7 @@ static Authenticated NewUser(ref ParseContext context)
             selectedPartyId = selectedParty;
         }
 
-        return new User(userId, partyId.Value, authLevel, authMethodClaimValue, selectedPartyId, ref context);
+        return new User(userId.Value, partyId.Value, authLevel, authMethodClaimValue, selectedPartyId, ref context);
     }
 
     static Org NewOrg(ref ParseContext context)
@@ -971,17 +1000,7 @@ static SystemUser NewSystemUser(ref ParseContext context)
     {
         if (!context.AuthorizationDetailsClaim.IsJson(out var json))
             throw new AuthenticationContextException($"Invalid authorization details claim value for token: {json}");
-        var authorizationDetails = json.Value.ValueKind switch
-        {
-            JsonValueKind.Object => JsonSerializer.Deserialize<AuthorizationDetailsClaim>(json.Value),
-            JsonValueKind.Array when json.Value.GetArrayLength() == 1 => JsonSerializer
-                .Deserialize<AuthorizationDetailsClaim[]>(json.Value)
-                ?[0],
-            _ => throw new AuthenticationContextException(
-                "Invalid authorization details claim value for systemuser token: "
-                    + context.AuthorizationDetailsClaim.Value
-            ),
-        };
+        var authorizationDetails = AuthorizationDetailsClaim.Parse(json.Value);
         if (authorizationDetails is null)
             throw new AuthenticationContextException("Invalid authorization details claim value for systemuser token");
         if (authorizationDetails is not SystemUserAuthorizationDetailsClaim systemUser)
@@ -1061,10 +1080,25 @@ public bool IsValidInt([NotNullWhen(true)] out int? integer)
         {
             integer = null;
 
-            if (Type is not null && Value is int intValue)
+            if (Type is not null)
             {
-                integer = intValue;
-                return true;
+                if (Value is int intValue)
+                {
+                    integer = intValue;
+                    return true;
+                }
+                // We parse tokens from various different sources:
+                // * altinn-authentication
+                // * localtest
+                // * AltinnTesTools
+                // * TestAuthentication (this repo)
+                // All of them have slight differences in how values encoded in the JWT payload,
+                // so that's why we are flexible here...
+                if (Value is string strValue && int.TryParse(strValue, CultureInfo.InvariantCulture, out intValue))
+                {
+                    integer = intValue;
+                    return true;
+                }
             }
 
             return false;
@@ -1086,7 +1120,22 @@ public bool IsJson([NotNullWhen(true)] out JsonElement? json)
 
     [JsonPolymorphic(TypeDiscriminatorPropertyName = "type")]
     [JsonDerivedType(typeof(SystemUserAuthorizationDetailsClaim), typeDiscriminator: "urn:altinn:systemuser")]
-    internal record AuthorizationDetailsClaim();
+    internal record AuthorizationDetailsClaim()
+    {
+        public static AuthorizationDetailsClaim? Parse(JsonElement json)
+        {
+            return json.ValueKind switch
+            {
+                JsonValueKind.Object => JsonSerializer.Deserialize<AuthorizationDetailsClaim>(json),
+                JsonValueKind.Array when json.GetArrayLength() == 1 => JsonSerializer
+                    .Deserialize<AuthorizationDetailsClaim[]>(json)
+                    ?[0],
+                _ => throw new AuthenticationContextException(
+                    "Invalid authorization details claim value for systemuser token: " + json
+                ),
+            };
+        }
+    }
 
     internal sealed record SystemUserAuthorizationDetailsClaim(
         [property: JsonPropertyName("systemuser_id")] IReadOnlyList<Guid> SystemUserId,

src/Altinn.App.Core/Features/Auth/AuthenticationContext.cs

@@ -69,6 +69,7 @@ public Authenticated Current
                 {
                     authInfo = Authenticated.FromLocalTest(
                         tokenStr: token,
+                        isAuthenticated: true,
                         _appConfigurationCache.ApplicationMetadata,
                         () => _httpContext.Request.Cookies[_generalSettings.CurrentValue.GetAltinnPartyCookieName],
                         _profileClient.GetUserProfile,

test/Altinn.App.Core.Tests/Features/Auth/AuthenticatedTests.Can_Parse_Real_Tokens_type=Org_yeqB.verified.txt

@@ -0,0 +1,40 @@
+{
+  Description: Maskinporten exchanged org token (not service owner),
+  AuthType: Altinn.App.Core.Features.Auth.Authenticated+Org,
+  Auth: {
+    OrgNo: 991825827,
+    AuthenticationLevel: 3,
+    AuthenticationMethod: maskinporten,
+    TokenIssuer: Maskinporten,
+    TokenIsExchanged: true,
+    Scopes: altinn:instances.read altinn:instances.write,
+    Token: eyJhbGciOiJSUzI1NiIsImtpZCI6IkQ4RDg2N0M3RDUyMTM2MEY0RjM1Q0Q1MTU4MEM0OUEwNTE2NUQ0RTEiLCJ4NXQiOiIyTmhueDlVaE5nOVBOYzFSV0F4Sm9GRmwxT0UiLCJ0eXAiOiJKV1QifQ.eyJzY29wZSI6ImFsdGlubjppbnN0YW5jZXMucmVhZCBhbHRpbm46aW5zdGFuY2VzLndyaXRlIiwidG9rZW5fdHlwZSI6IkJlYXJlciIsImV4cCI6MTczNzg0NDE1NywiaWF0IjoxNzM3ODQyMzU3LCJjbGllbnRfaWQiOiIwNDRmNTA0MC01NGUzLTRhMjctYTIyMS1hODUxNGZkMzBjYTkiLCJjb25zdW1lciI6eyJhdXRob3JpdHkiOiJpc282NTIzLWFjdG9yaWQtdXBpcyIsIklEIjoiMDE5Mjo5OTE4MjU4MjcifSwidXJuOmFsdGlubjpvcmdOdW1iZXIiOiI5OTE4MjU4MjciLCJ1cm46YWx0aW5uOmF1dGhlbnRpY2F0ZW1ldGhvZCI6Im1hc2tpbnBvcnRlbiIsInVybjphbHRpbm46YXV0aGxldmVsIjozLCJpc3MiOiJodHRwczovL3BsYXRmb3JtLnR0MDIuYWx0aW5uLm5vL2F1dGhlbnRpY2F0aW9uL2FwaS92MS9vcGVuaWQvIiwianRpIjoiMzUwYWNhOTYtYjNkZi00YTdmLTg4YWItOWY4ZDc4ZDYxMjI0IiwibmJmIjoxNzM3ODQyMzU3fQ.g6EFkX6pAKtA64p11CpoTDU6Nzzst4duOzBletMAexEmX-V5C4rXsndkwK3pL9JpZNBbjBZZaEAbBta177PIQo208dZwzYV2meLrip5fQ-hnWF3Ub0VdpxcgggDbcx8WqT1HSix-GQlNcSe2uyZB0KZ_8GRB2aKXjatX4R392A3CZfzBq8Dt3ra5AP0pWVxJAd4NuKHPQRKGbNWkC62J92zLYYtTz4j8DS9yogeP28hrcLzuqyVScDndmOiIjeexXXWdgrwVLDBO2mpVU_i4xqRUbjK9UdySrrkYfv-ZIZQRoZsyPE3ab0SDym-4kVxSIp4xyH3nQuzZJqz24LuBcw
+  },
+  Jwt: {
+    client_id: 044f5040-54e3-4a27-a221-a8514fd30ca9,
+    consumer: {
+      ValueKind: Object
+    },
+    exp: 1737844157,
+    iat: 1737842357,
+    iss: https://platform.tt02.altinn.no/authentication/api/v1/openid/,
+    jti: 350aca96-b3df-4a7f-88ab-9f8d78d61224,
+    nbf: 1737842357,
+    scope: altinn:instances.read altinn:instances.write,
+    token_type: Bearer,
+    urn:altinn:authenticatemethod: maskinporten,
+    urn:altinn:authlevel: 3,
+    urn:altinn:orgNumber: 991825827
+  },
+  Details: {
+    Party: {
+      PartyId: 1234,
+      PartyTypeName: Organisation,
+      OrgNumber: 991825827,
+      Name: Test AS,
+      IsDeleted: false,
+      OnlyHierarchyElementWithNoAccess: false
+    },
+    CanInstantiate: true
+  }
+}

test/Altinn.App.Core.Tests/Features/Auth/AuthenticatedTests.Can_Parse_Real_Tokens_type=SelfIdentifiedUser_ffv+.verified.txt

@@ -0,0 +1,52 @@
+{
+  Description: Altinn portal tt02 self identified, token extracted from AltinnStudioRuntime cookie,
+  AuthType: Altinn.App.Core.Features.Auth.Authenticated+SelfIdentifiedUser,
+  Auth: {
+    Username: martinothamar,
+    UserId: 1428813,
+    PartyId: 53328660,
+    AuthenticationMethod: SelfIdentified,
+    TokenIssuer: Altinn,
+    TokenIsExchanged: false,
+    Scopes: altinn:portal/enduser,
+    Token: eyJhbGciOiJSUzI1NiIsImtpZCI6IkQ4RDg2N0M3RDUyMTM2MEY0RjM1Q0Q1MTU4MEM0OUEwNTE2NUQ0RTEiLCJ4NXQiOiIyTmhueDlVaE5nOVBOYzFSV0F4Sm9GRmwxT0UiLCJ0eXAiOiJKV1QifQ.eyJuYW1laWQiOiIxNDI4ODEzIiwidXJuOmFsdGlubjp1c2VyaWQiOiIxNDI4ODEzIiwidXJuOmFsdGlubjp1c2VybmFtZSI6Im1hcnRpbm90aGFtYXIiLCJ1cm46YWx0aW5uOnBhcnR5aWQiOjUzMzI4NjYwLCJ1cm46YWx0aW5uOmF1dGhlbnRpY2F0ZW1ldGhvZCI6IlNlbGZJZGVudGlmaWVkIiwidXJuOmFsdGlubjphdXRobGV2ZWwiOjAsImp0aSI6Ijg3OGFkMDZiLWE0Y2EtNDFhZi04YjQzLWY3NTE2Mzk3Yzc3NyIsInNjb3BlIjoiYWx0aW5uOnBvcnRhbC9lbmR1c2VyIiwibmJmIjoxNzM3ODE1NjU0LCJleHAiOjE3Mzc4MTc0NTQsImlhdCI6MTczNzgxNTY1NH0.RLnlBcd_mfgixYkZcePG09iMsAk2XM25FdifashYcLEtebutWEub89GZyFHus7oLbCj_yDiyE1Rilpi3qBxUo9wVPH20ZsmFK5XX1jq7K_wzTsQGYlXPkjROyuXObOW1vuPZL973PEuSsFSc0MX38RfpHlOx7QZHx8gxOES3LwLFqCpdSCmTvsbPXmpHu4SKUb0BcaUFH3flexgbry4hixQbO65v6cQP7Od3A-5tTLCtPsBzCRY3u4EqbCVSJvXAj5x0PEYe-rKgQmY6nQl_dPfCre3uksPlKQeWtdDrmR1YiFfvKfg1DD_Fcf9wjeVGavyRh4qYhFV_7jueueGoqQ
+  },
+  Jwt: {
+    exp: 1737817454,
+    iat: 1737815654,
+    jti: 878ad06b-a4ca-41af-8b43-f7516397c777,
+    nameid: 1428813,
+    nbf: 1737815654,
+    scope: altinn:portal/enduser,
+    urn:altinn:authenticatemethod: SelfIdentified,
+    urn:altinn:authlevel: 0,
+    urn:altinn:partyid: 53328660,
+    urn:altinn:userid: 1428813,
+    urn:altinn:username: martinothamar
+  },
+  Details: {
+    Party: {
+      PartyId: 53328660,
+      PartyTypeName: Person,
+      SSN: 12345678901,
+      Name: Test Testesen,
+      IsDeleted: false,
+      OnlyHierarchyElementWithNoAccess: false
+    },
+    Profile: {
+      UserId: 1428813,
+      IsReserved: false,
+      PartyId: 53328660,
+      Party: {
+        PartyId: 53328660,
+        PartyTypeName: Person,
+        SSN: 12345678901,
+        Name: Test Testesen,
+        IsDeleted: false,
+        OnlyHierarchyElementWithNoAccess: false
+      }
+    },
+    RepresentsSelf: true,
+    CanInstantiate: true
+  }
+}

test/Altinn.App.Core.Tests/Features/Auth/AuthenticatedTests.Can_Parse_Real_Tokens_type=ServiceOwner_AmaP.verified.txt

@@ -0,0 +1,32 @@
+{
+  Description: GetTestOrgToken in localtest,
+  AuthType: Altinn.App.Core.Features.Auth.Authenticated+ServiceOwner,
+  Auth: {
+    Name: skd,
+    OrgNo: 974761076,
+    AuthenticationLevel: 3,
+    AuthenticationMethod: localtest,
+    TokenIssuer: Maskinporten,
+    TokenIsExchanged: true,
+    Token: eyJhbGciOiJSUzI1NiIsImtpZCI6IjQ4Q0VFNjAzMzEwMkYzMjQzMTk2NDc4QUYwNkZCNDNBMTc2NEQ4NDMiLCJ4NXQiOiJTTTdtQXpFQzh5UXhsa2VLOEctME9oZGsyRU0iLCJ0eXAiOiJKV1QifQ.eyJ1cm46YWx0aW5uOm9yZyI6InNrZCIsInVybjphbHRpbm46YXV0aGxldmVsIjozLCJ1cm46YWx0aW5uOnNjb3BlIjoiYWx0aW5uOnNlcnZpY2Vvd25lci9pbnN0YW5jZXMud3JpdGUgYWx0aW5uOnNlcnZpY2Vvd25lci9pbnN0YW5jZXMucmVhZCIsInVybjphbHRpbm46b3JnTnVtYmVyIjoiOTc0NzYxMDc2IiwibmJmIjoxNzQyOTA2NDYyLCJleHAiOjE3NDI5NjQwNjIsImlhdCI6MTc0MjkwNjQ2Mn0.UJSqOGZG3xCMH7KUx148NhPvARATpI2yzK4RxxL_Fe2XqtEaRJQX6IBMTbfu-WLdHZ8l4m7Epk7cJwxE1ek3BP1XMayq95rrNIwjcXoicDBfLUb7Ug2II89jKd-pCinuZGT8ai4LmKz8ydPAXgq6fV1ExctsqcTQhQIbgDYa9TFVKInpmv3Mj9f7vdiJKdfuxE_rHOzu8cqUVECLvK4AU602pnw9JvclAXa53hBkDlHmNv8-JzVUdqkEMBiPrWklWDZqHNZuVkKrrvS_5-dS9Z6rjZ9IcnMZ2fSRNoTHO85qtVqGzTzLsN0QjRXOYGk_mZVD4LVjOp7JBDuWqcpefQ
+  },
+  Jwt: {
+    exp: 1742964062,
+    iat: 1742906462,
+    nbf: 1742906462,
+    urn:altinn:authlevel: 3,
+    urn:altinn:org: skd,
+    urn:altinn:orgNumber: 974761076,
+    urn:altinn:scope: altinn:serviceowner/instances.write altinn:serviceowner/instances.read
+  },
+  Details: {
+    Party: {
+      PartyId: 1234,
+      PartyTypeName: Organisation,
+      OrgNumber: 974761076,
+      Name: Test AS,
+      IsDeleted: false,
+      OnlyHierarchyElementWithNoAccess: false
+    }
+  }
+}

test/Altinn.App.Core.Tests/Features/Auth/AuthenticatedTests.Can_Parse_Real_Tokens_type=ServiceOwner_IrMn.verified.txt

@@ -0,0 +1,42 @@
+{
+  Description: Altinn-Test-Tools GetEnterpriseToken,
+  AuthType: Altinn.App.Core.Features.Auth.Authenticated+ServiceOwner,
+  Auth: {
+    Name: digdir,
+    OrgNo: 991825827,
+    AuthenticationLevel: 3,
+    AuthenticationMethod: maskinporten,
+    TokenIssuer: Maskinporten,
+    TokenIsExchanged: true,
+    Scopes: altinn:serviceowner/instances.read altinn:serviceowner/instances.write,
+    Token: eyJhbGciOiJSUzI1NiIsImtpZCI6IkQ4RDg2N0M3RDUyMTM2MEY0RjM1Q0Q1MTU4MEM0OUEwNTE2NUQ0RTEiLCJ0eXAiOiJKV1QiLCJ4NWMiOiJEOEQ4NjdDN0Q1MjEzNjBGNEYzNUNENTE1ODBDNDlBMDUxNjVENEUxIn0.eyJzY29wZSI6ImFsdGlubjpzZXJ2aWNlb3duZXIvaW5zdGFuY2VzLnJlYWQgYWx0aW5uOnNlcnZpY2Vvd25lci9pbnN0YW5jZXMud3JpdGUiLCJ0b2tlbl90eXBlIjoiQmVhcmVyIiwiZXhwIjoxNzQyOTA5NDk3LCJpYXQiOjE3NDI5MDc2OTcsImNsaWVudF9pZCI6Ijc0M2U5MGZkLTAyMDItNDM5ZC05MzYwLTViYmZiOGU5MGYzYiIsImp0aSI6IkJIWTFzTXAxZGdCeEdOWDBjczdvUWNBdG1wVUlDdTlzY3A1dUFIY0F3T2YiLCJjb25zdW1lciI6eyJhdXRob3JpdHkiOiJpc282NTIzLWFjdG9yaWQtdXBpcyIsIklEIjoiMDE5Mjo5OTE4MjU4MjcifSwidXJuOmFsdGlubjpvcmdOdW1iZXIiOiI5OTE4MjU4MjciLCJ1cm46YWx0aW5uOmF1dGhlbnRpY2F0ZW1ldGhvZCI6Im1hc2tpbnBvcnRlbiIsInVybjphbHRpbm46YXV0aGxldmVsIjozLCJpc3MiOiJodHRwczovL3BsYXRmb3JtLnR0MDIuYWx0aW5uLm5vL2F1dGhlbnRpY2F0aW9uL2FwaS92MS9vcGVuaWQvIiwiYWN0dWFsX2lzcyI6ImFsdGlubi10ZXN0LXRvb2xzIiwibmJmIjoxNzQyOTA3Njk3LCJ1cm46YWx0aW5uOm9yZyI6ImRpZ2RpciJ9.YOX4cViSE1KG_sf3alCkR-aXDOJu1R850OS6fBBu7HYDitTa9DO4aoISeu42NzAjxMcpBee1r3wsg2n13cdAOs_Ab2BH385u_1EN-afXZURx9OjMr2SyWfDvVIEYGatiqpNB7pFf1zek8dJYRQfo3aenfOGuJTszHK0HAY_S7U2_ziMdXMWTUKlChel_lsGb40kUuTHLcUHwl5b10efU4dv-QZsj1PM_QHYDLikd6mCxS2KbqiAutcpdsv2zNgmh4uwXuntXvFF9X8oK0bkLlX8nNGvcWCsy9oRgLtq2y8cWUoVU89FgFR2NaHaEIdXIUwTCrxFzdIWZjEkMR1RYag
+  },
+  Jwt: {
+    actual_iss: altinn-test-tools,
+    client_id: 743e90fd-0202-439d-9360-5bbfb8e90f3b,
+    consumer: {
+      ValueKind: Object
+    },
+    exp: 1742909497,
+    iat: 1742907697,
+    iss: https://platform.tt02.altinn.no/authentication/api/v1/openid/,
+    jti: BHY1sMp1dgBxGNX0cs7oQcAtmpUICu9scp5uAHcAwOf,
+    nbf: 1742907697,
+    scope: altinn:serviceowner/instances.read altinn:serviceowner/instances.write,
+    token_type: Bearer,
+    urn:altinn:authenticatemethod: maskinporten,
+    urn:altinn:authlevel: 3,
+    urn:altinn:org: digdir,
+    urn:altinn:orgNumber: 991825827
+  },
+  Details: {
+    Party: {
+      PartyId: 1234,
+      PartyTypeName: Organisation,
+      OrgNumber: 991825827,
+      Name: Test AS,
+      IsDeleted: false,
+      OnlyHierarchyElementWithNoAccess: false
+    }
+  }
+}