Skip to content

nlundee/altinn-auth-mcp

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
.gitignore
.gitignore
 
 
README.md
README.md
 
 
fastmcp_config.yaml
fastmcp_config.yaml
 
 
mcp.jsonld
mcp.jsonld
 
 
models.py
models.py
 
 
requirements.txt
requirements.txt
 
 
server.py
server.py
 
 

Repository files navigation

🔐 Altinn Auth MCP

A FastMCP-compatible Model Context Protocol (MCP) service that wraps the Altinn TestTools Token Generator, exposing standardized tools for generating:

  • Enterprise (Maskinporten-style) tokens
  • Personal (ID-porten-style) tokens
  • Consent tokens for domain services

This MCP is designed to be consumed by other MCPs that require authentication in test environments like tt02, at24, or none.

📎 How to Use as an MCP Client

Any other MCP can declare this Auth MCP as its token provider via the auth block.

🔧 Example: Declaring in a Service MCP

"auth": {
  "required": true,
  "provider": "altinn-auth-mcp",
  "method": "get_enterprise_token",
  "scopes": ["altinn:dataaltinnno/ebevis"],
  "params": {
    "env": "tt02",
    "orgNo": "991825827",
    "org": "digdir"
  }
}

🔁 The calling MCP or agent must resolve this auth provider and invoke the tool before calling the protected API.

🧪 Example: Manual Token Call via Cascade

Once registered in Windsurf, you can directly invoke token generation:

cascade altinn-auth-mcp.get_enterprise_token \
  --env tt02 \
  --scopes altinn:dataaltinnno/ebevis \
  --orgNo 991825827

Response:

{
  "status": "success",
  "token": "eyJhbGciOi..."
}

🧩 Available Tools

Tool Description
get_enterprise_token Generate enterprise JWT using org/orgNo
get_personal_token Generate personal token using PID/user info
get_consent_token Generate consent token for a dataset

🧰 Registering in Windsurf

Add to your mcp_config.json:

"altinn-auth-mcp": {
  "command": "python",
  "args": ["server.py"],
  "env": {
    "MCP_AUTH_USERNAME": "your-username",
    "MCP_AUTH_PASSWORD": "your-password"
  }
}

Then run:

windsurf up

The auth MCP will be available for use in other MCPs and for direct token generation via CLI or assistants.

📦 Environments Supported

  • tt02
  • at24
  • none (uses internal signing keys for high-performance local use)

🧾 Notes on @context

This MCP includes the following field in its JSON-LD metadata:

"@context": "https://altinn.dev/mcp/context"

Disclaimer: This URI currently acts as a placeholder and is not publicly resolvable.

It is included for the following reasons:

  • To indicate that this MCP follows a consistent structure defined by the Altinn R&D Lab.
  • To support future compatibility with JSON-LD tools, schema validators, and intelligent agents.
  • To enable eventual publication of a semantic MCP vocabulary shared across Altinn services.

You can safely ignore or stub this context reference in local tools. It is not required for core functionality.

Made with ❤️ by the R&D AI lab at Digdir

About

No description or website provided.

Topics

agent-hackathon

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages