Code Creation Altinn Studio lets the application developer create custom code in the Application.
With help of third party IDE like Visual Studio Code , the developer can create code from local development machine.
Process definition The process defintion is defined in a BPMN 2.0 file located in the app repository. To change the process the app developer need to modify the BPNM file manually.
Later Altinn Studio will support creating and updating process through GUI. »
App Frontend is a Single Page Application built using React + Redux.
This application is responsible for presenting a UI to the end user. The application consists of several different features that are responsible for handling the UI for different steps in the workflow.
The app frontend is automatically built and deployed to a CDN, and is versioned using semantic versioning. Each App developed in Altinn Studio will reference the app frontend, which will be served by the CDN. »
The App developed in Altinn Studio is currently based on a ASP.NET application template that contains backend and frontend components.
The app developer modifies and enhances the app with changing code and configuration in Altinn Studio or external devlopment tools like Visual Studio Code.
The application is built and deployed as a Docker container in a Kubernetes Pod to a Kubernetes cluster. See deployment architecture for deployment details.
In the future Altinn Studio will support apps based on different templates. »
The application runs on port 5040. See full details in dockerfile
Api Controllers Authentication : Functionality to convert the different ID-tokens from ID providers OpenID : Contains well known endpoint Logout : Logout Introspection Dependencies Authentication component take use of libraries for OpenID connect to create and validate JWT tokens.
See full list of dependencies in csproj. »
Altinn Studio Developer authentication The App Developer using Altinn Studio will authenticate with help of the build in account in Gitea.
The designer part of Altinn Studio integrates with Gitea so it identifies the user logged in in Gitea.
Git repo authentication When users tries to update the Git-repo where source files for the app is stored it needs to authenticate against the Git-repo.
This can be done through using a App Key generated in Gitea or using the username/password for the Gitea account. »
As part of the authentication component, there is some APIs that support authentication of different types of users and systems.
API for SBL Authentication cookie This API creates a JWT Cookie (A cookie with a JWT Token) based on the SBL Cookie created during login in the Legacy SBL solution. This API uses API in the SBL Bridge to verify the cookie and get information about the logged-in user.
Based on this information this API creates a JWT token with claims about the user (userid, authentication level ++) and sign the JWT token with the private key of Altinn Platform. »
The authorization capabilities are based on ABAC (Attribute-Based Access Controls) and use the XACML 3.0 standard.
These capabilities include:
The capability to define wide/narrow authorization policies for apps. Rules can be valid for the whole application or only for a subset of resources. The capability to evaluate policies based on a request for a resource The capability to configure authorization policies for API endpoints The capability to enforce decision request (permit or deny) The capability to enrich decision requests with needed information The capability to retrieve context information from different sources for subject and resource. »
It is important to reduce the risk of losing data on the platform. The risks that are identified are
Data is deleted by accident by DevOps team or by wrongly configured jobs Data is corrupted by bugs in platform or application code Data is accidentally corrupted or deleted by end-users or systems A storage account is deleted Blob storage is deleted Cosmos DB collection is accidentally deleted In Altinn Platform different types of data is stored »
As described below, the backup and recovery capabilities there are serveral scenarious where the different type of data is lost.
This page describes the application components that makes it possible to protect against data loss.
Backup Altinn Platform As described in the data section of the architecture documentation Altinn Platform stores data both in Azure Cosmos DB and in Azure Blob Storage.
There is different solutions for the different data stores. »
Below is a list of the capabilities with a short description and possible link to the different components providing that capability.
Software Generation Capabilities Code & Config Writing Capability Most of our code is written manually.
See development application components to get an overview of our tools and applications.
Software Defined Infrastructure Definition Enablement We use Terraform to define infrastructure.
Build & Integration Enablement Capabilities Software Compilation & Validation The project uses . »
