Altinn
diff --git a/‎Directory.Packages.props‎
Lines changed: 1 addition & 1 deletion b/‎Directory.Packages.props‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/Altinn.App.Api/Controllers/InstancesController.cs‎
Lines changed: 51 additions & 4 deletions b/‎src/Altinn.App.Api/Controllers/InstancesController.cs‎
Lines changed: 51 additions & 4 deletions
diff --git a/‎src/Altinn.App.Api/Models/InstanceResponse.cs‎
Lines changed: 6 additions & 0 deletions b/‎src/Altinn.App.Api/Models/InstanceResponse.cs‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎src/Altinn.App.Core/Constants/AltinnUrns.cs‎
Lines changed: 2 additions & 0 deletions b/‎src/Altinn.App.Core/Constants/AltinnUrns.cs‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎src/Altinn.App.Core/Helpers/InstantiationHelper.cs‎
Lines changed: 59 additions & 0 deletions b/‎src/Altinn.App.Core/Helpers/InstantiationHelper.cs‎
Lines changed: 59 additions & 0 deletions
diff --git a/‎src/Altinn.App.Core/Infrastructure/Clients/Events/EventsClient.cs‎
Lines changed: 5 additions & 2 deletions b/‎src/Altinn.App.Core/Infrastructure/Clients/Events/EventsClient.cs‎
Lines changed: 5 additions & 2 deletions
diff --git a/‎src/Altinn.App.Core/Infrastructure/Clients/Register/AltinnPartyClient.cs‎
Lines changed: 45 additions & 0 deletions b/‎src/Altinn.App.Core/Infrastructure/Clients/Register/AltinnPartyClient.cs‎
Lines changed: 45 additions & 0 deletions
diff --git a/‎src/Altinn.App.Core/Internal/Expressions/LayoutEvaluatorState.cs‎
Lines changed: 9 additions & 6 deletions b/‎src/Altinn.App.Core/Internal/Expressions/LayoutEvaluatorState.cs‎
Lines changed: 9 additions & 6 deletions
diff --git a/‎src/Altinn.App.Core/Internal/Registers/IAltinnPartyClient.cs‎
Lines changed: 7 additions & 0 deletions b/‎src/Altinn.App.Core/Internal/Registers/IAltinnPartyClient.cs‎
Lines changed: 7 additions & 0 deletions
diff --git a/‎src/Altinn.App.Core/Models/CloudEvent.cs‎
Lines changed: 2 additions & 2 deletions b/‎src/Altinn.App.Core/Models/CloudEvent.cs‎
Lines changed: 2 additions & 2 deletions
@@ -9,7 +9,7 @@
     <PackageVersion Include="Altinn.Common.EFormidlingClient" Version="1.3.3" />
     <PackageVersion Include="Altinn.Common.PEP" Version="4.2.2" />
     <PackageVersion Include="Altinn.Platform.Models" Version="1.6.1" />
-    <PackageVersion Include="Altinn.Platform.Storage.Interface" Version="4.3.0" />
+    <PackageVersion Include="Altinn.Platform.Storage.Interface" Version="4.4.0" />
     <PackageVersion Include="Azure.Extensions.AspNetCore.Configuration.Secrets" Version="1.4.0" />
     <PackageVersion Include="Azure.Identity" Version="1.17.1" />
     <PackageVersion Include="Azure.Monitor.OpenTelemetry.Exporter" Version="1.6.0" />
 
@@ -1,6 +1,7 @@
 using System.Globalization;
 using System.Net;
 using System.Text;
+using System.Text.Encodings.Web;
 using Altinn.App.Api.Extensions;
 using Altinn.App.Api.Helpers.Patch;
 using Altinn.App.Api.Helpers.RequestHandling;
@@ -254,7 +255,13 @@ public async Task<ActionResult<InstanceResponse>> Post(
 
             if (
                 lookup == null
-                || (lookup.PersonNumber == null && lookup.OrganisationNumber == null && lookup.PartyId == null)
+                || (
+                    lookup.PersonNumber == null
+                    && lookup.OrganisationNumber == null
+                    && lookup.PartyId == null
+                    && lookup.ExternalIdentifier == null
+                    && lookup.Username == null
+                )
             )
             {
                 return BadRequest(
@@ -291,7 +298,10 @@ public async Task<ActionResult<InstanceResponse>> Post(
         try
         {
             party = await LookupParty(instanceTemplate.InstanceOwner) ?? throw new Exception("Unknown party");
-            instanceTemplate.InstanceOwner = InstantiationHelper.PartyToInstanceOwner(party);
+            instanceTemplate.InstanceOwner = await InstantiationHelper.PartyToInstanceOwner(
+                party,
+                _authenticationContext
+            );
         }
         catch (Exception partyLookupException)
         {
@@ -479,7 +489,13 @@ public async Task<ActionResult<InstanceResponse>> PostSimplified(
 
         if (
             lookup == null
-            || (lookup.PersonNumber == null && lookup.OrganisationNumber == null && lookup.PartyId == null)
+            || (
+                lookup.PersonNumber == null
+                && lookup.OrganisationNumber == null
+                && lookup.PartyId == null
+                && lookup.ExternalIdentifier == null
+                && lookup.Username == null
+            )
         )
         {
             return BadRequest(
@@ -491,7 +507,10 @@ public async Task<ActionResult<InstanceResponse>> PostSimplified(
         try
         {
             party = await LookupParty(instansiationInstance.InstanceOwner) ?? throw new Exception("Unknown party");
-            instansiationInstance.InstanceOwner = InstantiationHelper.PartyToInstanceOwner(party);
+            instansiationInstance.InstanceOwner = await InstantiationHelper.PartyToInstanceOwner(
+                party,
+                _authenticationContext
+            );
         }
         catch (Exception partyLookupException)
         {
@@ -1132,6 +1151,18 @@ string action
             string personOrOrganisationNumber = instanceOwner.PersonNumber ?? instanceOwner.OrganisationNumber;
             try
             {
+                if (!string.IsNullOrEmpty(instanceOwner.ExternalIdentifier))
+                {
+                    var partyId = await _altinnPartyClient.GetPartyIdByUrn(instanceOwner.ExternalIdentifier);
+                    if (partyId == null)
+                    {
+                        throw new ServiceException(
+                            HttpStatusCode.BadRequest,
+                            $"Failed to lookup party by external identifier: {instanceOwner.ExternalIdentifier}. No partyId found for the provided external identifier."
+                        );
+                    }
+                    return await _registerClient.GetPartyUnchecked(partyId.Value, this.HttpContext.RequestAborted);
+                }
                 if (!string.IsNullOrEmpty(instanceOwner.PersonNumber))
                 {
                     lookupNumber = "personNumber";
@@ -1144,6 +1175,22 @@ string action
                         new PartyLookup { OrgNo = instanceOwner.OrganisationNumber }
                     );
                 }
+                else if (!string.IsNullOrEmpty(instanceOwner.Username))
+                {
+                    var email = instanceOwner.Username.StartsWith("epost:", StringComparison.InvariantCultureIgnoreCase)
+                        ? instanceOwner.Username[6..]
+                        : instanceOwner.Username;
+                    var urn = $"{AltinnUrns.SelfIdentifiedEmail}:{UrlEncoder.Default.Encode(email)}";
+                    var partyId = await _altinnPartyClient.GetPartyIdByUrn(urn);
+                    if (partyId == null)
+                    {
+                        throw new ServiceException(
+                            HttpStatusCode.BadRequest,
+                            $"Failed to lookup party by username: {instanceOwner.Username}. No partyId found for the provided idporten self identified email address."
+                        );
+                    }
+                    return await _registerClient.GetPartyUnchecked(partyId.Value, this.HttpContext.RequestAborted);
+                }
                 else
                 {
                     throw new ServiceException(
 
@@ -113,6 +113,7 @@ internal static InstanceResponse From(Instance instance, Party instanceOwnerPart
                 PersonNumber = instance.InstanceOwner.PersonNumber,
                 OrganisationNumber = instance.InstanceOwner.OrganisationNumber,
                 Username = instance.InstanceOwner.Username,
+                ExternalIdentifier = instance.InstanceOwner.ExternalIdentifier,
                 Party = PartyResponse.From(instanceOwnerParty),
             },
             AppId = instance.AppId,
@@ -159,6 +160,11 @@ public sealed class InstanceOwnerResponse
     /// </summary>
     public required string Username { get; init; }
 
+    /// <summary>
+    /// The external identifier of a self identified party. Null if the party is not self identified.
+    /// </summary>
+    public string ExternalIdentifier { get; init; }
+
     /// <summary>
     /// Party information for the instance owner.
     /// </summary>
 
@@ -16,7 +16,9 @@ internal static class AltinnUrns
     public const string PersonId = "urn:altinn:person:identifier-no";
     public const string UserId = "urn:altinn:userid";
     public const string UserName = "urn:altinn:username";
+    public const string SelfIdentifiedEmail = "urn:altinn:person:idporten-email";
     public const string PartyId = "urn:altinn:partyid";
+    public const string PartyUuid = "urn:altinn:partyuuid";
     public const string RepresentingPartyId = "urn:altinn:representingpartyid";
     public const string App = "urn:altinn:app";
     public const string AppResource = "urn:altinn:appresource";
 
@@ -1,4 +1,6 @@
 using System.Globalization;
+using Altinn.App.Core.Features.Auth;
+using Altinn.Platform.Profile.Models;
 using Altinn.Platform.Register.Enums;
 using Altinn.Platform.Register.Models;
 using Altinn.Platform.Storage.Interface.Models;
@@ -217,4 +219,61 @@ public static InstanceOwner PartyToInstanceOwner(Party party)
             // instanceOwnerPartyType == "unknown"
         };
     }
+
+    /// <summary>
+    /// Get the correct <see cref="InstanceOwner" /> object from the <see cref="Party" /> object of the entity that should own the instance
+    /// Use authenticationContext to get the external identity for self identified parties
+    /// </summary>
+    public static async Task<InstanceOwner> PartyToInstanceOwner(
+        Party party,
+        IAuthenticationContext authenticationContext
+    )
+    {
+        if (!string.IsNullOrEmpty(party.SSN))
+        {
+            return new() { PartyId = party.PartyId.ToString(CultureInfo.InvariantCulture), PersonNumber = party.SSN };
+        }
+        else if (!string.IsNullOrEmpty(party.OrgNumber))
+        {
+            return new()
+            {
+                PartyId = party.PartyId.ToString(CultureInfo.InvariantCulture),
+                OrganisationNumber = party.OrgNumber,
+            };
+        }
+        else if (party.PartyTypeName.Equals(PartyType.SelfIdentified))
+        {
+            string? externalIdentifier = null;
+            if (authenticationContext is not null)
+            {
+                externalIdentifier = await GetExternalIdentityForSelfIdentifiedParty(party, authenticationContext);
+            }
+            return new()
+            {
+                PartyId = party.PartyId.ToString(CultureInfo.InvariantCulture),
+                Username = party.Name,
+                ExternalIdentifier = externalIdentifier,
+            };
+        }
+        return new()
+        {
+            PartyId = party.PartyId.ToString(CultureInfo.InvariantCulture),
+            // instanceOwnerPartyType == "unknown"
+        };
+    }
+
+    internal static async Task<string?> GetExternalIdentityForSelfIdentifiedParty(
+        Party party,
+        IAuthenticationContext authenticationContext
+    )
+    {
+        if (party.PartyTypeName != PartyType.SelfIdentified)
+            return null;
+
+        if (authenticationContext.Current is not Authenticated.User user)
+            return null;
+
+        UserProfile profile = await user.LookupProfile();
+        return profile.ExternalIdentity;
+    }
 }
@@ -73,11 +73,14 @@ public async Task<string> AddEvent(string eventType, Instance instance)
         {
             alternativeSubject = $"/org/{instance.InstanceOwner.OrganisationNumber}";
         }
-
-        if (!string.IsNullOrWhiteSpace(instance.InstanceOwner.PersonNumber))
+        else if (!string.IsNullOrWhiteSpace(instance.InstanceOwner.PersonNumber))
         {
             alternativeSubject = $"/person/{instance.InstanceOwner.PersonNumber}";
         }
+        else if (!string.IsNullOrWhiteSpace(instance.InstanceOwner.ExternalIdentifier))
+        {
+            alternativeSubject = instance.InstanceOwner.ExternalIdentifier;
+        }
 
         var baseUrl = _generalSettings.FormattedExternalAppBaseUrl(new AppIdentifier(instance));
 
 
@@ -1,5 +1,6 @@
 using System.Net;
 using System.Net.Http.Headers;
+using System.Text.Json;
 using Altinn.App.Core.Configuration;
 using Altinn.App.Core.Constants;
 using Altinn.App.Core.Extensions;
@@ -129,4 +130,48 @@ await response.Content.ReadAsStringAsync()
 
         throw await PlatformHttpException.CreateAsync(response);
     }
+
+    /// <inheritdoc/>
+    public async Task<int?> GetPartyIdByUrn(string urn)
+    {
+        using var activity = _telemetry?.StartLookupPartyActivity();
+        string endpointUrl = "access-management/parties/query";
+        var query = new { data = new string[] { urn } };
+        using var content = new StringContent(JsonSerializer.Serialize(query));
+        content.Headers.ContentType = MediaTypeHeaderValue.Parse("application/json");
+        ApplicationMetadata application = await _appMetadata.GetApplicationMetadata();
+
+        string token = _userTokenProvider.GetUserToken();
+
+        using HttpResponseMessage response = await _client.PostAsync(
+            token,
+            endpointUrl,
+            content,
+            _accessTokenGenerator.GenerateAccessToken(application.Org, application.AppIdentifier.App)
+        );
+        if (response.StatusCode != HttpStatusCode.OK)
+        {
+            _logger.LogError(
+                "// Getting partyId by URN {Urn} failed with statuscode {StatusCode} - {Reason}",
+                urn,
+                response.StatusCode,
+                await response.Content.ReadAsStringAsync()
+            );
+            throw await PlatformHttpException.CreateAsync(response);
+        }
+
+        using var responseDocument = JsonDocument.Parse(await response.Content.ReadAsByteArrayAsync());
+        var listResponse = responseDocument.RootElement.GetProperty("data");
+        if (listResponse.GetArrayLength() == 0)
+        {
+            return null;
+        }
+        if (listResponse.GetArrayLength() > 1)
+        {
+            throw new InvalidOperationException($"Multiple parties found for URN {urn}");
+        }
+
+        var partyId = listResponse[0].GetProperty("partyId").GetInt32();
+        return partyId;
+    }
 }
@@ -224,16 +224,19 @@ public string GetInstanceContext(string key)
                 ?? throw new InvalidOperationException("InstanceOwner or PartyId is null"),
             "appId" => Instance.AppId ?? throw new InvalidOperationException("AppId is null"),
             "instanceId" => Instance.Id ?? throw new InvalidOperationException("InstanceId is null"),
-            "instanceOwnerPartyType" => (
-                !string.IsNullOrWhiteSpace(Instance.InstanceOwner?.OrganisationNumber) ? "org"
-                : !string.IsNullOrWhiteSpace(Instance.InstanceOwner?.PersonNumber) ? "person"
-                : !string.IsNullOrWhiteSpace(Instance.InstanceOwner?.Username) ? "selfIdentified"
-                : "unknown"
-            ),
+            "instanceOwnerPartyType" => GetInstanceOwnerPartyType(Instance.InstanceOwner),
             _ => throw new ExpressionEvaluatorTypeErrorException($"Unknown Instance context property {key}"),
         };
     }
 
+    private static string GetInstanceOwnerPartyType(InstanceOwner? instanceOwner)
+    {
+        return !string.IsNullOrWhiteSpace(instanceOwner?.OrganisationNumber) ? "org"
+            : !string.IsNullOrWhiteSpace(instanceOwner?.PersonNumber) ? "person"
+            : !string.IsNullOrWhiteSpace(instanceOwner?.Username) ? "selfIdentified"
+            : "unknown";
+    }
+
     /// <summary>
     /// Count the number of data elements of a specific type
     /// </summary>
 
@@ -20,4 +20,11 @@ public interface IAltinnPartyClient
     /// <param name="partyLookup">A populated lookup object with information about what to look for.</param>
     /// <returns>The party lookup containing either SSN or organisation number.</returns>
     Task<Party> LookupParty(PartyLookup partyLookup);
+
+    /// <summary>
+    /// Looks up a partyId by a URN. The URN should be in the format urn:altinn:personnumber:12345678901 or urn:altinn:orgnumber:987654321.
+    /// </summary>
+    /// <param name="urn">The URN to look up.</param>
+    /// <returns>The partyId for the given URN, or null if not found.</returns>
+    Task<int?> GetPartyIdByUrn(string urn);
 }
@@ -51,9 +51,9 @@ public class CloudEvent
     /// Gets or sets the alternative subject of the event.
     /// </summary>
     [JsonPropertyName("alternativesubject")]
-#nullable disable
-    public string AlternativeSubject { get; set; }
+    public string? AlternativeSubject { get; set; }
 
+#nullable disable
     /// <summary>
     /// Gets or sets the cloudEvent data content. The event payload.
     /// The payload depends on the type and the dataschema.
Original file line number	Diff line number	Diff line change
`@@ -73,11 +73,14 @@ public async Task<string> AddEvent(string eventType, Instance instance)`
`73`	`73`	`{`
`74`	`74`	`alternativeSubject = $"/org/{instance.InstanceOwner.OrganisationNumber}";`
`75`	`75`	`}`
`76`		`-`
`77`		`- if (!string.IsNullOrWhiteSpace(instance.InstanceOwner.PersonNumber))`
	`76`	`+ else if (!string.IsNullOrWhiteSpace(instance.InstanceOwner.PersonNumber))`
`78`	`77`	`{`
`79`	`78`	`alternativeSubject = $"/person/{instance.InstanceOwner.PersonNumber}";`
`80`	`79`	`}`
	`80`	`+ else if (!string.IsNullOrWhiteSpace(instance.InstanceOwner.ExternalIdentifier))`
	`81`	`+ {`
	`82`	`+ alternativeSubject = instance.InstanceOwner.ExternalIdentifier;`
	`83`	`+ }`
`81`	`84`
`82`	`85`	`var baseUrl = _generalSettings.FormattedExternalAppBaseUrl(new AppIdentifier(instance));`
`83`	`86`