Recommendede client libraries for use with HelseID

The HelseID security profile requires that your application implements the FAPI 2.0 security profile in addition to our own functional requirements. As a consequence many client libraries are insufficient and cannot be used.

This list is based on our own experience and feedback from vendors. You may use other libraries if they fit better in your application, but we do not allow production deployment of applications where you have implemented the OAuth2 or OpenID Connect protocols yourself.

.NET

Duende.IdentityModel and their extension for Access Token Management:
https://docs.duendesoftware.com/identitymodel/ https://docs.duendesoftware.com/accesstokenmanagement/

Simple web clients that only do user logon can also use Microsofts built-in middleware for ASP.NET Core: https://learn.microsoft.com/en-us/aspnet/core/security/authentication/configure-oidc-web-authentication?view=aspnetcore-9.0

For API's we recommend Duende.AspNetCore.Authentication.JwtBearer:
https://docs.duendesoftware.com/identityserver/apis/aspnetcore/confirmation#validating-dpop

Java

Nimbus OAuth 2.0 SDK with OpenID Connect extensions:
https://connect2id.com/products/nimbus-oauth-openid-connect-sdk

For API's we recommend Nimbus JOSE + JWT:
https://connect2id.com/products/nimbus-jose-jwt

PHP

chillerlan/php-oauth is avtively maintained, it does not support DPoP yet:
https://packagist.org/packages/chillerlan/php-oauth

League/oauth2-client is an alternative, you must add support for PAR and DPoP:
https://oauth2-client.thephpleague.com/

Javascript (Node.js og andre kjøretidsmiljøer):

openid-client:
https://github.com/panva/openid-client
Remember that HelseID does not allow pure browser-based applications with no backend.

GO

For API's we recommend golang-jwt together with go-dpop:
https://github.com/golang-jwt/jwt/
https://github.com/AxisCommunications/go-dpop