TL;DR: You must obtain a HelseID access token that is DPoP-bound and use it on every request with a matching DPoP proof.
See the official Helse ID Documentation for details on how to implement your desired client flow.
Example project for Token exchange:
- HelseID.Samples.
- Frontend / User login
- ApiAccess
- Note: Start this project with the following parameter:
dotnet run --use-token-exchange
- API That utilizes token exchange
- API that recieves the token exchange jwt
- Frontend / User login
Example project for Machine-to-Machine approach
Note: Use this method only if token exchange is not posible.