Add bulk mode and issuer (#40)

README.md

@@ -3,15 +3,18 @@ Various tools used for testing Altinn
 
 ## Token Generator
 
-Simple HTTP API for generating arbitrary enterprise and person access tokens for test environments, used for automated testing. Matches tokens produced by [Altinn3 token exchange](https://docs.altinn.studio/altinn-api/authentication/#exchange-of-jwt-token) or consent-token endpoints. Implemented as a Azure Function running at https://altinn-testtools-token-generator.azurewebsites.net.
+Simple HTTP API for generating arbitrary enterprise and person access tokens for test environments, used for automated testing. Matches tokens produced by [Altinn3 token exchange](https://docs.altinn.studio/altinn-api/authentication/#exchange-of-jwt-token) or consent-token endpoints, using the key material for the supplied environment. Implemented as a Azure Function running at https://altinn-testtools-token-generator.azurewebsites.net.
 
 ### Access
 
 The application requires authentication. See https://altinn.github.io/docs/api/rest/kom-i-gang/tokengenerator/ for more information.
 
 ### Usage:
 
-`{environment}` is an Altinn test environment name eg. `at24` og `tt02`
+`{environment}` is an Altinn test environment name eg. `at24` og `tt02`. 
+
+`none` is also a valid value, which indicates that the token generator itself becomes the issuers and uses its own key material for signing. See "Issuer" and "Bulk mode" below.
+
 
 #### Enterprise tokens (aka Maskinporten):
 `https://altinn-testtools-token-generator.azurewebsites.net/api/GetEnterpriseToken?env={environment}&scopes={scopes}&org={orgName}&orgNo={orgNo}`
@@ -33,6 +36,7 @@ The application requires authentication. See https://altinn.github.io/docs/api/r
 * `consumerOrgNo` (Personal tokens only. Default: `991825827`)
 * `userName` (Personal tokens only. Default: *empty string*)
 * `clientAmr` (Personal tokens only. Default: `virksomhetssertifikat`)
+* `bulkCount` (Personal or enterpise tokens only.) Enables bulk mode. See below.
 * `dump` (displays a human readable decoded JWT)
 
 #### Consent tokens: 
@@ -45,10 +49,25 @@ The application requires authentication. See https://altinn.github.io/docs/api/r
 
 Consent service metadata (parameters) are supplied the same way as in [URL-based consent requests](https://altinn.github.io/docs/utviklingsguider/samtykke/datakonsument/be-om-samtykke/lenkebasert-legacy/), eg. `..&5120_1_myparam=myvalue`.
 
-## TokenGeneratorCli
+#### Issuer
+
+The token generator can act as its own issuer, using its own key material for signing. This is useful for testing scenarios where the Altinn environment is irrelevant/unreachable or higher performance is required. 
+[RFC 8414 OAuth 2.0 Authorization Server Metadata](https://datatracker.ietf.org/doc/html/rfc8414) with public key material is available at `https://altinn-testtools-token-generator.azurewebsites.net/api/.well-known/oauth-authorization-server`
+
+This can be utilized in ASP.NET with something like this:
+```
+services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
+    .AddJwtBearer(options =>
+    {
+        options.MetadataAddress = "https://altinn-testtools-token-generator.azurewebsites.net/api/.well-known/oauth-authorization-server";
+        options.RequireHttpsMetadata = true;
+    });
+```
+
+#### Bulk mode
 
-Simple console app for calling the API from a shell script. Uses `appsettings.json` for default settings, all of which can be overridden by command line arguments. 
+For personal and enterprise tokens, the token generator can also return a list of multiple tokens in a single request, containing random pids or organization numbers, selected from a curated list of Tenor test data. This is useful for performance testing or when a large number of tokens are needed.
 
-### Usage :
+All parameters are the same as for single tokens, but the `userId` or `orgNo` parameter is replaced with `bulkCount` to specify the number of tokens to generate. This will return a JSON dictionary with the tokens as values and the corresponding pids or org numbers as keys. 
 
-Build, and run `TokenGeneratorCli.exe --help`
+It is _highly recommended_ to use the `none` environment when using bulk mode, which will cause the token generator to use its own key material for signing. Using other environments such as `at24` or `tt02` is accepted, but will be _excruciatingly_ slow as generating lots of RSA256 tokens is computationally expensive (1000 tokens takes easily 1 minute). The token generator issued tokens uses EcDSA256, which is several orders of magnitude faster than RSA256 (generating thousands of tokens in milliseconds).