A additional access token are used in the scenarious where we need to authenticate the application or component callin a component in Altinn Platform
The designer application creates a JWT based Access Token based on a certificate that designer has available when running in the Altinn Studio Kubernetes Cluster. The different Altinn Studio environments have their own certificate.
This makes it possible for each Altinn Platform environment to configure which Altinn Studio environment that is allowed to deploy and modify applications in that specific environment.
The token is generated with help of the Access Token generator and this is generated for each call designer are doing aginst the platform solution for Storage and Authorization.
To be able to limit the clients that can access some of the functionality in Altinn Platform, some components/functionality requires that a AccessToken is added to the request header in addition to the JWT that identifes the user triggering the request.
The applications generes a token based on a org certificate available in the Kubernetes Cluster for the given org.
The required check is enabled in the platform components with enabling a AuthorizationRequirement on the controller. Example on Party controller here