How I built a Norwegian VAT filing library in Java (and what nearly broke me)

After 3 years building a SaaS accounting system for the Norwegian market, I open-sourced the VAT filing module as a standalone Java library. This is what I learned. The problem If you've ever tried to integrate with Norwegian government APIs, you know the documentation is thorough — but the gap between reading the docs and actually getting it working in production is large. MVA-melding (Norwegian VAT return) looks simple on the surface: generate some XML, submit it. In reality it's a 15-step chain involving three separate systems, each with its own auth model and failure modes. What the flow actually looks like Most documentation shows you the happy path. Here's what you're actually dealing with: Step 1: ID-porten authentication ID-porten requires PKCE with private_key_jwt — not a simple OAuth flow. You generate an RSA key pair, upload the public JWKS to Digdir's self-service portal, then sign your own JWT client assertion on every token request. The state parameter must survive a brow