Client management with PMS
- e-Signet is onboarded as MISP partner in MOSIP system with the below policy:{"allowAuthRequestDelegation": true,"allowKycRequestDelegation": true,"trustBindedAuthVerificationToken": true,"allowKeyBindingDelegation": true}
- License key of the MISP partner must be updated in the
esignet-default.properties
. Property name :mosip.esignet.misp.license.key
- Create and Update of OIDC clients are managed via PMS.
post
https://localhost/v1/partnermanager
/oidc/client
Service to create OIDCClient
put
https://localhost/v1/partnermanager
/oidc/client/{client_id}
Service to update details of OIDCClient
- Relying party is onboarded as an
Auth
partner. Auth partner is required to have the below allowedauth-types
in the policy.
{ "allowedAuthTypes" : [
{"authSubType":"","authType":"kycauth","mandatory":false},
{"authSubType":"","authType":"kycexchange","mandatory":false},
{"authSubType":"","authType":"otp-request","mandatory":false},
]
}
- An auth-partner may have one or more OIDC clients.
- SHA-256 hash of the OIDC client public key is considered as
clientID
. - Authentication Context References (ACR) and user claims are derived based on the policy of the auth partner.a.
allowedKycAttributes
are used to derive user claims using theidentity_mapping.json
b.allowedAuthTypes
are used to derive ACR values using theamr-acr-mapping.json
- Client management endpoints of e-Signet
oidc-service
is invoked from PMS with the derived values,clientID
and the provided public-key. - Also, the client-details with policy and partner details are sent as an event to MOSIP IDA system.
- 1.To get the mapping of OIDC claims with MOSIP KYC-attributes.
- 2.To get the mapping of auth types in policy with ACR values.
- 3.The claims supported by e-Signet should be present in
identity-mapping.json
file.
{"authTokenType":"policy",
"allowedKycAttributes":[{"attributeName":"fullName"},
{"attributeName":"gender"},
{"attributeName":"phone"},
{"attributeName":"email"},
{"attributeName":"dateOfBirth"},
{"attributeName":"city"},
{"attributeName":"face"},
{"attributeName":"addressLine1"}],
"allowedAuthTypes":[{"authSubType":"IRIS","authType":"bio","mandatory":false},
{"authSubType":"FINGER","authType":"bio","mandatory":false},
{"authSubType":"","authType":"otp","mandatory":false},
{"authSubType":"FACE","authType":"bio","mandatory":false},
{"authSubType":"","authType":"otp-request","mandatory":false},
{"authSubType":"","authType":"kycauth","mandatory":false},
{"authSubType":"","authType":"kycexchange","mandatory":false},
{"authSubType":"","authType":"wla","mandatory":false}]
}
Last modified 5mo ago