Client management with PMS

  • e-Signet is onboarded as MISP partner in MOSIP system with the below policy:
    "allowAuthRequestDelegation": true,
    "allowKycRequestDelegation": true,
    "trustBindedAuthVerificationToken": true,
    "allowKeyBindingDelegation": true
  • License key of the MISP partner must be updated in the Property name : mosip.esignet.misp.license.key
  • Create and Update of OIDC clients are managed via PMS.
Service to create OIDCClient
Service to update details of OIDCClient
  • Relying party is onboarded as an Auth partner. Auth partner is required to have the below allowed auth-types in the policy.
{ "allowedAuthTypes" : [
  • An auth-partner may have one or more OIDC clients.
  • SHA-256 hash of the OIDC client public key is considered as clientID.
  • Authentication Context References (ACR) and user claims are derived based on the policy of the auth partner.
    a. allowedKycAttributes are used to derive user claims using the identity_mapping.json
    b. allowedAuthTypes are used to derive ACR values using the amr-acr-mapping.json
  • Client management endpoints of e-Signet oidc-service is invoked from PMS with the derived values, clientID and the provided public-key.
  • Also, the client-details with policy and partner details are sent as an event to MOSIP IDA system.


  1. 1.
    To get the mapping of OIDC claims with MOSIP KYC-attributes.
  2. 2.
    To get the mapping of auth types in policy with ACR values.
  3. 3.
    The claims supported by e-Signet should be present in identity-mapping.json file.

Sample auth-policy of a relying party

Copyright © 2021 MOSIP. This work is licensed under a Creative Commons Attribution (CC-BY-4.0) International License unless otherwise noted.