ID Authentication
eSignet is integrated with the MOSIP ID Authentication module as an authentication provider. The defined plugins interface has been implemented using the APIs available in the MOSIP ID Authentication module.
Here is a list of the APIs that have been integrated into the eSignet plugin interface implementation.
KYC Authentication API to perform authentication for an identity provider like eSignet
KYC Exchange API to share an encrypted KYC token to an identity provider
Key Binding API to authenticate a user to bind the ID and Wallet of an user
VC Exchange API to share the VC associate to a user who was authenticated earlier and has shared the associated KYC Token
Appendix - API Specifications
API to perform the ID Authentication based on allowed auth policy. Does validation of provided path parameters before doing the actual authentication. Returns a new KYC token and partner specific user token. This API should be called from IdP service only.
Relying Party (RP) Partner ID. This ID will be provided during partner self registration process
OIDC client Id. Auto generated while creating OIDC client in PMS
IdP Service License Key. This LK is similar MISP-LK.
Digital Signature of the Auth Request. IdP key will be used to generate the signature.
IDA standard request ID. Eg: mosip.identity.kycauth
Version of the API. Current supported version is '1.0'
UIN/VID of the individual.
Parameter to indicate individual type. Type can be UIN/VID
any random alpha numberic string. Allowed max size is 10.
Request created time
IDA Specification version. Current Supported version is 1.0
Thumbprint of the certificate used for encrypting the auth request.
Domain uri of the server
Name of the environment
User provided Consent either true or false
HMAC value generated of the whole request.
Session key used to encrypt the request.
Allowed KYC Attributes List.
POST /idauthentication/v1/key-auth/delegated/{IdP-LK}/{Auth-Partner-ID}/{oidc-client-id} HTTP/1.1
Host: api-internal.collab.mosip.net
Content-Type: application/json
Accept: */*
Content-Length: 1646
{
"id": "text",
"version": "text",
"individualId": "text",
"individualIdType": "text",
"transactionID": "text",
"requestTime": "text",
"specVersion": "text",
"thumbprint": "text",
"domainUri": "text",
"env": "text",
"request": {
"otp": "text",
"staticPin": "text",
"timestamp": "text",
"demographics": {
"age": "text",
"dob": "text",
"name": [
{
"language": "text",
"value": "text"
}
],
"dobType": [
{
"language": "text",
"value": "text"
}
],
"gender": [
{
"language": "text",
"value": "text"
}
],
"phoneNumber": "text",
"emailId": "text",
"addressLine1": [
{
"language": "text",
"value": "text"
}
],
"addressLine2": [
{
"language": "text",
"value": "text"
}
],
"addressLine3": [
{
"language": "text",
"value": "text"
}
],
"location1": [
{
"language": "text",
"value": "text"
}
],
"location2": [
{
"language": "text",
"value": "text"
}
],
"location3": [
{
"language": "text",
"value": "text"
}
],
"postalCode": "text",
"fullAddress": [
{
"language": "text",
"value": "text"
}
],
"metadata": {
"property1": {},
"property2": {}
}
},
"biometrics": [
{
"data": {
"digitalId": {
"serialNo": "text",
"make": "text",
"model": "text",
"type": "text",
"deviceSubType": "text",
"deviceProvider": "text",
"dp": "text",
"dpId": "text",
"deviceProviderId": "text",
"dateTime": "text"
},
"bioType": "text",
"bioSubType": "text",
"bioValue": "text",
"deviceCode": "text",
"deviceServiceVersion": "text",
"transactionId": "text",
"timestamp": "text",
"purpose": "text",
"env": "text",
"version": "text",
"domainUri": "text",
"requestedScore": 1,
"qualityScore": 1
},
"hash": "text",
"sessionKey": "text",
"specVersion": "text",
"thumbprint": "text"
}
],
"keyBindedTokens": {
"type": "text",
"token": "text",
"format": "text"
}
},
"consentObtained": true,
"requestHMAC": "text",
"requestSessionKey": "text",
"metadata": {
"property1": {},
"property2": {}
},
"allowedKycAttributes": [
"text"
]
}OK
{
"id": "string",
"version": "string",
"responseTime": "string",
"response": {
"kycToken": "string",
"authToken": "string",
"kycStatus": false
},
"errors": [
{
"errorCode": "string",
"errorMessage": "string"
}
]
}API to validate kycToken returned in kyc-auth call that the kycToken belongs to the provided oidc-client-id and returns encrypted kyc to the caller. This API should be called from IdP service only.
IdP Service License Key. This LK is similar MISP-LK.
Relying Party (RP) Partner ID. This ID will be provided during partner self registration process
OIDC client Id. Auto generated while creating OIDC client in PMS
Digital Signature of the Auth Request. IdP key will be used to generate the signature.
IDA standard request ID. Eg: mosip.identity.kycexchange
Version of the API. Current supported version is '1.0'
Request created time.
Same transaction ID used in kyc-auth request.
UIN/VID of the individual.
kyc token received in kycAuth API response.
List of consents obtained from user.
user selected list of languages.
Response Type for the user claims. Currently defaulted to signed JWT.
POST /idauthentication/v1/kyc-exchange/delegated/{IdP-LK}/{Auth-Partner-ID}/{oidc-client-id} HTTP/1.1
Host: api-internal.collab.mosip.net
Content-Type: application/json
Accept: */*
Content-Length: 177
{
"id": "text",
"version": "text",
"requesttime": "text",
"transactionID": "text",
"individualId": "text",
"kycToken": "text",
"consentObtained": [
"text"
],
"locales": [
"text"
],
"resType": "text"
}OK
{
"id": "text",
"version": "text",
"responseTime": "text",
"response": {
"encryptedKyc": "text"
},
"errors": [
{
"errorCode": "text",
"errorMessage": "text"
}
]
}API to perform the ID Authentication based for the provided identity data and based on allowed auth policy. To identity the auth partner API will perform validation of provided path parameters before performing the actual authentication. Wallet will include a public key in the request to be binded for the input VID/UIN Returns a status of key binding, partner specific user token, certificate generated for the input public key (this certificate will be binded to the input VID/UIN). Certificate will be returned only when the authenticate is passed. This API should be called from eSignet service and from Inji Wallet.
Relying Party (RP) Partner ID. This ID will be provided during partner self registration process
IdP Service License Key. This LK is similar MISP-LK.
Digital Signature of the Auth Request. IdP key will be used to generate the signature.
IDA standard request ID. Eg: mosip.identity.keybinding
Version of the API. Current supported version is '1.0'
UIN/VID of the individual.
Parameter to indicate individual type. Type can be UIN/VID
any random alpha numberic string. Allowed max size is 10.
Request created time
IDA Specification version. Current Supported version is 1.0
Thumbprint of the certificate used for encrypting the auth request.
Domain uri of the server
Name of the environment
User provided Consent either true or false
HMAC value generated of the whole request.
Session key used to encrypt the request.
POST /idauthentication/v1/identity-key-binding/delegated/{IdP-LK}/{Auth-Partner-ID}/{OIDC-Client-Id} HTTP/1.1
Host: api-internal.collab.mosip.net
Content-Type: application/json
Accept: */*
Content-Length: 1676
{
"id": "text",
"version": "text",
"individualId": "text",
"individualIdType": "text",
"transactionID": "text",
"requestTime": "text",
"specVersion": "text",
"thumbprint": "text",
"domainUri": "text",
"env": "text",
"request": {
"otp": "text",
"staticPin": "text",
"timestamp": "text",
"demographics": {
"age": "text",
"dob": "text",
"name": [
{
"language": "text",
"value": "text"
}
],
"dobType": [
{
"language": "text",
"value": "text"
}
],
"gender": [
{
"language": "text",
"value": "text"
}
],
"phoneNumber": "text",
"emailId": "text",
"addressLine1": [
{
"language": "text",
"value": "text"
}
],
"addressLine2": [
{
"language": "text",
"value": "text"
}
],
"addressLine3": [
{
"language": "text",
"value": "text"
}
],
"location1": [
{
"language": "text",
"value": "text"
}
],
"location2": [
{
"language": "text",
"value": "text"
}
],
"location3": [
{
"language": "text",
"value": "text"
}
],
"postalCode": "text",
"fullAddress": [
{
"language": "text",
"value": "text"
}
],
"metadata": {
"property1": {},
"property2": {}
}
},
"biometrics": [
{
"data": {
"digitalId": {
"serialNo": "text",
"make": "text",
"model": "text",
"type": "text",
"deviceSubType": "text",
"deviceProvider": "text",
"dp": "text",
"dpId": "text",
"deviceProviderId": "text",
"dateTime": "text"
},
"bioType": "text",
"bioSubType": "text",
"bioValue": "text",
"deviceCode": "text",
"deviceServiceVersion": "text",
"transactionId": "text",
"timestamp": "text",
"purpose": "text",
"env": "text",
"version": "text",
"domainUri": "text",
"requestedScore": 1,
"qualityScore": 1
},
"hash": "text",
"sessionKey": "text",
"specVersion": "text",
"thumbprint": "text"
}
]
},
"consentObtained": true,
"requestHMAC": "text",
"requestSessionKey": "text",
"metadata": {
"property1": {},
"property2": {}
},
"identityKeyBinding": {
"publicKeyJWK": {
"additionalProp1": {},
"additionalProp2": {},
"additionalProp3": {}
},
"authFactorType": "text"
}
}OK
{
"id": "string",
"version": "string",
"responseTime": "string",
"response": {
"identityCertificate": "string",
"authToken": "string",
"bindingAuthStatus": false
},
"errors": [
{
"errorCode": "string",
"errorMessage": "string"
}
]
}API to validate kycToken returned in kyc-auth call that the kycToken belongs to the provided oidc-client-id & issued to the same identity used in kyc-auth and returns verifiable credentials to the caller. This API should be called from eSignet service.
IdP Service License Key. This LK is similar MISP-LK.
Relying Party (RP) Partner ID. This ID will be provided during partner self registration process
OIDC client Id. Auto generated while creating OIDC client in PMS
Digital Signature of the Auth Request. IdP key will be used to generate the signature.
IDA standard request ID. Eg: mosip.identity.vciexchange
Version of the API. Current supported version is '1.0'
Request created time.
Tansaction ID used in kyc-auth request.
UIN/VID of the individual.
kyc token received in kycAuth API response.
JWK DID of the Identity. Eg: did:jwk:ewogICAgImt0eSI6ICJSU0EiLAogICAgImUiOiAiQVFBQiIsCiAgICAibiI6ICJtaFZOaERpaW1WdTQxV0xCRWJzYVpLWUZRTTJrZXBHREQwWDRZNHp2VW8zZEVET3lTbDd0bXhha3RfVnlodXRJdWp3ZlJQMmxTTTRIQ2lZS3BYSXdBNmljVHIyWThDSnc2VDU1bWVRWWJmRHZxLV9QRXNWMDRobEYzUS10cnU2ajhPbUpRdWwzTGtSR05mN3Z6VFNSRmstUU9rcmNuVDRPaC1YbGhCRjhFNFFHNFdTVFF2Qk1xOVdTQ05lZjZkVWFOQ3JXY0lDQ1Q2bi1peHFKLTJBREEzYk5TcWpqS0REQktTM1VPRy1jbUlfTTdKY19BYWJod1JLLTM2blphWGJWLUdQYjR5UjdTNVY5MUhtdTZhS3JJdVdRM1ByY0FlWkZvZ1VuYjlLMUpHS0dhOWJ2S3F0TWd5TjNLdS1aMFdDT3Z1dUtMNndNNzduSDJWdGtJRDZNNVEiCn0
Verifiable credential format needed in response object. Supported Format : ldp_vc
list of locales to be included in the issued VC.
POST /idauthentication/v1/vci-exchange/delegated/{IdP-LK}/{Auth-Partner-ID}/{OIDC-Client-Id} HTTP/1.1
Host: api-internal.collab.mosip.net
Content-Type: application/json
Accept: */*
Content-Length: 333
{
"id": "text",
"version": "text",
"requesttime": "text",
"transactionID": "text",
"individualId": "text",
"vcAuthToken": "text",
"credSubjectId": "text",
"vcFormat": "text",
"credentialsDefinition": {
"credentialSubject": {
"property1": {},
"property2": {}
},
"type": [
"text"
],
"context": [
"text"
]
},
"locales": [
"text"
],
"metadata": {
"property1": {},
"property2": {}
}
}OK
{
"id": "text",
"version": "text",
"responseTime": "text",
"response": {},
"errors": [
{
"errorCode": "text",
"errorMessage": "text"
}
]
}Last updated
Was this helpful?