MOSIP Docs 1.2.0
GitHubCommunityTech BlogsWhat's NewChatBot
  • MOSIP
    • Overview
    • License
    • Principles
      • Inclusion
      • Privacy and Security
        • Security
        • Data Protection
        • Privacy
    • Technology
      • Architecture
      • Digital ID DPI Framework
      • Technology Stack
      • API
      • Sandbox Details
    • Standards & Specifications
      • MOSIP Standards
        • 169 - QR Code Specifications
        • 169 - QR Code Specifications 1.0.0
    • Inji
    • eSignet
  • ID Lifecycle Management
    • Identity Issuance
      • Pre-registration
        • Overview
          • Features
        • Develop
          • Developers Guide
          • UI Specifications
        • Test
          • Try It Out
          • End User Guide
          • Pre-registration Collab Guide
      • Registration Client
        • Overview
          • Features
        • Develop
          • Developers Guide
          • UI Specifications
        • Test
          • Try It Out
          • End User Guide
          • Registration Client Collab Guide
        • Deploy
          • Installation Guide
          • Operator Onboarding
          • Configuration Guide
          • Settings page
        • Telemetry from Registration Client
      • Android Registration Client
        • Overview
          • Features
        • Develop
          • Developer Guide
          • UI Specification
          • Technology Stack
        • Test
          • End User Guide
          • Collab Guide
        • Deploy
          • Configuration Guide
      • Registration Processor
        • Overview
          • Features
        • Develop
          • Registration Processor Developers Guide
        • Test
          • Credential Requestor Stage
          • Manual Adjudication and Verification
        • Deploy
          • Configurations Details
          • Deploy
      • ID Repository
        • Credential Request Generator Service Developers Guide
        • Identity Service Developers Guide
        • VID Service Developers Guide
        • .well-known
        • Custom Handle Implementation Guide
    • Identity Verification
      • ID Authentication Services
        • ID Authentication Demographic Data Normalization
        • ID Authentication Service Developers Guide
        • ID Authentication OTP Service Developer Guide
        • ID Authentication Internal Service Developers Guide
        • MOSIP Authentication SDK
      • ID Authentication
    • Identity Management
      • ID Schema
      • Identifiers
      • Resident Portal
        • Overview
          • Features
        • Develop
          • Developers Guide
          • UI Developers Guide
          • UI Specifications
          • Technology Stack
        • Test
          • Functional Overview
          • End User Guide
          • Collab Guide
        • Deploy
          • Deployment Guide
          • Configuration Guide
          • Configuring Resident OIDC Client
          • Browsers Supported
    • Support Systems
      • Administration
        • Develop
          • Admin Services Developers Guide
        • Test
          • Try it out
          • Admin Portal User Guide
          • Admin Portal Collab Guide
        • Masterdata Guide
      • Partner Management System
        • Partners
        • Overview
          • Features
        • Develop
          • Architecture
          • Technology Stack
          • Backend Developers Guide
          • UI Developers Guide
          • Build and Development Guide
          • New Language Support
          • Browsers Supported
        • Test
          • Try It Out
          • Partner Administrator
          • Policy Manager
          • Authentication Partner
          • Device Provider
          • FTM Chip Provider
          • PMS Collab Guide
        • Deploy
          • PMS Configuration Guide
          • API changes with PMS Revamp
        • PMS Legacy
          • Partner Management System
          • Partner Management Portal
          • Auth Partner
          • Device Provider
          • Foundational Trust Provider
          • Partner Management Services Developers Guide
      • Reporting
        • Anonymous Profiling Support
    • Supporting Components
      • Biometrics
        • ABIS
        • ABIS API
        • Biometric SDK
        • Biometric Devices
        • FTM
        • Biometric Specification
        • MDS Specification
        • CBEFF
        • Compliance Tool Kit
      • Commons
        • Commons Developers Guide
        • Audit Manager Developers Guide
        • OpenID-Bridge Developers Guide
        • ID Generator
      • Datashare
      • Keycloak
      • Persistence
        • Postgres DB
        • Object Store
      • Packet Manager
        • Registration Packet Structure
      • Quality Manager
        • Automation
          • API Test Rig Automation
          • DSL Test Rig Automation
          • UI Test Rig Automation
          • Automation Testing
        • Manual
    • Supporting Services
      • Mock Services
      • Key Manager
        • Keys
        • Hadware Security Module (HSM)
        • Key Manager Developers Guide
      • Module Configurations
      • WebSub
        • WebSub Developers Guide
  • Setup
    • Deployment
      • Getting Started
        • Helm Charts
        • Versioning
        • Wireguard
          • Wireguard Bastion Host
          • Wireguard Administrator's Guide
          • Wireguard Client Installation Guide
        • Production
          • Server Hardware Requirements
          • Production Hardening Guide
          • Administration Using Rancher
      • V3 installation
        • On-Prem Installation Guidelines
        • On-Prem without DNS Installation Guidelines
        • AWS Installation Guidelines
        • Testrig
        • MOSIP External Dependencies
        • MOSIP Modules Deployment
    • Implementations
      • Implementations
      • Reference Implementations
    • Upgrade
      • Adopting LTS 1.2.0
        • Upgrade Runbook
          • Deployment Architecture Upgrade
          • Platform Upgrade
          • Additional Information
            • Handling Duplicate Entries
            • Adapting Changes in Administration Roles
            • Identifying Applicant Type
            • Changes in Camel Route
            • Changes in Role Management based on Client IDs
            • Handling Case Insensitive Duplicated User Details
            • Managing Unequal Certificates
            • Update Identity Mapping file in Configuration
            • New Datashare Properties
            • Handling Non-Recoverable Packets
            • Partners' Certificate Expired
            • Handling Partner Organization Name Mismatch Issue
            • Pre-Registration UI Upgrade
            • Registration Client Upgrade
            • Guide to Reprocess Packets Manually
        • Documentation for 1.1.5
      • Java 21 Migration Guide
  • Interoperability
    • Integrations
      • MOSIP - CRVS
        • Scope
        • Approach
          • Technical Details
        • Existing Integrations
          • OpenCRVS
      • MOSIP e-Manas
      • Digital Signature
      • MOSIP Token Seeder
        • MTS Versions
          • Version 1.0.0
          • Version 1.0.1
          • Version 1.1.0 (WIP)
        • MTS Developer Guides
          • Developer Guide 1.0
          • Developer Guide 1.1
        • MTS Connector
        • OpenG2P-registry MTS Connector
      • MOSIP eSignet
        • ID Authentication
        • Partner Management
        • Configuring eSignet
      • Print Service Integration
        • Verified Credentials
  • Community
    • Contributions
    • Code Contributions
      • Code of Conduct
      • MOSIP Release Process
        • Go/No Go Release Checklist
      • MOSIP Branching Strategy
    • Community Calendars
    • Documentation Credits
  • Roadmap and Releases
    • Roadmap
      • Roadmap 2025
      • Roadmap 2024
      • Roadmap 2023
    • Releases
      • PMS Revamp Release 1.2.2.1 (Patch)
      • v1.2.1.0 - Registration Processor
        • Test Report
      • Android Registration Client v0.11.0
        • Test Report
      • API Test Commons Releases
        • v1.3.2
        • v1.3.1
        • v1.3.0
      • 1.2.1.0-beta.1 (Part 3)
        • Test Report
      • Partner Management System 1.2.2.0
        • Test Report
      • Resident Services v0.9.1
        • Test Report
      • 1.2.0.2 - Reg Processor & ID Repo
        • Test Report
      • 1.2.1.0-beta.1 (Part 2)
        • Enhancements and Bug Fixes
        • Test Report
      • 1.2.1.0-beta.1(Part 1)
      • Android Registration Client 0.11.0-beta.1
        • Test Report
      • Partner Management System 1.3.0-dp.1
        • Test Report
      • 1.2.2.0 (Mosip - Config)
      • Api Test Commons Releases
      • Android Registration Client v0.10.0
        • Test Report
      • Resident Services 0.9.0
        • Test Report
      • 1.2.1.0 (ID Authentication)
        • Functional Test Report
      • 1.2.0.2
        • Test Report
      • 1.2.0.1
        • Enhancements and Bug Fixes
        • Test Report
      • Android Registration Client 0.9.0
        • Test Report
      • 1.2.0.1-B4 (Beta)
        • Test Report
      • Android Registration Client DP1
      • Resident Services DP1
      • 1.2.0.1-B3 (Beta)
        • Test Report
      • 1.2.0.1-B2 (Beta)
      • 1.2.0.1-B1 (Beta)
        • Functional Test Report
        • Sonar Report
      • 1.2.0
        • Enhancements
        • Functional Test Report
        • Sonar Scan Report
        • Performance Test Report
        • Security Test Report
        • Feature Health Report
  • General
    • Glossary
    • Resources
    • MOSIP Support Policy
    • Collab Environment Guides
      • Use Cases
        • Loan Application
      • Generating Demo Credentials
    • MOSIP Documentation Style Guide
Powered by GitBook

Copyright © 2021 MOSIP. This work is licensed under a Creative Commons Attribution (CC-BY-4.0) International License unless otherwise noted.

On this page

Was this helpful?

Edit on GitHub
Export as PDF
  1. Interoperability
  2. Integrations
  3. MOSIP eSignet

ID Authentication

Last updated 1 year ago

Was this helpful?

eSignet is integrated with the MOSIP ID Authentication module as an authentication provider. The defined plugins interface has been implemented using the APIs available in the MOSIP ID Authentication module.

Here is a list of the APIs that have been integrated into the eSignet plugin interface implementation.

  • KYC Authentication API to perform authentication for an identity provider like eSignet

  • KYC Exchange API to share an encrypted KYC token to an identity provider

  • Key Binding API to authenticate a user to bind the ID and Wallet of an user

  • VC Exchange API to share the VC associate to a user who was authenticated earlier and has shared the associated KYC Token

Appendix - API Specifications

  • Appendix - API Specifications
  • POSTKYC Authentication
  • POSTkyc-exchange
  • POSTKey Binding
  • POSTvci-exchange

KYC Authentication

post

API to perform the ID Authentication based on allowed auth policy. Does validation of provided path parameters before doing the actual authentication. Returns a new KYC token and partner specific user token. This API should be called from IdP service only.

Path parameters
Auth-Partner-IDstringRequired

Relying Party (RP) Partner ID. This ID will be provided during partner self registration process

oidc-client-idstringRequired

OIDC client Id. Auto generated while creating OIDC client in PMS

IdP-LKstringRequired

IdP Service License Key. This LK is similar MISP-LK.

Header parameters
signaturestringOptional

Digital Signature of the Auth Request. IdP key will be used to generate the signature.

Body
idstringRequired

IDA standard request ID. Eg: mosip.identity.kycauth

versionstringRequired

Version of the API. Current supported version is '1.0'

individualIdstringRequired

UIN/VID of the individual.

individualIdTypestringOptional

Parameter to indicate individual type. Type can be UIN/VID

transactionIDstringRequired

any random alpha numberic string. Allowed max size is 10.

requestTimestringRequired

Request created time

specVersionstringRequired

IDA Specification version. Current Supported version is 1.0

thumbprintstringRequired

Thumbprint of the certificate used for encrypting the auth request.

domainUristringRequired

Domain uri of the server

envstringRequired

Name of the environment

consentObtainedbooleanRequired

User provided Consent either true or false

requestHMACstringRequired

HMAC value generated of the whole request.

requestSessionKeystringRequired

Session key used to encrypt the request.

allowedKycAttributesstring[]Optional

Allowed KYC Attributes List.

Responses
200
OK
post
POST /idauthentication/v1/key-auth/delegated/{IdP-LK}​/{Auth-Partner-ID}​/{oidc-client-id} HTTP/1.1
Host: api-internal.collab.mosip.net
Content-Type: application/json
Accept: */*
Content-Length: 1646

{
  "id": "text",
  "version": "text",
  "individualId": "text",
  "individualIdType": "text",
  "transactionID": "text",
  "requestTime": "text",
  "specVersion": "text",
  "thumbprint": "text",
  "domainUri": "text",
  "env": "text",
  "request": {
    "otp": "text",
    "staticPin": "text",
    "timestamp": "text",
    "demographics": {
      "age": "text",
      "dob": "text",
      "name": [
        {
          "language": "text",
          "value": "text"
        }
      ],
      "dobType": [
        {
          "language": "text",
          "value": "text"
        }
      ],
      "gender": [
        {
          "language": "text",
          "value": "text"
        }
      ],
      "phoneNumber": "text",
      "emailId": "text",
      "addressLine1": [
        {
          "language": "text",
          "value": "text"
        }
      ],
      "addressLine2": [
        {
          "language": "text",
          "value": "text"
        }
      ],
      "addressLine3": [
        {
          "language": "text",
          "value": "text"
        }
      ],
      "location1": [
        {
          "language": "text",
          "value": "text"
        }
      ],
      "location2": [
        {
          "language": "text",
          "value": "text"
        }
      ],
      "location3": [
        {
          "language": "text",
          "value": "text"
        }
      ],
      "postalCode": "text",
      "fullAddress": [
        {
          "language": "text",
          "value": "text"
        }
      ],
      "metadata": {
        "property1": {},
        "property2": {}
      }
    },
    "biometrics": [
      {
        "data": {
          "digitalId": {
            "serialNo": "text",
            "make": "text",
            "model": "text",
            "type": "text",
            "deviceSubType": "text",
            "deviceProvider": "text",
            "dp": "text",
            "dpId": "text",
            "deviceProviderId": "text",
            "dateTime": "text"
          },
          "bioType": "text",
          "bioSubType": "text",
          "bioValue": "text",
          "deviceCode": "text",
          "deviceServiceVersion": "text",
          "transactionId": "text",
          "timestamp": "text",
          "purpose": "text",
          "env": "text",
          "version": "text",
          "domainUri": "text",
          "requestedScore": 1,
          "qualityScore": 1
        },
        "hash": "text",
        "sessionKey": "text",
        "specVersion": "text",
        "thumbprint": "text"
      }
    ],
    "keyBindedTokens": {
      "type": "text",
      "token": "text",
      "format": "text"
    }
  },
  "consentObtained": true,
  "requestHMAC": "text",
  "requestSessionKey": "text",
  "metadata": {
    "property1": {},
    "property2": {}
  },
  "allowedKycAttributes": [
    "text"
  ]
}
200

OK

{
  "id": "string",
  "version": "string",
  "responseTime": "string",
  "response": {
    "kycToken": "string",
    "authToken": "string",
    "kycStatus": false
  },
  "errors": [
    {
      "errorCode": "string",
      "errorMessage": "string"
    }
  ]
}

kyc-exchange

post

API to validate kycToken returned in kyc-auth call that the kycToken belongs to the provided oidc-client-id and returns encrypted kyc to the caller. This API should be called from IdP service only.

Path parameters
IdP-LKstringRequired

IdP Service License Key. This LK is similar MISP-LK.

Auth-Partner-IDstringRequired

Relying Party (RP) Partner ID. This ID will be provided during partner self registration process

oidc-client-idstringRequired

OIDC client Id. Auto generated while creating OIDC client in PMS

Header parameters
signaturestringOptional

Digital Signature of the Auth Request. IdP key will be used to generate the signature.

Body
idstringRequired

IDA standard request ID. Eg: mosip.identity.kycexchange

versionstringRequired

Version of the API. Current supported version is '1.0'

requesttimestringRequired

Request created time.

transactionIDstringRequired

Same transaction ID used in kyc-auth request.

individualIdstringRequired

UIN/VID of the individual.

kycTokenstringRequired

kyc token received in kycAuth API response.

consentObtainedstring[]Required

List of consents obtained from user.

localesstring[]Optional

user selected list of languages.

resTypestringOptional

Response Type for the user claims. Currently defaulted to signed JWT.

Responses
200
OK
application/json
post
POST /idauthentication/v1/kyc-exchange/delegated/{IdP-LK}​/{Auth-Partner-ID}​/{oidc-client-id} HTTP/1.1
Host: api-internal.collab.mosip.net
Content-Type: application/json
Accept: */*
Content-Length: 177

{
  "id": "text",
  "version": "text",
  "requesttime": "text",
  "transactionID": "text",
  "individualId": "text",
  "kycToken": "text",
  "consentObtained": [
    "text"
  ],
  "locales": [
    "text"
  ],
  "resType": "text"
}
200

OK

{
  "id": "text",
  "version": "text",
  "responseTime": "text",
  "response": {
    "encryptedKyc": "text"
  },
  "errors": [
    {
      "errorCode": "text",
      "errorMessage": "text"
    }
  ]
}

Key Binding

post

API to perform the ID Authentication based for the provided identity data and based on allowed auth policy. To identity the auth partner API will perform validation of provided path parameters before performing the actual authentication. Wallet will include a public key in the request to be binded for the input VID/UIN Returns a status of key binding, partner specific user token, certificate generated for the input public key (this certificate will be binded to the input VID/UIN). Certificate will be returned only when the authenticate is passed. This API should be called from eSignet service and from Inji Wallet.

Path parameters
Auth-Partner-IDstringRequired

Relying Party (RP) Partner ID. This ID will be provided during partner self registration process

IdP-LKstringRequired

IdP Service License Key. This LK is similar MISP-LK.

OIDC-Client-IdstringRequired
Header parameters
signaturestringOptional

Digital Signature of the Auth Request. IdP key will be used to generate the signature.

Body
idstringRequired

IDA standard request ID. Eg: mosip.identity.keybinding

versionstringRequired

Version of the API. Current supported version is '1.0'

individualIdstringRequired

UIN/VID of the individual.

individualIdTypestringOptional

Parameter to indicate individual type. Type can be UIN/VID

transactionIDstringRequired

any random alpha numberic string. Allowed max size is 10.

requestTimestringRequired

Request created time

specVersionstringRequired

IDA Specification version. Current Supported version is 1.0

thumbprintstringRequired

Thumbprint of the certificate used for encrypting the auth request.

domainUristringRequired

Domain uri of the server

envstringRequired

Name of the environment

consentObtainedbooleanRequired

User provided Consent either true or false

requestHMACstringRequired

HMAC value generated of the whole request.

requestSessionKeystringRequired

Session key used to encrypt the request.

Responses
200
OK
post
POST /idauthentication/v1/identity-key-binding/delegated/{IdP-LK}/{Auth-Partner-ID}/{OIDC-Client-Id} HTTP/1.1
Host: api-internal.collab.mosip.net
Content-Type: application/json
Accept: */*
Content-Length: 1676

{
  "id": "text",
  "version": "text",
  "individualId": "text",
  "individualIdType": "text",
  "transactionID": "text",
  "requestTime": "text",
  "specVersion": "text",
  "thumbprint": "text",
  "domainUri": "text",
  "env": "text",
  "request": {
    "otp": "text",
    "staticPin": "text",
    "timestamp": "text",
    "demographics": {
      "age": "text",
      "dob": "text",
      "name": [
        {
          "language": "text",
          "value": "text"
        }
      ],
      "dobType": [
        {
          "language": "text",
          "value": "text"
        }
      ],
      "gender": [
        {
          "language": "text",
          "value": "text"
        }
      ],
      "phoneNumber": "text",
      "emailId": "text",
      "addressLine1": [
        {
          "language": "text",
          "value": "text"
        }
      ],
      "addressLine2": [
        {
          "language": "text",
          "value": "text"
        }
      ],
      "addressLine3": [
        {
          "language": "text",
          "value": "text"
        }
      ],
      "location1": [
        {
          "language": "text",
          "value": "text"
        }
      ],
      "location2": [
        {
          "language": "text",
          "value": "text"
        }
      ],
      "location3": [
        {
          "language": "text",
          "value": "text"
        }
      ],
      "postalCode": "text",
      "fullAddress": [
        {
          "language": "text",
          "value": "text"
        }
      ],
      "metadata": {
        "property1": {},
        "property2": {}
      }
    },
    "biometrics": [
      {
        "data": {
          "digitalId": {
            "serialNo": "text",
            "make": "text",
            "model": "text",
            "type": "text",
            "deviceSubType": "text",
            "deviceProvider": "text",
            "dp": "text",
            "dpId": "text",
            "deviceProviderId": "text",
            "dateTime": "text"
          },
          "bioType": "text",
          "bioSubType": "text",
          "bioValue": "text",
          "deviceCode": "text",
          "deviceServiceVersion": "text",
          "transactionId": "text",
          "timestamp": "text",
          "purpose": "text",
          "env": "text",
          "version": "text",
          "domainUri": "text",
          "requestedScore": 1,
          "qualityScore": 1
        },
        "hash": "text",
        "sessionKey": "text",
        "specVersion": "text",
        "thumbprint": "text"
      }
    ]
  },
  "consentObtained": true,
  "requestHMAC": "text",
  "requestSessionKey": "text",
  "metadata": {
    "property1": {},
    "property2": {}
  },
  "identityKeyBinding": {
    "publicKeyJWK": {
      "additionalProp1": {},
      "additionalProp2": {},
      "additionalProp3": {}
    },
    "authFactorType": "text"
  }
}
200

OK

{
  "id": "string",
  "version": "string",
  "responseTime": "string",
  "response": {
    "identityCertificate": "string",
    "authToken": "string",
    "bindingAuthStatus": false
  },
  "errors": [
    {
      "errorCode": "string",
      "errorMessage": "string"
    }
  ]
}

vci-exchange

post

API to validate kycToken returned in kyc-auth call that the kycToken belongs to the provided oidc-client-id & issued to the same identity used in kyc-auth and returns verifiable credentials to the caller. This API should be called from eSignet service.

Path parameters
IdP-LKstringRequired

IdP Service License Key. This LK is similar MISP-LK.

Auth-Partner-IDstringRequired

Relying Party (RP) Partner ID. This ID will be provided during partner self registration process

OIDC-Client-IdstringRequired

OIDC client Id. Auto generated while creating OIDC client in PMS

Header parameters
signaturestringOptional

Digital Signature of the Auth Request. IdP key will be used to generate the signature.

Body
idstringRequired

IDA standard request ID. Eg: mosip.identity.vciexchange

versionstringRequired

Version of the API. Current supported version is '1.0'

requesttimestringRequired

Request created time.

transactionIDstringRequired

Tansaction ID used in kyc-auth request.

individualIdstringRequired

UIN/VID of the individual.

vcAuthTokenstringRequired

kyc token received in kycAuth API response.

credSubjectIdstringRequired

JWK DID of the Identity. Eg: did:jwk:ewogICAgImt0eSI6ICJSU0EiLAogICAgImUiOiAiQVFBQiIsCiAgICAibiI6ICJtaFZOaERpaW1WdTQxV0xCRWJzYVpLWUZRTTJrZXBHREQwWDRZNHp2VW8zZEVET3lTbDd0bXhha3RfVnlodXRJdWp3ZlJQMmxTTTRIQ2lZS3BYSXdBNmljVHIyWThDSnc2VDU1bWVRWWJmRHZxLV9QRXNWMDRobEYzUS10cnU2ajhPbUpRdWwzTGtSR05mN3Z6VFNSRmstUU9rcmNuVDRPaC1YbGhCRjhFNFFHNFdTVFF2Qk1xOVdTQ05lZjZkVWFOQ3JXY0lDQ1Q2bi1peHFKLTJBREEzYk5TcWpqS0REQktTM1VPRy1jbUlfTTdKY19BYWJod1JLLTM2blphWGJWLUdQYjR5UjdTNVY5MUhtdTZhS3JJdVdRM1ByY0FlWkZvZ1VuYjlLMUpHS0dhOWJ2S3F0TWd5TjNLdS1aMFdDT3Z1dUtMNndNNzduSDJWdGtJRDZNNVEiCn0

vcFormatstringRequired

Verifiable credential format needed in response object. Supported Format : ldp_vc

localesstring[]Optional

list of locales to be included in the issued VC.

Responses
200
OK
application/json
post
POST /idauthentication/v1/vci-exchange/delegated/{IdP-LK}/{Auth-Partner-ID}/{OIDC-Client-Id} HTTP/1.1
Host: api-internal.collab.mosip.net
Content-Type: application/json
Accept: */*
Content-Length: 333

{
  "id": "text",
  "version": "text",
  "requesttime": "text",
  "transactionID": "text",
  "individualId": "text",
  "vcAuthToken": "text",
  "credSubjectId": "text",
  "vcFormat": "text",
  "credentialsDefinition": {
    "credentialSubject": {
      "property1": {},
      "property2": {}
    },
    "type": [
      "text"
    ],
    "context": [
      "text"
    ]
  },
  "locales": [
    "text"
  ],
  "metadata": {
    "property1": {},
    "property2": {}
  }
}
200

OK

{
  "id": "text",
  "version": "text",
  "responseTime": "text",
  "response": {},
  "errors": [
    {
      "errorCode": "text",
      "errorMessage": "text"
    }
  ]
}