search
GitHubCommunityInitiativesWhat's NewContact Us
githubEdit

Partner Management

MOSIP's partner management is used to create and manage OIDC clients. Hence, three new APIs have been introduced in partner management,

  • API to create an OIDC client

  • API to update an OIDC client

  • API to retrieve and OIDC client

chevron-rightHow can we create a OIDC client using partner management?hashtag

In order to create a OIDC client,

  • The relying party, needs to get onboarded into MOSIP using the partner management portal as a authentication partner

  • The relying party needs to be mapped to a policy in MOSIP

  • When the relying party is mapped to the policy, using the new OIDC client create API, a client can be created for the relying party.

Notes:

  • A relying party can have multiple clients created against a approved mapped policy.

  • When a eSignet client is created using partner management APIs, then the client ID is set as the SHA256 hash of the public key provided in the request.

There are also a few modifications in the policies in partner management for a partner opting for OIDC based authentication using eSignet.

Additional Authentication Types have been added for KYC authentication (kycauth), KYC Exchange (kycexchange) and Wallet Local Authentication (wla).

Below is a sample policy for a relying party who is interested in authentication using eSignet.

{
  "authTokenType":"policy",
  "allowedKycAttributes":[
    {
      "attributeName":"fullName"
    },
    {
      "attributeName":"gender"
    },
    {
      "attributeName":"phone"
    },
    {
      "attributeName":"email"
    },
    {
      "attributeName":"dateOfBirth"
    },
    {
      "attributeName":"city"
    },
    {
      "attributeName":"face"
    },
    {
      "attributeName":"addressLine1"
    }
  ],
  "allowedAuthTypes":[
    {
      "authSubType":"IRIS",
      "authType":"bio",
      "mandatory":false
    },
    {
      "authSubType":"FINGER",
      "authType":"bio",
      "mandatory":false
    },
    {
      "authSubType":"",
      "authType":"otp",
      "mandatory":false
    },
    {
      "authSubType":"FACE",
      "authType":"bio",
      "mandatory":false
    },
    {
      "authSubType":"",
      "authType":"otp-request",
      "mandatory":false
    },
    {
      "authSubType":"",
      "authType":"kycauth",
      "mandatory":false
    },
    {
      "authSubType":"",
      "authType":"kycexchange",
      "mandatory":false
    },
    {
      "authSubType":"",
      "authType":"wla",
      "mandatory":false
    }
  ]
}

hashtag
Appendix - Create, Retrieve and Update OIDC Client APIs

hashtag
Service to create OIDCClient

post

Creates OIDCClient and return Client id

Body
idstringOptional
versionstringOptional
requesttimestring · date-timeOptional
metadataobjectOptional
Responses
chevron-right
200

OK

*/*
post
/oidc/client
200

OK

hashtag
Service to update details of OIDCClient

put

Service to update details of OIDCClient

Path parameters
client_idstringRequired
Body
idstringOptional
versionstringOptional
requesttimestring · date-timeOptional
metadataobjectOptional
Responses
chevron-right
200

OK

*/*
put
/oidc/client/{client_id}
200

OK

hashtag
Service to get OIDCClient details

get

Service to get OIDCClient details

Query parameters
client_idstringRequired
Responses
chevron-right
200

OK

*/*
get
/oidc/client/{client_id}
200

OK

PreviousID AuthenticationNextConfiguring eSignet

Last updated

Was this helpful?