GitHub Community Tech Blogs What's New ChatBot

Partner Management

Last updated 1 year ago

Was this helpful?

Partner Management

MOSIP's partner management is used to create and manage OIDC clients. Hence, three new APIs have been introduced in partner management,

API to create an OIDC client
API to update an OIDC client
API to retrieve and OIDC client

How can we create a OIDC client using partner management?

In order to create a OIDC client,

The relying party, needs to get onboarded into MOSIP using the partner management portal as a authentication partner
The relying party needs to be mapped to a policy in MOSIP
When the relying party is mapped to the policy, using the new , a client can be created for the relying party.

Notes:

A relying party can have multiple clients created against a approved mapped policy.
When a eSignet client is created using partner management APIs, then the client ID is set as the SHA256 hash of the public key provided in the request.

There are also a few modifications in the policies in partner management for a partner opting for OIDC based authentication using eSignet.

Additional Authentication Types have been added for KYC authentication (kycauth), KYC Exchange (kycexchange) and Wallet Local Authentication (wla).

Below is a sample policy for a relying party who is interested in authentication using eSignet.

{
  "authTokenType":"policy",
  "allowedKycAttributes":[
    {
      "attributeName":"fullName"
    },
    {
      "attributeName":"gender"
    },
    {
      "attributeName":"phone"
    },
    {
      "attributeName":"email"
    },
    {
      "attributeName":"dateOfBirth"
    },
    {
      "attributeName":"city"
    },
    {
      "attributeName":"face"
    },
    {
      "attributeName":"addressLine1"
    }
  ],
  "allowedAuthTypes":[
    {
      "authSubType":"IRIS",
      "authType":"bio",
      "mandatory":false
    },
    {
      "authSubType":"FINGER",
      "authType":"bio",
      "mandatory":false
    },
    {
      "authSubType":"",
      "authType":"otp",
      "mandatory":false
    },
    {
      "authSubType":"FACE",
      "authType":"bio",
      "mandatory":false
    },
    {
      "authSubType":"",
      "authType":"otp-request",
      "mandatory":false
    },
    {
      "authSubType":"",
      "authType":"kycauth",
      "mandatory":false
    },
    {
      "authSubType":"",
      "authType":"kycexchange",
      "mandatory":false
    },
    {
      "authSubType":"",
      "authType":"wla",
      "mandatory":false
    }
  ]
}

Appendix - Create, Retrieve and Update OIDC Client APIs

Last updated 1 year ago

Was this helpful?

MOSIP's partner management is used to create and manage OIDC clients. Hence, three new APIs have been introduced in partner management,

API to create an OIDC client
API to update an OIDC client
API to retrieve and OIDC client

How can we create a OIDC client using partner management?

In order to create a OIDC client,

The relying party, needs to get onboarded into MOSIP using the partner management portal as a authentication partner
The relying party needs to be mapped to a policy in MOSIP
When the relying party is mapped to the policy, using the new , a client can be created for the relying party.

Notes:

A relying party can have multiple clients created against a approved mapped policy.
When a eSignet client is created using partner management APIs, then the client ID is set as the SHA256 hash of the public key provided in the request.

There are also a few modifications in the policies in partner management for a partner opting for OIDC based authentication using eSignet.

Additional Authentication Types have been added for KYC authentication (kycauth), KYC Exchange (kycexchange) and Wallet Local Authentication (wla).

Below is a sample policy for a relying party who is interested in authentication using eSignet.

{
  "authTokenType":"policy",
  "allowedKycAttributes":[
    {
      "attributeName":"fullName"
    },
    {
      "attributeName":"gender"
    },
    {
      "attributeName":"phone"
    },
    {
      "attributeName":"email"
    },
    {
      "attributeName":"dateOfBirth"
    },
    {
      "attributeName":"city"
    },
    {
      "attributeName":"face"
    },
    {
      "attributeName":"addressLine1"
    }
  ],
  "allowedAuthTypes":[
    {
      "authSubType":"IRIS",
      "authType":"bio",
      "mandatory":false
    },
    {
      "authSubType":"FINGER",
      "authType":"bio",
      "mandatory":false
    },
    {
      "authSubType":"",
      "authType":"otp",
      "mandatory":false
    },
    {
      "authSubType":"FACE",
      "authType":"bio",
      "mandatory":false
    },
    {
      "authSubType":"",
      "authType":"otp-request",
      "mandatory":false
    },
    {
      "authSubType":"",
      "authType":"kycauth",
      "mandatory":false
    },
    {
      "authSubType":"",
      "authType":"kycexchange",
      "mandatory":false
    },
    {
      "authSubType":"",
      "authType":"wla",
      "mandatory":false
    }
  ]
}

Appendix - Create, Retrieve and Update OIDC Client APIs

Service to get OIDCClient details

get

Service to get OIDCClient details

Query parameters

client_idstringRequired

Responses

200

*/*

get

GET /v1/partnermanager/oidc/client/{client_id} HTTP/1.1
Host: localhost
Accept: */*

200

{
  "id": "text",
  "version": "text",
  "responsetime": "2025-05-22T16:44:59.080Z",
  "metadata": {},
  "response": {
    "id": "text",
    "name": "text",
    "policyId": "text",
    "policyName": "text",
    "relyingPartyId": "text",
    "logoUri": "text",
    "redirectUris": [
      "text"
    ],
    "publicKey": "text",
    "claims": [
      "text"
    ],
    "acrValues": [
      "text"
    ],
    "status": "text",
    "grantTypes": [
      "text"
    ],
    "clientAuthMethods": [
      "text"
    ]
  },
  "errors": [
    {
      "errorCode": "text",
      "message": "text"
    }
  ]
}

Service to create OIDCClient

post

Creates OIDCClient and return Client id

Body

idstringOptional

versionstringOptional

requesttimestring · date-timeOptional

metadataobjectOptional

Responses

200

*/*

post

POST /v1/partnermanager/oidc/client HTTP/1.1
Host: localhost
Content-Type: application/json
Accept: */*
Content-Length: 287

{
  "id": "text",
  "version": "text",
  "requesttime": "2025-05-22T16:44:59.080Z",
  "metadata": {},
  "request": {
    "name": "text",
    "policyId": "text",
    "publicKey": {
      "ANY_ADDITIONAL_PROPERTY": {}
    },
    "authPartnerId": "text",
    "logoUri": "text",
    "redirectUris": [
      "text"
    ],
    "grantTypes": [
      "text"
    ],
    "clientAuthMethods": [
      "text"
    ]
  }
}

200

{
  "id": "text",
  "version": "text",
  "responsetime": "2025-05-22T16:44:59.080Z",
  "metadata": {},
  "response": {
    "clientId": "text",
    "status": "text"
  },
  "errors": [
    {
      "errorCode": "text",
      "message": "text"
    }
  ]
}

Service to update details of OIDCClient

put

Service to update details of OIDCClient

Path parameters

client_idstringRequired

Body

idstringOptional

versionstringOptional

requesttimestring · date-timeOptional

metadataobjectOptional

Responses

200

*/*

put

PUT /v1/partnermanager/oidc/client/{client_id} HTTP/1.1
Host: localhost
Content-Type: application/json
Accept: */*
Content-Length: 225

{
  "id": "text",
  "version": "text",
  "requesttime": "2025-05-22T16:44:59.080Z",
  "metadata": {},
  "request": {
    "logoUri": "text",
    "redirectUris": [
      "text"
    ],
    "status": "text",
    "grantTypes": [
      "text"
    ],
    "clientName": "text",
    "clientAuthMethods": [
      "text"
    ]
  }
}

200

{
  "id": "text",
  "version": "text",
  "responsetime": "2025-05-22T16:44:59.080Z",
  "metadata": {},
  "response": {
    "clientId": "text",
    "status": "text"
  },
  "errors": [
    {
      "errorCode": "text",
      "message": "text"
    }
  ]
}