GitHubCommunityTech BlogsWhat's New

Partner Management

MOSIP's partner management is used to create and manage OIDC clients. Hence, three new APIs have been introduced in partner management,

  • API to create an OIDC client

  • API to update an OIDC client

  • API to retrieve and OIDC client

How can we create a OIDC client using partner management?

In order to create a OIDC client,

  • The relying party, needs to get onboarded into MOSIP using the partner management portal as a authentication partner

  • The relying party needs to be mapped to a policy in MOSIP

  • When the relying party is mapped to the policy, using the new OIDC client create API, a client can be created for the relying party.

Notes:

  • A relying party can have multiple clients created against a approved mapped policy.

  • When a eSignet client is created using partner management APIs, then the client ID is set as the SHA256 hash of the public key provided in the request.

There are also a few modifications in the policies in partner management for a partner opting for OIDC based authentication using eSignet.

Additional Authentication Types have been added for KYC authentication (kycauth), KYC Exchange (kycexchange) and Wallet Local Authentication (wla).

Below is a sample policy for a relying party who is interested in authentication using eSignet.

{
  "authTokenType":"policy",
  "allowedKycAttributes":[
    {
      "attributeName":"fullName"
    },
    {
      "attributeName":"gender"
    },
    {
      "attributeName":"phone"
    },
    {
      "attributeName":"email"
    },
    {
      "attributeName":"dateOfBirth"
    },
    {
      "attributeName":"city"
    },
    {
      "attributeName":"face"
    },
    {
      "attributeName":"addressLine1"
    }
  ],
  "allowedAuthTypes":[
    {
      "authSubType":"IRIS",
      "authType":"bio",
      "mandatory":false
    },
    {
      "authSubType":"FINGER",
      "authType":"bio",
      "mandatory":false
    },
    {
      "authSubType":"",
      "authType":"otp",
      "mandatory":false
    },
    {
      "authSubType":"FACE",
      "authType":"bio",
      "mandatory":false
    },
    {
      "authSubType":"",
      "authType":"otp-request",
      "mandatory":false
    },
    {
      "authSubType":"",
      "authType":"kycauth",
      "mandatory":false
    },
    {
      "authSubType":"",
      "authType":"kycexchange",
      "mandatory":false
    },
    {
      "authSubType":"",
      "authType":"wla",
      "mandatory":false
    }
  ]
}

Appendix - Create, Retrieve and Update OIDC Client APIs

Service to create OIDCClient

post

Creates OIDCClient and return Client id

Body
idstringOptional
versionstringOptional
requesttimestring ยท date-timeOptional
metadataobjectOptional
Responses
200
OK
*/*
post
POST /v1/partnermanager/oidc/client HTTP/1.1
Host: localhost
Content-Type: application/json
Accept: */*
Content-Length: 287

{
  "id": "text",
  "version": "text",
  "requesttime": "2025-07-04T07:39:20.600Z",
  "metadata": {},
  "request": {
    "name": "text",
    "policyId": "text",
    "publicKey": {
      "ANY_ADDITIONAL_PROPERTY": {}
    },
    "authPartnerId": "text",
    "logoUri": "text",
    "redirectUris": [
      "text"
    ],
    "grantTypes": [
      "text"
    ],
    "clientAuthMethods": [
      "text"
    ]
  }
}
200

OK

{
  "id": "text",
  "version": "text",
  "responsetime": "2025-07-04T07:39:20.600Z",
  "metadata": {},
  "response": {
    "clientId": "text",
    "status": "text"
  },
  "errors": [
    {
      "errorCode": "text",
      "message": "text"
    }
  ]
}

Service to update details of OIDCClient

put

Service to update details of OIDCClient

Path parameters
client_idstringRequired
Body
idstringOptional
versionstringOptional
requesttimestring ยท date-timeOptional
metadataobjectOptional
Responses
200
OK
*/*
put
PUT /v1/partnermanager/oidc/client/{client_id} HTTP/1.1
Host: localhost
Content-Type: application/json
Accept: */*
Content-Length: 225

{
  "id": "text",
  "version": "text",
  "requesttime": "2025-07-04T07:39:20.600Z",
  "metadata": {},
  "request": {
    "logoUri": "text",
    "redirectUris": [
      "text"
    ],
    "status": "text",
    "grantTypes": [
      "text"
    ],
    "clientName": "text",
    "clientAuthMethods": [
      "text"
    ]
  }
}
200

OK

{
  "id": "text",
  "version": "text",
  "responsetime": "2025-07-04T07:39:20.600Z",
  "metadata": {},
  "response": {
    "clientId": "text",
    "status": "text"
  },
  "errors": [
    {
      "errorCode": "text",
      "message": "text"
    }
  ]
}

Service to get OIDCClient details

get

Service to get OIDCClient details

Query parameters
client_idstringRequired
Responses
200
OK
*/*
get
GET /v1/partnermanager/oidc/client/{client_id} HTTP/1.1
Host: localhost
Accept: */*
200

OK

{
  "id": "text",
  "version": "text",
  "responsetime": "2025-07-04T07:39:20.600Z",
  "metadata": {},
  "response": {
    "id": "text",
    "name": "text",
    "policyId": "text",
    "policyName": "text",
    "relyingPartyId": "text",
    "logoUri": "text",
    "redirectUris": [
      "text"
    ],
    "publicKey": "text",
    "claims": [
      "text"
    ],
    "acrValues": [
      "text"
    ],
    "status": "text",
    "grantTypes": [
      "text"
    ],
    "clientAuthMethods": [
      "text"
    ]
  },
  "errors": [
    {
      "errorCode": "text",
      "message": "text"
    }
  ]
}
PreviousID AuthenticationNextConfiguring eSignet

Last updated

Was this helpful?

#300: Mock Services -1st draft

Change request updated