GitHub Community What's New ChatBot

Feature Workflows

This document delineates the workflow for essential functionalities of Inji.

1. First App Launch

After installing the application for the first time, the user will be asked to set up unlock method for it. The app supports biometric or PIN-based locks. For more details, refer to the End User Guide.

Launch with passcode unlock method

Launch with biometric unlock method

2. Downloading and storing credentials

Residents have the ability to download a Verifiable Credential (VC) for themselves, their family members, or friends using a single mobile device. This can be done through two methods:

  • Download via UIN/VID

  • Download via eSignet

Download via UIN /VID

To download MOSIP issued VC, using OTP method, user can directly provide UIN / VID and connect to the IDA.

Download via eSignet

Below sections are going to detail as how Inji mobile wallet as an OIDC client to OpenID4VCI method of downloading a VC and illustrated implementations.

Download credentials using UIN / VID:

This method of VC download illustrates the OpenID4VCI method of download using UIN / VID issued to the resident. In this, eSignet plays the authentication and authorisation end point to connect to the credential provider (Reference Implementation: MOSIP). To understand more about Onboarding Mimoto (Inji BFF) as an OIDC client to support credential issuance from any issuer who support OpenID4VCI protocol refer here.

Download credentials using Knowledge Based Authentication (KBA)

This method of VC download illustrates the OpenID4VCI method of download using KBA (Knowledge Based Authentication). In this, eSignet plays the authentication, authorisation and credential issuance end point to connect to the credential provider. To understand more about Onboarding Mimoto (Inji BFF) as an OIDC client to support credential issuance from any issuer who support OpenID4VCI protocol refer here.

Appendix:

  • The term “identifier” in the architecture diagram refers to the unique identifier which can be used to download the credential on the esignet login Page

  • eSignet supports Various types of authorizations, ACR value is configured based on the Issuers' need to include the authorization mode in the authorization page

  • Types of Authorization Supported for Credential Download by eSignet are:

    • Login With OTP: Credential download using OTP Based authentication to authorize the user

      Illustrated Implementation: National ID credentials download

    • Login With KBA: Credential download using KBA to authorize the user. The knowledge (as described by the credential issuer to authorize) is exposed to eSignet from Registry (Issuer) through eSignet Issuance Plugins

      Illustrated Implementation: Insurance ID credentials download

3. Sharing of credentials

The credentials are shared in a peer-to-peer model with the verifier application. The data exchange between devices is done using the BLE Protocol. For more information, refer to Tuvali documentation.

4. QR code login process

  • Residents can use Inji to log in to any service provider app (integrated with e-Signet) by just scanning a QR code from their portal.

  • The app performs offline face auth after scanning the QR code to verify the user's presence.

  • Once the presence is verified, the resident is given the option to choose the optional information to be shared with the service provider portal.

  • After consent is provided, the app sends a WLA (Wallet local auth) token which is a JWT token to the relying party.

  • The resident is then given the access to the portal after the token verification.

Step 1: VC activation process

Step 2: QR code login

5. Data backup and restore

From Settings screen, users can access Backup settings screen. In Backup settings screen, users can configure their preferences for data backup. The setting, configured once during the application's lifecycle, determines whether Google Drive or iCloud will be utilized based on the device platform. To restore backup data to the mobile wallet, users must log in to the same account and configure settings within the app accordingly. Additionally, restored Verifiable Credentials (VCs) should be re-activated to enable QR Code login functionality.

Last updated

Copyright © 2021 MOSIP. This work is licensed under a Creative Commons Attribution (CC-BY-4.0) International License unless otherwise noted.