# Connect (eID Hub)
# Features
Assure API allows to obtain identity information from Signicat's eID Hub and to match and corroborate the obtained data from these sources. Most of the eIDs are available through Assure API.
# Access eID services
Internally to the Assure API, you must add the Connect provider (e.g. connect:idin) in the Create process (opens new window) endpoint to access those eID services.
# Service details for Connect
This section goes more into detail about some useful endpoints when integrating with Connect:
# Get process
This section describes the final result statuses for Connect. For a more general description of how the "Get process" endpoint works, see Service details > Get process and the API reference (opens new window).
# Notes about the final result in Connect processes
- The Connect provider's
finalResultdoes not follow the same rules for normalisation as with the other providers. Since Connect allows using any eID method, this means that the Assure API never knows which ID method is used in each 'connect' process, thus it will not be able to normalise the values obtained. - If
userInfocomes encrypted, there will be nofinalResultin the Get Process response, even if the authentication was successful:
| userInfo format | finalResult |
|---|---|
| JSON | Yes |
| JWT not encrypted | Yes |
| JWT encrypted | No |
The userInfo format is contractually agreed.
JWT format example of userInfo:
"userInfo":"eyJraWQiOiJhbnkub2lkYy50ZXN0Lmp3ay52LjEiLCJhbGciOiJSUzI1NiJ9.eyJjb25zdW1lci5iaW4iOiJGQU5UQVNZQkFOSzEyMzQ1Njc4OTAiLCJzdWIiOiJGS2lqRnNFS1h6NTliWHVyd2FmdXl3UEVjbmF4YzZSMCIsImFkZHJlc3MiOnsiY291bnRyeSI6IkRFIiwicG9zdGFsX2NvZGUiOiIwMDAwQUEifSwiY29uc3VtZXIuaW5pdGlhbHMiOiJWSiIsImdlbmRlciI6IjEiLCJpZGluLnJhYm8uY29uc3VtZXIuYmluIjoiRkFOVEFTWUJBTksxMjM0NTY3ODkwIiwic2lnbmljYXQubmF0aW9uYWxfaWQiOiJGQU5UQVNZQkFOSzEyMzQ1Njc4OTAiLCJjb25zdW1lci5wcmVmZXJyZWRsYXN0bmFtZXByZWZpeCI6ImRlIiwiY29uc3VtZXIucGFydG5lcmxhc3RuYW1lIjoiSmFuc2VuIiwiZ2l2ZW5fbmFtZSI6IlZKIiwiY29uc3VtZXIubGVnYWxsYXN0bmFtZXByZWZpeCI6ImRlIiwiY29uc3VtZXIucHJlZmVycmVkbGFzdG5hbWUiOiJWcmllcy1KYW5zZW4iLCJpZGluLmNvbnN1bWVyLmxlZ2FsbGFzdG5hbWVwcmVmaXgiOiJkZSIsImZhbWlseV9uYW1lIjoiVnJpZXMifQ.Xp6fPz2UprQE21Y1Mbms4LkmydDy4caQUitZsB-2aytBTBNVaLO78U7MqszLCUaIE4fL0MHNmd7-eigDc_TOWQBqAYz_SVhXKMDw9tj1GYdp52T2kqytW86c6YaeQ20rGKxIR4e9jOOJj0N4lEwTMc67FAO9Lhy8r5EfJDnPt0mBhPhbUvYxII42tm0M12-3qBIHkdAhuyv-wv0RH9AymgZfRNWNnfJSPcj_9a9YpE692SZCz8U24IIQy6tSWh40fN40yfy_2Sc6M4sWi2Cs-UAvk0wifW5bpAjOwnj0bkoeTvqiljxch0LQKLNWVKWoxhICeHzuKKlA_bZyoXMGjA"
JSON format example of userInfo:
{
"userInfo": {
"idp_id": "FANTASYBANK1234567890",
"name": "VJ de Vries",
"family_name": "de Vries",
"gender": "1",
"email": "info@equensworldline.nl",
"address": {
"Formatted": "Pascalstreet 19, 0000AA, Aachen, DE"
},
"phone_number": "+31203051900",
"eighteen_or_older": "true",
"idin_legal_last_name": "Vries",
"idin_legal_last_name_prefix": "de",
"idin_preferred_last_name": "Vries-Jansen",
"idin_partner_last_name": "Jansen",
"idin_preferred_last_name_prefix": "de",
"idin_partner_last_name_prefix": "de",
"initials": "VJ",
"consumer.initials": "VJ",
"sub": "mBlQ-9QE5p8sIWBH4clxJsE4gohtDiaBUja4msIXT7w=",
"sub_legacy": "dpqchzrSWF8PEiVjys5tfriL-0Erl03DGm4QQ2UsoRY=",
"idp_issuer": "idin"
}
}
# Final status of Connect processes
The status of the Connect processes is mapped directly from the result of the authentication:
| Process final status | Description |
|---|---|
| accepted | The end-user’s authentication was successful. |
| rejected | The end-user’s authentication did not succeed. |
| canceled | The authentication was canceled by the end-user. |
# accepted
This is a response example of a Connect process that was accepted. Here, the iDIN method is used as an example.
# JSON format
In this example, finalResult contains only a few fields. The used authentication method (in this case, iDIN), provides only the first name, last name, gender and personal number. Thus, that is the only information that the Assure API can add to finalResult. This is an example of an accepted Get process response for Connect:
{
"processId": "7b54b1c0-731c-4d31-9556-3b0ee77db87e",
"provider": "connect:idin",
"status": "accepted",
"finalResult": {
"firstName": "VJ",
"lastName": "de Vries",
"gender": "1"
},
"providerSpecific": {
"userInfo": {
"idp_id": "FANTASYBANK1234567890",
"name": "VJ de Vries",
"family_name": "de Vries",
"gender": "1",
"email": "info@equensworldline.nl",
"address": {
"Formatted": "Pascalstreet 19, 0000AA, Aachen, DE"
},
"phone_number": "+31203051900",
"eighteen_or_older": "true",
"idin_legal_last_name": "Vries",
"idin_legal_last_name_prefix": "de",
"idin_preferred_last_name": "Vries-Jansen",
"idin_partner_last_name": "Jansen",
"idin_preferred_last_name_prefix": "de",
"idin_partner_last_name_prefix": "de",
"initials": "VJ",
"sub": "mBlQ-9QE5p8sIWBH4clxJsE4gohtDiaBUja4msIXT7w=",
"sub_legacy": "dpqchzrSWF8PEiVjys5tfriL-0Erl03DGm4QQ2UsoRY=",
"idp_issuer": "idin"
},
"idToken": "eyJhbGciOiJSUzI1NiIsImtpZCI6InNpZ25pbmcta2V5LWZlNTI2OGE4OTUwMjQ3NDBhMWYyZjY3MzhlMmQzMGFkIiwidHlwIjoiSldUIn0.eyJpc3MiOiJodHRwczovL2FwaS5zaWduaWNhdC5jb20vYXV0aC9vcGVuIiwibmJmIjoxNjg1MDE3ODQwLCJpYXQiOjE2ODUwMTc4NDAsImV4cCI6MTY4NTAxODQ0MCwiYXVkIjoic2FuZGJveC1qb2xseS1tYXAtNDcxIiwiYW1yIjpbImV4dGVybmFsIl0sIm5vbmNlIjoiN2E2N2I1ZDctNDI0ZS00YWI1LTlmMzgtZWFjZmFkZTA1M2E1IiwiYXRfaGFzaCI6Im5oWllGSTI0UjFnWEphSENmN3pnVFEiLCJzaWQiOiIzREVERjEwQ0NCQzM0MzMxQUQ1RkRBNjJFNTIyNzlFRiIsInN1YiI6Im1CbFEtOVFFNXA4c0lXQkg0Y2x4SnNFNGdvaHREaWFCVWphNG1zSVhUN3c9IiwiYXV0aF90aW1lIjoxNjg1MDE3ODM5LCJpZHAiOiJpZGluIiwibmFtZSI6IlZKIGRlIFZyaWVzIiwiZmFtaWx5X25hbWUiOiJkZSBWcmllcyIsImdlbmRlciI6IjEiLCJlbWFpbCI6ImluZm9AZXF1ZW5zd29ybGRsaW5lLm5sIiwiYWRkcmVzcyI6IlBhc2NhbHN0cmVldCAxOSwgMDAwMEFBLCBBYWNoZW4sIERFIiwicGhvbmVfbnVtYmVyIjoiKzMxMjAzMDUxOTAwIiwic3ViX2xlZ2FjeSI6ImRwcWNoenJTV0Y4UEVpVmp5czV0ZnJpTC0wRXJsMDNER200UVEyVXNvUlk9IiwiaWRwX2lzc3VlciI6ImlkaW4iLCJ0cmFuc2FjdGlvbl9pZCI6ImVmNjI3ZTVmLTdmNTQtNDg0NS1hZjQyLTQwZDZhNDQyMDNlOSIsInNhbmRib3giOnRydWV9.L3FYpIaLt0Cet_URci4BBM_H1dlqoqtMtzQUndBsL1U7vGKdZGXnnC9I4tDv-UbC6cC5csDumBIWta1HJ7QJyyguBxGSI-GP1EG-fZ2z4uGkycEp7A7IEVXy8ZXR3KOyDR5JeWpQr5zwiTSCpb8BREv_XJhNFuxGHBHSkyWPvpXZb9SeawW8h93DROlJFbPOB-z29dAWgmz9LtzbPyTS8i_v887Ms7tZ3hA2qgKkA7d2ljbf-BGaR_MgqowvosK2DIji__xDV7JKId9hTCAUyLZnYXym_XuM_o6slj46VbiI4jadIZ4vYBnrMzDlYwfMNPquG8lqrPsfP0B3SBe3EQ"
},
"createdAt": "2023-05-25T12:30:23Z",
"updatedAt": "2023-05-25T12:30:40Z"
}
# JWT not encrypted format
In this example, the user information is in JWT format, but it is not encrypted. This allows the Assure API to get the information from there (by decoding the JWT) and fill the final result.
{
"processId": "b7634e9e-7416-4ea2-bd6d-40a42c954f0d",
"provider": "connect:idin",
"status": "accepted",
"providerSpecific": {
"idToken": "eyJraWQiOiJhbnkub2lkYy1lbmNyeXB0aW9uLnRlc3QuandrLnYuMyIsImN0eSI6IkpXVCIsImVuYyI6IkExMjhDQkMtSFMyNTYiLCJhbGciOiJSU0EtT0FFUCJ9.cl5eO0QH92ZjBWwgGOF_OTSNe4rC1vCD_-JfIUgBWNaIHljWm2IXBYw_BVVPDIwpDz6o9Z1iYfALB0Bahce1ffzcCFlaukT-7HM-F2h8iHktAnWeg2ynLH9PB5ACRZNDoM-9ADZ63_tIcgs2hiX_pQELbiDD-OJ63cKOuZbwQQmaZe9YeEH2aXvRR3ELC61g7QyYuico3HTfyCA1WxpmPNIceQWdm-KFMCiyJCPgoMxyW5nzN1VQrORPBKjnKfdqyoC8v9-8NcckUCURNbdul2s9dSyPmDM14Xc23LM6xSjqVh0bGvgOzrldGgq7EBNbxEP48g3BZviiBCs2cQU_vw.88iqzXAJiJH-8dpdw3QzZA.QoVKRhH1ocJCRDT-P3WS1ILrIp_lPzzba8xh41BxKev525DXrivhEhbppRUNU1YdW_1Xhk2eN41s_-5AE1p3oOKCmt5ckct5QyxqiuZaU056L7dWbv1aa3vPFiEnrTHt191FFwYLcKAz-o6S5xwJXYh8NucxXGd_MvyVKc9Oy9-Dm7ZXhlsBBGpseIQcYxMfaGxrtiCnOHrYj36WC6F25Ma0sr99tSej-83GIhSIk4jihjaTFxdlxdnpducV6hRxsZaXTwWGsmH74ryq2QjEqdGScZuu6qSkfoiABoUSVnPryE09P3SUIbHw8lJM304ZpJ5z2mHWRKbQvp2RGackfTMMmdNex64w-XqY0wVMj20A3FlnKxtuXHMm1KrtopTX3gMicRCX-VxU1hJZmzfriGMaXCWOonYevf1LYFlCgzUk2zQ5Cb2q9MY6Re11aWAu70DmO7TBXUKfR9Od6Yxx3JZH9Q32UzUbBe2J41YjbHxXSLsrihxNx71vVfkxfngf7NILrvafrOcC1bRpyv6LncKsr7qdzoQmz5bLtJF7tAb7zE4z5rndv0eOxE7UUTzbD6wBwQ_bBB-qmUciWQYujGgnqiB1k4lxsNSBUGFpq_YbQOftn-X-kxOC-UdlxaKNUu_GGriOLG-Q21aYLkigakh9gWa8pOKc2UVGQSGTDmONE_n-u-PCjSNE69U5_wnTA9MKka9taS5XANcwuQumLvT7BmJEEBjdyveFrn8HIz_0mn_B1fyzBa28m1MrFgU2WhtVN6ilsBVz9mhLQYqzKvO2V63bLFB7cHvdeFtbh9JBp2DdOpHXWbwXSFfoDKM877kZ_SKV71ZJP7-y2sGxgWZsg8CZUvHud-APhAqUjZJ4a9FAq80gIvH9APSMJE2SdvwzmOk5NaQUD5alqtnY49s-1nP8xKHspZ49irs1X9Avf52N3iNb2_GRLtGdWyuGoP640COcptup94oJ-0bJlcKj7C_kZzTswPSjpBS-5cyMFGqsgSEOn1KRZSCGUtCkYmG_KhSfcsbfHhs_WngP_j_7gnACKueTiQqD0XLBGKp7baj7DN2oNu-oEMfXBUDJGsXr1BGF3z2yCLUUPOgbV7PPnYOOQ12hi8KY3UJ6DbQ.TZZZyQIRNEDDpCu6kb_1FA",
"userInfo": "eyJraWQiOiJhbnkub2lkYy50ZXN0Lmp3ay52LjEiLCJhbGciOiJSUzI1NiJ9.eyJjb25zdW1lci5iaW4iOiJGQU5UQVNZQkFOSzEyMzQ1Njc4OTAiLCJzdWIiOiJGS2lqRnNFS1h6NTliWHVyd2FmdXl3UEVjbmF4YzZSMCIsImFkZHJlc3MiOnsiY291bnRyeSI6IkRFIiwicG9zdGFsX2NvZGUiOiIwMDAwQUEifSwiY29uc3VtZXIuaW5pdGlhbHMiOiJWSiIsImdlbmRlciI6IjEiLCJpZGluLnJhYm8uY29uc3VtZXIuYmluIjoiRkFOVEFTWUJBTksxMjM0NTY3ODkwIiwic2lnbmljYXQubmF0aW9uYWxfaWQiOiJGQU5UQVNZQkFOSzEyMzQ1Njc4OTAiLCJjb25zdW1lci5wcmVmZXJyZWRsYXN0bmFtZXByZWZpeCI6ImRlIiwiY29uc3VtZXIucGFydG5lcmxhc3RuYW1lIjoiSmFuc2VuIiwiZ2l2ZW5fbmFtZSI6IlZKIiwiY29uc3VtZXIubGVnYWxsYXN0bmFtZXByZWZpeCI6ImRlIiwiY29uc3VtZXIucHJlZmVycmVkbGFzdG5hbWUiOiJWcmllcy1KYW5zZW4iLCJpZGluLmNvbnN1bWVyLmxlZ2FsbGFzdG5hbWVwcmVmaXgiOiJkZSIsImZhbWlseV9uYW1lIjoiVnJpZXMifQ.Xp6fPz2UprQE21Y1Mbms4LkmydDy4caQUitZsB-2aytBTBNVaLO78U7MqszLCUaIE4fL0MHNmd7-eigDc_TOWQBqAYz_SVhXKMDw9tj1GYdp52T2kqytW86c6YaeQ20rGKxIR4e9jOOJj0N4lEwTMc67FAO9Lhy8r5EfJDnPt0mBhPhbUvYxII42tm0M12-3qBIHkdAhuyv-wv0RH9AymgZfRNWNnfJSPcj_9a9YpE692SZCz8U24IIQy6tSWh40fN40yfy_2Sc6M4sWi2Cs-UAvk0wifW5bpAjOwnj0bkoeTvqiljxch0LQKLNWVKWoxhICeHzuKKlA_bZyoXMGjA"
},
"createdAt": "2020-01-21T16:12:33Z",
"updatedAt": "2020-01-21T16:13:01Z"
}
# rejected
This is a response example of a Connect process that was rejected:
{
"processId": "1ad420ff-7b71-4322-8917-64fec28fe118",
"provider": "connect:idin",
"status": "rejected",
"providerSpecific": {
"error": {
"errorDescription": "The Resource Owner did not complete the login. urn:signicat:error:internal:Expired; ",
"error": "access_denied"
}
},
"createdAt": "2020-01-21T16:37:21Z",
"updatedAt": "2020-01-21T16:37:53Z"
}
# inconclusive
Connect processes do not have any inconclusive status.
# canceled
This is a response example of a Connect process that was canceled:
{
"processId": "ab5739a7-92ad-429d-a6d9-7cb233b2865c",
"provider": "connect:idin",
"status": "canceled",
"providerSpecific": {
"error": {
"errorDescription": "The Resource Owner did not complete the login. urn:signicat:error:usercancel; The process was aborted by the end-user",
"error": "access_denied"
}
},
"createdAt": "2020-01-28T12:24:58Z",
"updatedAt": "2020-01-28T12:25:32Z",
}
# Download full result
In the Get process response, you get the results for Connect in the provider-specific area. For full information as obtained from the provider, use the Download full result service. This service returns a zip file containing data and media files about the verification.
# Data files
# token_response.json
This "raw" file contains the token response used to obtain the user information. In this token, you find the Access Token, an ID Token and optionally a Refresh Token.
# user_info.json/.txt
This "raw" file contains information about the end-user, obtained from the ID method used in the request. The user information can be configured to be obtained either in JSON or JWT format. When the user information is in JWT format, the file has a “.txt” extension. If the information is in JSON format the file has a “.json” extension.
# Media files
The provider does not use media files.