MobileID

Browser-based registration process

39 views December 1, 2018 December 5, 2018 0

The following sequence diagram describes the MobileID app registration process when you want to perform the whole registration process inside your browser, including identifying the user.

1) Initiate the registration

Web integration with the MobileID app is done via the same API as Signicat’s other ID methods. See “Get started with authentication“ for more information.

To initiate the registration, send a GET request to the in-app URL you have received from Signicat. As a response, you will receive a 302 redirect URI generated by your server, as well as an HTML response containing a pairing code.

Request example

GET https://preprod.signicat.com/oidc/authorize?response_type=code&scope=openid+mobileid&client_id=demo-preprod&redirect_uri=https://example.com/redirect&state=123abc&acr_values=urn:signicat:oidc:method:mobileid-reg

2) Start the MobileID app with the pairing code received in step 1

The user will be instructed to create a PIN code and, optionally, register a fingerprint in the MobileID app.

3) Get the result of the registration process

You are redirected to the redirect URI from step 1 with a “code” query parameter.

4) Send token request

Use the redirect URI and the code received in step 1 to send a POST request towards the token endpoint. The request must contain the following URI-encoded parameters:

  • client_id: Your client ID
  • redirect_uri: Must equal the URI the flow started with
  • grant_type=authorization_code: We are using an authorization code for this flow, hence the value of this parameter
  • code: Must equal the code received in step 3

Request example

curl -XPOST "https://preprod.signicat.com/oidc/token" -H "Authorization: Basic ZGVtby1wcmVwcm9kOm1xWi1fNzUtZjJ3TnNpUVRPTmI3T240YUFaN3pjMjE4bXJSVmsxb3VmYTg=" -d "client_id=demo-preprod&redirect_uri=https://example.com/redirect&grant_type=authorization_code&code=CODE GOES HERE"

Response example

{"access_token":"eyJra...","token_type":"Bearer","refresh_token":"S4rkjLZ-13aXtuLhyHngFZGcC2mbmKcK","scope":"mobileid profile openid","expires_in":1800,"id_token":"eyJra..."}

Extract the access token from the response to use it in the next step.

5) Send userinfo request

Use the access token to fetch the deviceId with a GET request.

Request example

curl -XGET "https://preprod.signicat.com/oidc/userinfo" -H "Authorization: Bearer YOUR_ACCESS_TOKEN"

Response example

{"sub":"uIFLTWW_xgxkWPImFo5JXtzhzZqK4mBf","deviceId":"UlzxrYaXmrvR2Njm7ydRf9FeDV7VLilX"} 

Note that the response will vary depending on the ID method. For further information, refer to OIDC Response Examples.

Save the deviceId, as it will be used to start any future authentication processes from that user.

Any further actions after receiving this response are your responsibility. Signicat does not have any responsibility for how the result of the registration is used.

Was this helpful?