MobileID InApp Mobile integration: Authentication and payment authorization

22 views November 12, 2020 November 18, 2020 0

MobileID InApp Mobile integration: Authentication and payment authorization

1. Initiate operation on merchant server

The goal of this call is to obtain necessary information to build a proper authentication URL.
Note: The nature of the call is out of scope of this document (but this is most commonly HTTP GET).The following information is passed back in response:

  • The name of the oidc_client_id
  • The name of the Signicat authentication method
  • redirect_url (on merchant server) where final results should end

2. Generate URL

Construct an authentication URL as shown in the URL construction guide, based on information received from the merchant server in the previous step as well as the information already available through the merchant app:

  • externalRef
  • deviceId (to be extracted from EncapController:getRegistrationId())

For payment authorization, a consent text is added to the authorization call towards the MobileID solution, using an encrypted JSON Web Token (JWT), which is then used by MobileID to generate the PSD2 authentication code by means of cryptography and based on the context message containing at least the payee and amount. The URL construction guide includes sample requests and responses for payment authorization.

3. Initiate operation on Signicat’s server

The merchant app executes an HTTP GET request with the URL constructed previously. See the normal response in the URL construction guides.

Note: To be able to perform the subsequent requests, you must keep the cookies you receive and make these available for subsequent requests.

Response error example

"completeUrl": "",
"status": "ERROR",
"error": {
"code": "urn:signicat:error:idp:ACCESS_DENIED",
"message": "Access denied. Wrong credentials."

If an error occurs during initialization, you will receive a status indicating this, and an error object will be present. Upon error, if you choose to make a GET request towards the completeUrlyou will get

error_description=The Resource Owner did not complete the login. urn:signicat:error:idp:ACCESS_DENIED; Access denied. Wrong credentials.

4. Execute operation toward Encap

If the status was “OK”, you can start the Encap authentication. This involves the regular startAuthentication() /finishAuthentication() calls towards the Encap Client API.

5. Get result of the process — Finalize operation

Using the completeUrl received in step 1, execute a GET request for the authorization_code.

Carry out the regular OIDC authorization_code sequence of steps to obtain the device information. See the Finalize operation guide for details.

Was this helpful?