MobileID

MobileID InApp Mobile integration: Finalize operation guide

10 views November 13, 2020 November 18, 2020 0

MobileID InApp Mobile integration: Finalize operation guide

Note: This operation is carried out in the same way regardless of whether the operation in question is registration, authentication, payment authorization, or Consent Signature.

Complete operation

1. Signicat’s server sends an authorization code to the CUSTOMER_REDIRECT_URL. Note: It is important that the HTTP GET does not use or inherit the HTTP Header Accept:application/json from the previous calls to Signicat.

Request

GET <COMPLETE_URL>

Response

AUTHORIZATION_CODE

 

2. The authorization code is exchanged for an access token.

Request

POST <SIGNICAT_TOKEN_ENDPOINT> HTTP/1.1
Content-Type: application/json
Authorization: 
Basic <CUSTOMER_BASIC_AUTH_HEADER>#bodyclient_id=<CUSTOMER_CLIENT_ID>&
redirect_uri=<CUSTOMER_REDIRECT_URI>&
grant_type=authorization_code&
code=<AUTHORIZATION_CODE>

Response

{
"access_token": "<ACCESS_TOKEN>",
"token_type": "Bearer",
...
}

 

3. Additional information (such as data on the authenticated user) can be retrieved from Signicat’s OIDC server using the /userinfo endpoint.

Request

[ OPTIONAL ]
GET <SIGNICAT_USERINFO_ENDPOINT> HTTP/1.1
Content-Type: application/json
Authorization: Bearer <ACCESS_TOKEN>

Response

For registration:

{
"sub": "<SUBJECT>",
"name": "<EXTERNAL_REF>"
...
}

For Authentication:

{
"sub": "<SUBJECT>",
"externalRef": "<EXTERNAL_REF>",
"deviceName": "<DEVICE_NAME>",
...
}

Was this helpful?