MobileID

MobileID InApp Mobile integration: URL construction guides

21 views November 13, 2020 November 25, 2020 0

MobileID InApp Mobile integration: URL construction guides for registration, authentication, and payment authorization

Note: Details on the construction of the signing URL for the Consent Signature operation are included in the section on Consent Signature.

Requests and responses

Registration
GET <AUTHORIZATION_CODE_FLOW_URL> HTTP/1.1
Accept: application/json

Where AUTHORIZATION_CODE_FLOW_URL:

Registration OIDC request without PKCE

response_type=code&
scope=openid+profile+mobileid&
client_id=<CUSTOMER_CLIENT_ID>&
redirect_uri=<CUSTOMER_REDIRECT_URI>&
state=<CUSTOMER_REG_METHOD_NAME:STATE_IDENTIFIER>&
acr_values= urn:signicat:oidc:method:<CUSTOMER_REG_METHOD_NAME>&
login_hint=deviceName-<DEVICE_NAME>&
login_hint=artifact-<ARTIFACT>&
login_hint=externalRef-<ACCOUNT_NAME>

Registration OIDC request with PKCE

GET <SIGNICAT_AUTHORIZATION_ENDPOINT>? response_type=code&
scope=openid+profile+mobileid& client_id=<CUSTOMER_CLIENT_ID>&
redirect_uri=<CUSTOMER_REDIRECT_URI>&
code_challenge=<CODE_CHALLENGE>&
code_challenge_method=S256&
state=<CUSTOMER_REG_METHOD_NAME:STATE_IDENTIFIER>&
acr_values= urn:signicat:oidc:method:<CUSTOMER_REG_METHOD_NAME>&
login_hint=deviceName-<DEVICE_NAME>&
login_hint=artifact-<ARTIFACT>&
login_hint=externalRef-<ACCOUNT_NAME>

Note: It is crucial that HTTP Header Accept:application/json is used.

Registration response

{
    "status":"<STATUS>",
    "activationCode":"<ACTIVATION_CODE>",
    "statusUrl":"<STATUS_URL>",
    "completeUrl":"<COMPLETE_URL>"
}

 

Authentication
GET <AUTHORIZATION_CODE_FLOW_URL> HTTP/1.1
Accept: application/json

Where AUTHORIZATION_CODE_FLOW_URL:

Authentication OIDC request without PKCE

response_type=code&
scope=openid+profile+mobileid&
client_id=<CUSTOMER_CLIENT_ID>&
redirect_uri=<CUSTOMER_REDIRECT_URI>&
state=<CUSTOMER_AUTH_METHOD_NAME:STATE_IDENTIFIER>&
acr_values= urn:signicat:oidc:method:<CUSTOMER_AUTH_METHOD_NAME>&
login_hint=deviceId-<DEVICE_ID>&
login_hint=externalRef-<ACCOUNT_NAME>

Authentication OIDC request with PKCE

response_type=code&
scope=openid+profile+mobileid&
client_id=<CUSTOMER_CLIENT_ID>&
redirect_uri=<CUSTOMER_REDIRECT_URI>&
code_challenge=<CODE_CHALLENGE>&
code_challenge_method=S256&
state=<CUSTOMER_AUTH_METHOD_NAME:STATE_IDENTIFIER>&
acr_values= urn:signicat:oidc:method:<CUSTOMER_AUTH_METHOD_NAME>&
login_hint=deviceId-<DEVICE_ID>&
login_hint=externalRef-<ACCOUNT_NAME>

Note: It is crucial that HTTP Header Accept:application/json is used.

Authentication response

{
    "status":"<STATUS>",
    "statusUrl":"<STATUS_URL>",
    "completeUrl":"<COMPLETE_URL>"
}

 

Payment Authorization
GET <AUTHORIZATION_CODE_FLOW_URL> HTTP/1.1
Accept: application/json

Where AUTHORIZATION_CODE_FLOW_URL:

Payment Authorization OIDC request

GET <SIGNICAT_AUTHORIZATION_ENDPOINT>?
response_type=code& scope=openid+profile+mobileid&
client_id=<CUSTOMER_CLIENT_ID>&
redirect_uri=<CUSTOMER_REDIRECT_URI&
state=<CUSTOMER_AUTH_METHOD_NAME:STATE_IDENTIFIER&
acr_values= urn:signicat:oidc:method:<CUSTOMER_AUTH_METHOD_NAME>&
login_hint=deviceId-<DEVICE_ID>&
login_hint=externalRef-<ACCOUNT_NAME>&
login_hint=preContextTitle-<TEXT_TO_DISPLAY>

Note: It is crucial that HTTP Header Accept:application/json is used.

Payment Authorization response

{ 
    "status":"<STATUS>",
    "statusUrl":"<STATUS_URL>",
    "completeUrl":"<COMPLETE_URL>"
}

Parameters

Parameter Description
STATE_IDENTIFIER Random text used together with CUSTOMER_REG_METHOD_NAME to uniquely identify the ongoing registration session in the merchant’s backend.

The session state can be compared when callback/ redirect data is received from Signicat.

ACTIVATION_CODE Code to be used with Encap.
STATUS_URL URL (towards Signicat’s server) that is used to get the status of the ongoing operation.
COMPLETE_URL URL (towards Signicat’s server) that is used to signal the completion of the transaction. This will need to be used when the merchant’s app gets notification from MobileID that the registration is done.
DEVICE_ID Device ID
CODE_CHALLENGE PKCE Code Challenge. Base64UrlEncoded SHA256 of the the value for CODE_VERIFIER (to be used later when the authentication code is exchanged for access_token)
CODE_CHALLENGE_METHOD PKCE Code Challenge Method. Recommended: S256

Was this helpful?