MobileID

MobileID InApp Web integration: Finalize operation guide

7 views November 13, 2020 November 18, 2020 0

MobileID InApp Web integration: Finalize operation guide

Note: This operation is carried out in the same way regardless of whether the operation in question is registration, authentication or payment authorization.

Check status

Note: This is just one implementation possibility. It is possible to execute the implementation in different ways.

While the operation (registration, authentication) is ongoing between the merchant app and Signicat, the client (browser) may execute polling calls to the merchant backend using the previously received status URL, which executes a call to Signicat.

This can be executed (periodically at pre-configured intervals) until the received result is COMPLETED.

Request

GET <STATUS_URL>

Response

{
    "status": "PENDING"/"COMPLETED"
}
Complete operation

1. Signicat’s server sends an authorization code to the CUSTOMER_REDIRECT_URL.

Request

GET <COMPLETE_URL>

Response

AUTHORIZATION_CODE

 

2. The authorization code is exchanged for an access token, id token, and optionally refresh token.

Request

POST <SIGNICAT_TOKEN_ENDPOINT> HTTP/1.1
Content-Type: application/json
Authorization: Basic <CUSTOMER_BASIC_AUTH_HEADER>

#body

client_id=<CUSTOMER_CLIENT_ID>&
redirect_uri=<CUSTOMER_REDIRECT_URI>&
grant_type=authorization_code&
code=<AUTHORIZATION_CODE>

Response

{
    "access_token": "<ACCESS_TOKEN>",
    "token_type": "Bearer",
    ...
}

3. Additional information (such as data on the authenticated user) can be retrieved from Signicat’s OIDC server using the /userinfo endpoint.

Request (optional)

GET <SIGNICAT_USERINFO_ENDPOINT> HTTP/1.1
Content-Type: application/json
Authorization: Bearer <ACCESS_TOKEN>

Response

For registration:

{
    "sub": "<SUBJECT>",
    "name": "<EXTERNAL_REF>"
    ...
}

For authentication:

{
    "sub": "<SUBJECT>",
    "externalRef": "<EXTERNAL_REF>",
    "deviceName": "<DEVICE_NAME>",
    ...
}

Was this helpful?