MobileID InApp Web integration: Registration

18 views November 12, 2020 November 18, 2020 0

MobileID InApp Web integration: Registration

1. Initiate operation on merchant server

The user must already be authenticated by the merchant backend before he can register his device. He starts the registration process by clicking the Register button that is displayed in the browser.

The merchant backend generates externalRef and deviceName, if needed.

Account and artifact creation
In order to carry out registration, an account with Signicat needs to be created. The merchant backend uses two SOAP WS calls:

  • One call for account creation
    • It is important that the flag activated is true
    • It is possible to add additional attributes to the account at the time of creation

One call for creation of artifact that has to be passed to Signicat’s registration service when operation is initiated.

2. Generate URL

The merchant backend constructs the registration URL as shown in the MobileID InApp web integration guide URL construction guides.

3. Initiate operation on Signicat’s server

The merchant backend executes an HTTP GET request with the URL constructed previously. See the normal response in the URL construction guides.

Note: To be able to perform the subsequent requests, you must keep the cookies you receive and make these available for subsequent requests.

Response error example

    "completeUrl": "",
    "status": "ERROR",
    "error": {
        "code": "urn:signicat:error:idp:ACCESS_DENIED",
        "message": "Access denied. Wrong credentials."

If an error occurs during initialization, you will receive a status indicating this, and an error object will be present. Upon error, if you choose to make a GET request towards the completeUrlyou will get

error_description=The Resource Owner did not complete the login. 
urn:signicat:error:idp:ACCESS_DENIED; Access denied. Wrong credentials.

4. Execute operation toward Encap

If the status was “OK”, the merchant backend will respond to the browser with the activationCode received from Encap (the activationCode is displayed in the browser).

The user switches to the merchant app and enters the displayed activationCode.

The merchant app continues the registration process: This involves the regular startActivation() / finishActivation() calls towards the Encap Client API.

Immediately after the activationCode is displayed in the browser, the merchant backend starts polling toward Signicat, awaiting the status of the operation.

5. Check process status

The client (browser) may execute polling calls to the merchant backend using the status URL from steps 1-3, which executes a call to Signicat.

This can be executed (periodically at pre-configured intervals) until the received result is COMPLETED.

6. Get result of the process — Finalize operation

When the status from the previous call is COMPLETED, the client executes a finalizing call to the merchant backend that again uses the received completeUrl and executes a call to Signicat. Signicat then sends an authorization_code to the merchant backend which carries out the regular OIDC authorization_code sequence of steps to obtain the device information.

See the MobileID InApp integration guide – Finalize operation for details.

Was this helpful?