MobileID

MobileID InApp Web integration: URL construction guides

22 views November 13, 2020 0

MobileID InApp Web integration: URL construction guides for registration, authentication, and payment authorization

Requests and responses

Registration

Registration OIDC request without PKCE

GET <SIGNICAT_AUTHORIZATION_ENDPOINT>?
response_type=code&
scope=openid+profile+mobileid&
client_id=<CUSTOMER_CLIENT_ID>&
redirect_uri=<CUSTOMER_REDIRECT_URI>&
state=<CUSTOMER_REG_METHOD_NAME:STATE_IDENTIFIER>&
acr_values= urn:signicat:oidc:method:<CUSTOMER_REG_METHOD_NAME>&
login_hint=deviceName-<DEVICE_NAME>&
login_hint=artifact-<ARTIFACT>&
login_hint=externalRef-<ACCOUNT_NAME>

Registration OIDC request with PKCE

GET <SIGNICAT_AUTHORIZATION_ENDPOINT>?
response_type=code&
scope=openid+profile+mobileid&
client_id=<CUSTOMER_CLIENT_ID>&
redirect_uri=<CUSTOMER_REDIRECT_URI>&
code_challenge=<CODE_CHALLENGE>&
code_challenge_method=S256&
state=<CUSTOMER_REG_METHOD_NAME:STATE_IDENTIFIER>&
acr_values= urn:signicat:oidc:method:<CUSTOMER_REG_METHOD_NAME>&
login_hint=deviceName-<DEVICE_NAME>&
login_hint=artifact-<ARTIFACT>&
login_hint=externalRef-<ACCOUNT_NAME>

Registration response

{
    "status":"<STATUS>",
    "activationCode":"<ACTIVATION_CODE>",
    "statusUrl":"<STATUS_URL>",
    "completeUrl":"<COMPLETE_URL>"
}
Authentication

Authentication OIDC request without PKCE

GET <SIGNICAT_AUTHORIZATION_ENDPOINT>?
response_type=code&
scope=openid+profile+mobileid&
client_id=<CUSTOMER_CLIENT_ID>&
redirect_uri=<CUSTOMER_REDIRECT_URI>&
state=<CUSTOMER_AUTH_METHOD_NAME:STATE_IDENTIFIER>&
acr_values= urn:signicat:oidc:method:<CUSTOMER_AUTH_METHOD_NAME>&
login_hint=deviceId-<DEVICE_ID>&
login_hint=externalRef-<ACCOUNT_NAME>

Authentication OIDC request with PKCE

GET <SIGNICAT_AUTHORIZATION_ENDPOINT>?
response_type=code&
scope=openid+profile+mobileid&
client_id=<CUSTOMER_CLIENT_ID>&
redirect_uri=<CUSTOMER_REDIRECT_URI>&
code_challenge=<CODE_CHALLENGE>&
code_challenge_method=S256&
state=<CUSTOMER_AUTH_METHOD_NAME:STATE_IDENTIFIER>&
acr_values= urn:signicat:oidc:method:<CUSTOMER_AUTH_METHOD_NAME>&
login_hint=deviceId-<DEVICE_ID>&
login_hint=externalRef-<ACCOUNT_NAME>

Authentication response

{
    "status":"<STATUS>",
    "statusUrl":"<STATUS_URL>",
    "completeUrl":"<COMPLETE_URL>"
}
Payment Authorization

Payment Authorization OIDC request

GET <SIGNICAT_AUTHORIZATION_ENDPOINT>? response_type=code&
scope=openid+profile+mobileid&
client_id=<CUSTOMER_CLIENT_ID>&
redirect_uri=<CUSTOMER_REDIRECT_URI>&
state=<CUSTOMER_AUTH_METHOD_NAME:STATE_IDENTIFIER>&
acr_values= urn:signicat:oidc:method:<CUSTOMER_AUTH_METHOD_NAME>&
login_hint=deviceId-<DEVICE_ID>&
login_hint=externalRef-<ACCOUNT_NAME>&
login_hint=preContextTitle-<TEXT_TO_DISPLAY>

Payment Authorization response

{
    "status":"<STATUS>",
    "statusUrl":"<STATUS_URL>",
    "completeUrl":"<COMPLETE_URL>"
}

Parameters

Parameter Description
STATE_IDENTIFIER  Random text used together with CUSTOMER_REG_METHOD_NAME to uniquely identify the ongoing registration session in the merchant’s backend.

The session state can be compared when callback/ redirect data is received from Signicat.

ACTIVATION_CODE Code to be used with Encap.
STATUS_URL  URL (towards Signicat’s server) that is used to get the status of the ongoing operation.
COMPLETE_URL URL (towards Signicat’s server) that is used to signal the completion of the transaction. This will need to be used when the merchant’s app gets notification from MobileID that the registration is done.
DEVICE_ID  Device ID
CODE_CHALLENGE  PKCE Code Challenge. Base64UrlEncoded SHA256 of the the value for CODE_VERIFIER (to be used later when the authentication code is exchanged for access_token)
CODE_CHALLENGE_METHOD  PKCE Code Challenge Method. Recommended: S256

Was this helpful?