# Overview

The Signicat Authentication API is for authenticating through Signicat's eID hub. Methods for authentication ranges from public eIDs such as BankIDs and government IDs, to biometric authentication for mobile Apps through MobileID.

# Available protocols

Signicat supports OpenID Connect, SAML 2.0 and SAML 1.1 (legacy). The protocols transfer the authentication as well as authorization data in a secure way between the identity provider (like Signicat) and the service provider (the customer).

About SAML 1.1

SAML 1.1 is a legacy protocol and no longer being maintained. We recommend you choose OpenID Connect instead.

# Which protocol should I choose?

If you are in doubt, you should probably choose OpenID Connect. This gives you easy access to Signicat and have the most common features that you need.

# OpenID Connect Recommended

# The authentication URL

The URL your user is sent to for authentication typically looks like the one below:

https://preprod.signicat.com/oidc/authorize?response_type=code&scope=openid+profile&client_id=demo-preprod&redirect_uri=https://labs.signicat.com/redirect&state=123abc&acr_values=urn:signicat:oidc:method:idin

The URL consist of two parts, the first part is the base URL (https://preprod.signicat.com/oidc/authorize) and the rest is parameters to set things like Client ID, Redirects and graphical profile.

# Base URL

The base URL refers to the domain and environment that you are using, by default in Signicat this is set to preprod for testing and id for production. To achieve the best user experience and avoid confusion amongst end users, Signicat recommends that you order a subdomain through Signicat making the URL https://id.YOURDOMAIN.com instead.

# Parameters

Parameters Default value Description
response_type required code
scope required openid This determines what type of information you will get from the user. NationalID, profile, address and phone are standard scopes most commonly used.
profile optional none This sets the graphical profile being used if you have one configured through our Customer Portal.
client_id required demo-preprod The id of the OIDC client being used
redirect_uri required none This is where the user is sent after authentication
acr_values required urn:signicat:oidc:method:METHODNAME The method name is where you set which authentication method you want to use, for example "sbid" for Swedish BankID or "nbid" for Norwegian BankID. For a full list of methods available, please see our Identity Methods page

# Response

The OpenID Connect protocol returns a JSON object as an OpenID response. For Swedish BankID the response looks like this:

{
	"family_name": "Signicat",
	"given_name": "John",
	"locale": "SE",
	"name": "John Signicat",
	"signicat.national_id": "199010275312",
	"sub": "KGMyh5FBCMTkEN934sOLyyBS0rPd4-up",
	"subject.nameid.namequalifier": "BANKID-SE"
}

Usually the unique identifier for the user is signicat.national_id which in Sweden, Denmark and Norway is their Personal Number ("Personnummer").

Last updated: 11/17/2020, 1:04:23 PM