link

# Integration guides

Integration with the MobileID App is done via the same API as Signicat's other ID methods. Through the single point of integration, one will get access to Signicat's wide portfolio of integrated ID methods, not only MobileID, but also other services like identity paper verification.

You can find specific instructions for integrating using both OIDC and SAML in the expandable section below. See Getting started with authentication for more guides and examples.

# Integrating with OIDC and SAML 1.1

Expand/ collapse OIDC and SAML 1.1 integration guides

# Integrating with OIDC

Signicat has implemented OAuth 2.0 with the authorisation code flow. In order to use this, the following information has to be exchanged.

# Information exchanged between Signicat and the customer

Task Parameter to expose to Signicat Description
Create customer's OIDC client CUSTOMER_CLIENT_ID
Create client secret CUSTOMER_CLIENT_SECRET Used for communication with Signicat's OIDC server
Create reg method CUSTOMER_REG_METHOD_NAME Method name should always reflect the initiating scenario (app-to-app/backend-initiated)
Create auth method CUSTOMER_AUTH_METHOD_NAME Name should always match the initiating scenario (app-to-app/backend-initiated)
- SIGNICAT_BASE_URL Signicat environment URL (e.g. https://preprod.signicat.com)
- SIGNICAT_AUTHORIZATION_ENDPOINT SIGNICAT_TOKEN_ENDPOINT SIGNICAT_USERINFO_ENDPOINT Refer to the OIDC Discovery URI at <SIGNICAT_BASE_URL>/oidc/.well-known/openid-configuration
Prepare basicAuthHeader CUSTOMER_BASIC_AUTH_HEADER Base64-encoded CUSTOMER_CLIENT_ID:CUSTOMER_CLIENT_SECRET, to be used for obtaining the access token

# Information exchanged between the customer and Signicat

Parameter to expose to Signicat Description
CUSTOMER_CALLBACK_URL Callback URL (a customer backend) that Signicat's server will send the authorisation code and final result to

Other parameters may be required, depending on the integration scenario (app-to-app or backend-initiated). These scenarios are described in the section on Registration and authentication with the MobileID App below.

# Integrating with SAML 1.1

# Information exchanged between Signicat and the customer

Task Parameter to expose to customer Description
Create a service CUSTOMER_SERVICE
Create reg method CUSTOMER_REG_METHOD_NAME Method name should always reflect the initiating scenario (app-to-app/backend-initiated)
Create auth method CUSTOMER_AUTH_METHOD_NAME Method name should always reflect the initiating scenario (app-to-app/backend-initiated)
- SIGNICAT_BASE_URL Environment URL, e.g. https://preprod.signicat.com

# Information exchanged between the customer and Signicat

Parameter to expose to Signicat Description
CUSTOMER_REDIRECT_URL Redirect URL (a customer backend) that Signicat's server will send the SAML response to

# Registration and authentication with the MobileID App

The main purpose of the MobileID App is to be an authenticator. In order to pair the app and an identity, however, the end-user must go through a registration process. To establish who the end-user is within the customer's system, the person's identity is established by the customer through the use of another ID method. The registration process can then be started either in a browser or from another app.

The process of registration results in a deviceId being returned, which can then be used for subsequent authentications. The deviceId is a unique identifier that is tied to the information of the end-user who registered the MobileID device (userId).

Important

It is the responsibility of the customer to tie the deviceId to the end-user's information (obtained through a secondary ID method) in a persistent manner, such as in a database, so that it can later be used in the MobileID App authentication process.

Click the buttons below for guides that illustrate how to integrate operations with the MobileID App, including detailed diagrams and step-by-step descriptions.

# App-to-app operations

# Backend-initiated operations

# Video demos for MobileID App registration and authentication

The videos below show the processes of backend-initiated registration, or onboarding, and authentication from the end-user perspective.

# MobileID App: Backend-initiated registration

# MobileID App: Backend-initiated authentication

# Further reading

Last updated: 7/12/2021, 2:29:58 PM