link

# Authentication: URL construction

This page contains a URL construction guide for authentication with the MobileID App.

# OIDC

# Request

GET <SIGNICAT_AUTHORIZATION_ENDPOINT>?
response_type=code&;
scope=openid+profile+mobileid&;
client_id=<CUSTOMER_CLIENT_ID>&;
redirect_uri=<CUSTOMER_CALLBACK_URL>&;
state=<CUSTOMER_AUTH_METHOD_NAME:STATE_IDENTIFIER>&;
acr_values=urn:signicat:oidc:method:<CUSTOMER_METHOD_NAME>&;
login_hint=deviceId-<DEVICE_ID>&;
login_hint=consentStr-<URL_ENCODED_CONSENT_STRING>

# Response

{
    "links": [
        {
            "rel": "status",
            "href": "STATUS_URL",
            "type": "GET"
        },
        {
            "rel": "complete",
            "href": "COMPLETE_URL",
            "type": "GET"
        },
        {
            "rel": "cancel",
            "href": "CANCEL_URL",
            "type": "GET"
        },
        ...
    ]
}

This is a regular authorisation code flow. A request is sent to the authorisation endpoint and upon successful authentication, an authorisation code will be sent to the customer's backend (redirect to CUSTOMER_CALLBACK_URL).

# SAML

# Request

GET <SIGNICAT_BASE_URL>/std/method/<CUSTOMER_SERVICE>/?
id=<CUSTOMER_AUTH_METHOD_NAME>::&
target=<CUSTOMER_REDIRECT_URL>&
prefilled.deviceId=<DEVICE_ID>&prefilled.consentStr=<URL_ENCODED_CONSENT_STRING>

# Response

Signicat Page is shown - waiting for authentication to complete

It is possible to pass a consent text to the app that will be displayed when the user is asked to authenticate. You can specify the consent text using the consentStr attribute, as per the request examples above.

Note

The string is sent in plain text in the URL and has a limit of 255 characters.

# Parameters

Parameter Description
STATE_IDENTIFIER Random text used together with CUSTOMER_AUTH_METHOD_NAME to uniquely identify the ongoing authentication session in the customer's backend. The session state can be compared when callback data is received from Signicat.
STATUS_URL URL (towards Signicat's server) that is used to get the status of the ongoing operation.
COMPLETE_URL URL (towards Signicat's server) that is used to signal the completion of the transaction. This will need to be used when the customer's app gets notification from the MobileID App that authentication is complete.
CANCEL_URL URL (towards Signicat's server) to cancel the ongoing operation.
DEVICE_ID Device ID

# Further reading

Last updated: 7/21/2021, 1:18:18 PM