link

# Backend-initiated operations: Finalise operation

click-to-zoom

Note

This operation is carried out in the same way regardless of whether the operation in question is registration or authentication.

# Check status

Note

This is just one implementation possibility. It is possible to execute the implementation in different ways.

While the operation is ongoing between the merchant's app and Signicat, the client (browser) may execute polling calls to the merchant's backend using the previously received status URL, which executes a call to Signicat.

This can be executed (periodically at pre-configured intervals) until the received result is COMPLETED.

# Request

GET <STATUS_URL>

# Response

{
    "status": "PENDING"/"COMPLETED"
}

# Complete operation

  1. Signicat's backend sends an authorisation code to the CUSTOMER_REDIRECT_URL.

# Request

GET <COMPLETE_URL>

# Response

AUTHORIZATION_CODE

  1. The authorisation code is exchanged for an access token, id token and optionally refresh token.

# Request

POST <SIGNICAT_TOKEN_ENDPOINT> HTTP/1.1
Content-Type: application/json
Authorization: Basic <CUSTOMER_BASIC_AUTH_HEADER>

#body

client_id=<CUSTOMER_CLIENT_ID>&
redirect_uri=<CUSTOMER_REDIRECT_URI>&
grant_type=authorization_code&
code=<AUTHORIZATION_CODE>

# Response

{
    "access_token": "<ACCESS_TOKEN>",
    "token_type": "Bearer",
    ...
}
  1. Additional information (such as data on the authenticated user) can be retrieved from Signicat's OIDC backend using the /userinfo endpoint.

# Request optional

GET <SIGNICAT_USERINFO_ENDPOINT> HTTP/1.1
Content-Type: application/json
Authorization: Bearer <ACCESS_TOKEN>

# Response

For registration:

{
    "sub": "<SUBJECT>",
    "name": "<EXTERNAL_REF>"
    ...
    }

For authentication:

{
    "sub": "<SUBJECT>",
    "externalRef": "<EXTERNAL_REF>",
    "deviceName": "<DEVICE_NAME>",
    ...
}

# Further reading

Last updated: 8/9/2021, 1:34:03 PM