link

# Mobile app-initiated operations: Finalise operation

click-to-zoom

Note

This operation is carried out in the same way regardless of whether the operation in question is registration, authentication, Payment Authorisation or Consent Signature.

# Complete operation

  1. Signicat's backend sends an authorisation code to the CUSTOMER_REDIRECT_URL.

Important

It is important that the HTTP GET does not use or inherit the HTTP Header Accept:application/json from the previous calls to Signicat.

# Request

GET <COMPLETE_URL>

# Response

AUTHORIZATION_CODE

  1. The authorisation code is exchanged for an access token.

# Request

POST <SIGNICAT_TOKEN_ENDPOINT> HTTP/1.1
Content-Type: application/json
Authorization: 
Basic <CUSTOMER_BASIC_AUTH_HEADER>#bodyclient_id=<CUSTOMER_CLIENT_ID>&
redirect_uri=<CUSTOMER_REDIRECT_URI>&
grant_type=authorization_code&
code=<AUTHORIZATION_CODE>

# Response

{
    "access_token": "<ACCESS_TOKEN>",
    "token_type": "Bearer",
    ...
}
  1. Additional information (such as data on the authenticated user) can be retrieved from Signicat's OIDC backend using the /userinfo endpoint.

# Request optional

GET <SIGNICAT_USERINFO_ENDPOINT> HTTP/1.1
Content-Type: application/json
Authorization: Bearer <ACCESS_TOKEN>

# Response For registration:

{
    "sub": "<SUBJECT>",
    "name": "<EXTERNAL_REF>"
    ...
}

For Authentication:

{
    "sub": "<SUBJECT>",
    "externalRef": "<EXTERNAL_REF>",
    "deviceName": "<DEVICE_NAME>",
    ...
}

# Further reading

Last updated: 8/9/2021, 1:34:03 PM