Attributes reference
You use Email OTP to authenticate your end-users with a one-time password (OTP) sent by email. After authentication, you can receive their email address.
This page shows scopes, attributes and response examples for each authentication protocol.
OIDC scopes and claims
| Scope | Claim | Description | Example |
|---|---|---|---|
openid | idp_issuer | The IdP used during authentication. | otp-email |
idp-id | idp_id | The email address of the user. | signikitten@example.com |
Set the UI language
To change the language on the Email OTP UI, use the query string parameter ui_locales in the OIDC authorization request. For example, use ui_locales=gr to set the Email OTP UI to Greek.
Email OTP supports the following languages in ISO 639-1 format:
| Language | Parameter |
|---|---|
| Danish | da |
| Dutch | nl |
| English (default) | en |
| Finnish | fi |
| Greek | el |
| Norwegian | no |
| Swedish | sv |
Note: English is the default language.
OIDC request example
To trigger an authentication, you build an OIDC request like:
https://<YOUR_SIGNICAT_DOMAIN>/auth/open/connect/authorize?
&client_id=<OIDC_CLIENT_ID>
&response_type=code
&redirect_uri=<REDIRECT_URI>
&state=1599045135410-jFe
&scope=openid%20idp-id
&acr_values=idp:otp-email
&prompt=login
&ui_locales=en
&nonce=1599046102647-dv4
OIDC response example
Below, you find an example of a response example for the UserInfo endpoint.
Scopes in request: openid, idp-id
Response example:
{
"idp_id": "signikitten@example.com",
"sub": "TOuh-Q-Qx2-EBXT3a3OgaoGXgQSx55ggpIXXXXXX",
"idp_issuer": "otp-email"
}
Signicat Authentication REST API attributes
The Signicat Authentication REST API supports the following request and response attributes for Email OTP:
| Attributes | Example | Description |
|---|---|---|
idpId | signikitten@example.com | The email address of the user. |
Set the UI language
To change the language on the Email OTP UI, use the language parameter in the payload of your request to the CreateSession endpoint. For example, use "language": "gr" to set the Email OTP UI to Greek.
Email OTP supports the following languages in ISO 639-1 format:
| Language | Parameter |
|---|---|
| Danish | da |
| Dutch | nl |
| English (default) | en |
| Finnish | fi |
| Greek | el |
| Norwegian | no |
| Swedish | sv |
Note: English is the default language.
Authentication API request example
To create a session using the Authentication REST API, you send a POST request to the CreateSession endpoint. This is https://api.signicat.com/auth/rest/sessions.
You define the parameters of the session in the payload of the request. For example:
{
"allowedProviders": [
"otp-email"
],
"flow": "redirect",
"language": "en",
"requestedAttributes": [
"idpId",
],
"callbackUrls": {
"success": "https://example.com/success",
"abort": "https://example.com/abort",
"error": "https://example.com/error"
}
}
Authentication API response example
The following is an example of a response:
{
...
"id": "4ccb8a1b-6f40-e146-af1b-15f1c6eabb56",
"status": "SUCCESS",
"provider": "otp-email",
"subject": {
"id": "X6hYgXvTvNMf27-mC0cYzOUb4HBWR1feCSh5Ul7KiNQ=",
"idpId": "signikitten@example.com",
}
...
}
SAML 2.0 attributes
| SAML 2.0 Protocol Attribute | Example | Description |
|---|---|---|
idpId | signikitten@example.com | The email address of the user. |
SAML 2.0 service provider metadata document
The example below shows a Service Provider (SP) metadata document to connect to Email OTP and request the attributes: idpId.
<?xml version="1.0" encoding="UTF-8"?><md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" ID="_45f42f65-39f9-4250-898e-f6297cb3f8ce" entityID="SAML Example SP">
<md:SPSSODescriptor WantAssertionsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate><SP_PUBLIC_SIGNING_CERTIFICATE_USED_FOR_SIGNING_REQUESTS></ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://<SP_METADATA_SERVER_DOMAIN>/callback" index="1" isDefault="false"/>
<md:AttributeConsumingService index="1" isDefault="false">
<md:ServiceName xml:lang="en" xmlns:xml="http://www.w3.org/XML/1998/namespace">All attributes</md:ServiceName>
<md:RequestedAttribute Name="idpId"/>
</md:AttributeConsumingService>
</md:SPSSODescriptor>
</md:EntityDescriptor>
SAML 2.0 request example
SAML 2.0 request example:
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
AttributeConsumingServiceIndex="1"
Destination="https://<YOUR_SIGNICAT_DOMAIN>/auth/saml/login"
ID="d2d2ae0656604b739d9bf36edca452a7"
IssueInstant="2024-08-12T07:20:50.265Z"
ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Version="2.0"
>
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">SAML Example SP</saml:Issuer>
</samlp:AuthnRequest>
SAML 2.0 response example
SAML 2.0 response example:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="..." ID="..." InResponseTo="..." IssueInstant="2023-08-18T13:21:19.716Z" Version="2.0">
<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://<YOUR_SIGNICAT_DOMAIN>.com/auth/saml</saml2:Issuer>
<saml2p:Status>
<saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</saml2p:Status>
<saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema" ID="_59c600d2f1f8695fd2b837c6f0be0faf" IssueInstant="2023-07-18T13:21:19.736Z" Version="2.0">
<saml2:Issuer>https://<YOUR_SIGNICAT_DOMAIN>.com/auth/saml</saml2:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference URI="#_59c600d2f1f8695fd2b837c6f0be0fss">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xsd"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>...</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>SIGNATURE_VALUE</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>X509_CERTIFICATE</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<saml2:Subject>
<saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="smt-otp">OZWWk8DKdFYf1JzLU8zJtku0uXkPaLvnIt</saml2:NameID>
<saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml2:SubjectConfirmationData InResponseTo="_2d3e23bb30673b750e73e1f4e5b89f8e" NotOnOrAfter="2023-08-18T13:23:19.736Z" Recipient="RECIPIENT"/>
</saml2:SubjectConfirmation>
</saml2:Subject>
<saml2:Conditions NotBefore="2023-08-18T13:21:14.737Z" NotOnOrAfter="2023-08-18T13:23:19.737Z">
<saml2:AudienceRestriction>
<saml2:Audience>...</saml2:Audience>
</saml2:AudienceRestriction>
</saml2:Conditions>
<saml2:AttributeStatement>
<saml2:Attribute Name="idpId">
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">signikitten@example.com</saml2:AttributeValue>
</saml2:Attribute>
</saml2:AttributeStatement>
<saml2:AuthnStatement AuthnInstant="2023-08-18T13:21:19.737Z" SessionIndex="XXXXXXX-fdff-47c9-b65f-XXXXXXX">
<saml2:AuthnContext>
<saml2:AuthnContextClassRef>substantial</saml2:AuthnContextClassRef>
<saml2:AuthenticatingAuthority>otp-email</saml2:AuthenticatingAuthority>
</saml2:AuthnContext>
</saml2:AuthnStatement>
</saml2:Assertion>
</saml2p:Response>