Skip to main content

Setup

This page shows you how to set up your integration with MobileID using the Authorization Code Flow.

Sandbox and production accounts

We recommend you create a sandbox account to test our services before going live. Sandbox and production accounts must be set up separately.

Prerequisites

The steps on this page assume that you have completed the following prerequisites:

  1. Sign up to the Signicat Dashboard and register your profile. For more details, see the Get started with Signicat guide.
  2. In the Dashboard, make sure you have set up an organisation and an account.
  3. Additionally, to use this product, you must set up a domain.
  4. Set up a MobileID identity store and populate it with users and devices.
How to set up a MobileID identity store

Before you can integrate with MobileID using OIDC as an authentication protocol, you must first set up a MobileID identity store, then populate it with users and devices using our MobileID REST API.

Once you have active MobileID users and devices, you can then trigger authentications for the users through your chosen authentication protocol.

To learn how to set create MobileID users and register devices, see our API reference documentation:

Create MobileID users
Create your own MobileID users using our REST APIs
Register devices
Register your own MobileID devices using our REST APIs

1. Add MobileID as an eID

You need to add MobileID as an eID for your Signicat account. To do this:

  1. Log in to the Signicat Dashboard.
  2. Go to Products > eID and Wallet Hub > eIDs
  3. Click Add new.
  4. Choose Signicat MobileID from the list, then click Save.

2. Create an OIDC client with MobileID scopes

You need to create an OIDC client for the Authorization Code Flow, with the MobileID-specific scopes of your choice. To do this:

  1. Log in to the Signicat Dashboard.
  2. Go to Products > eID and Wallet Hub > OIDC clients.
  3. Click Create client.
  4. In the Primary Grant Type field, select AuthorizationCode from the dropdown menu.
  5. In the Client name field, give your client a name.
  6. In the Redirect URI field, enter the URL that you want to redirect your end-user to when the authentication process is finished.
    Use more than one redirect URI

    If you want to use more than one redirect URI, you can still add them after the client has been created.

  7. In the Scope field, add the MobileID-specific scopes that you want this OIDC client to have access to.
    What scopes should I add?

    When using OIDC, you must always include the scope openid.

    There are two MobileID-specific scopes called mobileid and mobileid-extra. To learn which claims each scope contains, see the MobileID Attributes reference table.

MobileID specific scopes

MobileID specific scopes

Want to learn more?

To learn more about creating an OIDC client in the Signicat Dashboard, see our Set up an OIDC client page.

3. Set up MobileID claims in the ID token

By default, OIDC clients return a limited set of claims in the ID token.

If you also want to get the MobileID claims as a part of the token, then you need to configure this in the OIDC client. To do this:

  1. Log in to the Signicat Dashboard.
  2. Go to Products > eID and Wallet Hub > OIDC clients.
  3. Click Edit on your client, then click Advanced > Security.
  4. In the ID token user data field, select All from the dropdown menu.
  5. To save your changes, click the Update button.
On this page