Skip to main content

OAuth Tools

This page shows you how to test out MobileID with the Authorization Code Flow using OAuth Tools.

Want to test OIDC CIBA?

Although this guide describes how to test the Authorization Code Flow, you can also use OAuth Tools to test the OIDC CIBA standard as well.

Prerequisites

1. Sign up to Signicat

If you don't have an account already, sign up for a free Signicat account by completing the following initial preparations:

  1. Sign up to the Signicat Dashboard and register your profile. For more details, see the Get started with Signicat guide.
  2. In the Dashboard, make sure you have set up an organisation and an account.
  3. Additionally, to use this product, you must set up a domain.
Already signed up?

If you have already signed up, then you just need to sign in to the Signicat Dashboard.

  • You can use an existing account or create a new one.
  • You must ensure that you have set up a domain for the account that you want to use.

2. Add MobileID to your account

Add MobileID to your account. To do this:

  1. Go to Signicat Dashboard > Products > MobileID
  2. Click the Add MobileID button.

3. Create MobileID user and register device

Add a MobileID user with an external reference and register at least one device. To do this, we have two alternatives:

  • The fastest way which uses the MobileID Try it out page in the Signicat Dashboard. This does not require any coding experience.
  • The technical way which uses the MobileID Quick start guide. This requires you to make API requests.

Use either of the buttons below to complete this step using your preferred method:

Try it out
Use buttons to trigger MobileID operations using 'Try it out' in the Signicat Dashboard
Quick start guide
Setup an integration and use our REST APIs

Setup for testing

1. Add Signicat MobileID as an eID

Once you have completed the prerequisites and signed up, you can add MobileID to the list of supported eIDs.

You need to add MobileID as an eID for your Signicat account. To do this:

  1. Go to Signicat Dashboard > Products > eID Hub > eIDs
  2. Click + Add new.
  3. From the list of eIDs, select Signicat MobileID, then click Save.
  4. Check that Signicat MobileID is present in your eIDs list, with status set to Active.
Add Signicat MobileID

Add Signicat MobileID

2. Create an OIDC client

You need to create an OIDC client with MobileID scopes. To do this:

  1. Go to Signicat Dashboard > Products > eID Hub > OIDC clients.
  2. Click Create client.
  3. In the Primary Grant Type field, select AuthorizationCode from the dropdown menu.
  4. In the Client name field, give your client a name.
  5. In the Redirect URI field, set https://oauth.tools/callback/code.
  6. In the Scope field, set mobileid and mobileid-extra, in addition to openid.

Test Signicat MobileID

1. Open OAuth Tools

  1. Go to Signicat Dashboard > Products > eID Hub > OIDC clients.
  2. Click the Edit button beside your new OIDC client.
  3. Select the Overview tab, then click Try out this client on oauth.tools!.

2. Configure Signicat Playground settings

  1. In OAuth tools, expand the dropdown menu beside Signicat Playground, then select Settings.
  2. On the Endpoints tab, verify that the contents of the Metadata URL in OAuth Tools matches the contents of the Well-Known URL for client field in the Signicat Dashboard.
    Where can I find this?

    To find the Well-Known URL for client field in the Signicat Dashboard:

    1. Go to Signicat Dashboard > Products > eID Hub > OIDC clients.
    2. Click the Edit button beside your new OIDC client.
    3. Select the Overview tab.
  3. On the Clients tab, verify that your client is visible, and that the Code toggle button is enabled.
  4. Close the settings page.

3. Configure Authorization Code Flow settings

  1. In the left-side menu, select Authorization Code Flow.
  2. In section (1) Settings, set the following:

4. Start flow

  1. In section (1) Settings, enable the Pushed Authorization Request (PAR) toggle button.
    Why should you use PAR?

    Pushed Authorization Request (PAR) is an extension to the OAuth 2.0 protocol that allows clients to send authorisation requests directly to the authorisation server via a secure, back-channel HTTP POST request, before initiating the actual authorisation flow.

    Enabling PAR is strongly recommended, even if it is possible for the flow to work without enabling it.

    Whether it works or not depends on the ACR values that you pass in your request. Specifically, you need to use secure context with preOperationContextContent and preOperationContextTitle.

  2. In section (2) Pushed Authorization Request, click the Send button.
  3. In section (3) Start Flow, click the Run button.
  4. In the dialog box, enter enter the external reference of the MobileID user that you created using the MobileID API.
  5. Select the device ID of the device that you registered using the MobileID API.
  6. When asked, authenticate.
  7. In OAuth Tools, in (4) Redeem Authorization Code, click Redeem Code.
Auto-redeem code

To avoid having to click Redeem Code for every operation, you can enable this to happen automatically by enabling the Auto-redeem code toggle button.

5. Call Userinfo endpoint

  1. In the left-side menu, select Userinfo.
  2. In section (1) Settings, select Code Flow: Access Token from the dropdown menu.
  3. Click the Call Userinfo Endpoint button.
  4. The Userinfo is shown in the pane on the right-hand side.
Last updated:
On this page