Skip to main content

Attributes reference

You use mojeID to verify the identity of end-users and obtain relevant personal information.

This page shows what end-user information is available for a given authentication protocol.

Available attributes

Attributes (scopes in OIDC) allow your application to specify the desired set of user data for each authentication.

The attributes an application should request depend on which user information your use case needs and the type of contract you signed with KIR.

After the end-user consents to share the requested attributes and completes an authentication, you can retrieve their personal details.

PESEL number

The PESEL number is the Polish national identity number.

The number is 11 digits long with format YYMMDDZZZXQ, where YYMMDD corresponds to the date of birth, ZZZ is a unique ID number, X represents the biological sex (even numbers for females, odd numbers for males) and Q is a check digit used to validate a given PESEL number.

OIDC scopes and claims

With OIDC, you specify scopes in the authorization request that triggers an identity verification flow.

After the end-user verifies themselves, consents to sharing their data and the flow is complete, you can retrieve the claims in the ID Token or through the UserInfo endpoint.

Use the following OIDC scopes in your request to perform end-user authentication with mojeID:

ScopeOIDC ClaimExampleDescription
profilenameJane DoeFull name of the end-user including first name, middle name, last name, titles and suffixes.
given_nameJaneFirst name of the end-user.
middle_nameMiddle name(s) of the end-user.
family_nameDoeLast name of the end-user.
birthdate1899-12-31Date of birth of the end-user represented as a string in YYYY-MM-DD date format.
ninnin99923106807The PESEL number (Polish national identity number) of the end-user.
nin_typePERSONThe type of national identity number.
nin_issuing_countryPLThe country issuing the identity number.
nationalitynationalityPLNationality of the end-user. Value format is ISO 3166-1 alpha-2 country code.
addressaddress{
"formatted": "ul. Lirowa 137, Gdańsk, PostName, 80-298, Poland",
"street_address": "ul. Lirowa 137 Gdańsk",
"locality": "PostName",
"postal_code": "80-298",
"country": "Poland"
},
Postal address of the end-user. Formatted as JSON object containing the following fields:

  • formatted full address string with format: street_adddress, locality, postal_code, country
  • street_address
  • locality
  • postal_code
  • country
mojeid-pl-mail-addressmojeid_pl_mail_addresstest@example.plEmail address of the end-user.
mojeid-pl-extramojeid_pl_id_document_typePASSPORTID document type. Available values: IDENTITY_CARD, PASSPORT, RESIDENCE_CARD.
mojeid_pl_id_document_numberID document number.
mojeid_pl_id_document_issue_date1899-12-31ID document issue date with format YYYY-MM-DD.
mojeid_pl_id_document_expiry_date1899-12-31ID document expiry date with format YYYY-MM-DD.
mojeid_pl_bank_account_number86 10202498 1111222233334444Bank account number of the end-user.

OIDC response example

Below, you find an example of a response obtained from an identity verification flow with mojeID.

Scopes in request: openid, nin, address, profile

Example of ID token in response:

{
"iss": "https://<YOUR_SIGNICAT_DOMAIN>/auth/open",
"nbf": 1712237928,
"iat": 1712237928,
"exp": 1712238528,
"aud": "<OIDC_CLIENT_ID>",
"amr": [
"external"
],
"at_hash": "0zAbHkX...IeNDhkFoWlhKg",
"sid": "8930E9EC6FAF...874DF7BA6FC907383",
"sub": "1q3Yf0-oFOvZCALyfLI98p0lgWgoSneWICAwQOzY18E=",
"auth_time": 1712237927,
"idp": "mojeid",
"name": "firstName middleName lastName",
"family_name": "lastName",
"given_name": "firstName",
"middle_name": "middleName",
"birthdate": "1899-12-31",
"address": {
"formatted": "ul. Lirowa 137, Gdańsk, PostName, 80-298, Poland",
"street_address": "ul. Lirowa 137 Gdańsk",
"locality": "PostName",
"postal_code": "80-298",
"country": "Poland"
},
"nin": "99923106807",
"nin_type": "PERSON",
"nin_issuing_country": "PL",
"idp_issuer": "https://wb.kir.pl",
"transaction_id": "355f42c4-a1ec-a...-87af-1eaad9a89435",
"sandbox": true
}

Example of a response from the UserInfo endpoint:

{
"name": "firstName middleName lastName",
"family_name": "lastName",
"given_name": "firstName",
"middle_name": "middleName",
"birthdate": "1899-12-31",
"address": {
"formatted": "ul. Lirowa 137, Gdańsk, PostName, 80-298, Poland",
"street_address": "ul. Lirowa 137 Gdańsk",
"locality": "PostName",
"postal_code": "80-298",
"country": "Poland"
},
"nin": "99923106807",
"nin_type": "PERSON",
"nin_issuing_country": "PL",
"sub": "1q3Yf0-oFOvZCALyfLI98p0lgWgoSneWICAwQOzY18E=",
"idp_issuer":"https://wb.kir.pl",
}

Signicat Authentication REST API attributes

The Signicat Authentication REST API supports the following request attributes for mojeID:

AttributeSub-field (response)ExampleDescription
nameJane DoeFull name of the end-user including first name, middle name, last name, titles and suffixes.
firstNameJaneFirst name of the end-user.
middleNameMiddle name(s) of the end-user.
lastNameDoeLast name of the end-user.
dateOfBirth1899-12-31Date of birth of the end-user represented as a string in YYYY-MM-DD date format.
ninvalue99923106807The national identity number of the end-user.
typePERSONThe type of national identity number.
issuingCountryPLThe country issuing the identity number.
nationalityPLNationality of the end-user. Value format is ISO 3166-1 alpha-2 country code.
address{
"formatted": "ul. Lirowa 137, Gdańsk, PostName, 80-298, Poland",
"street_address": "ul. Lirowa 137 Gdańsk",
"locality": "PostName",
"postal_code": "80-298",
"country": "Poland"
},
Postal address of the end-user. Formatted as JSON object containing the following fields:

  • formatted full address string with format: street_adddress, locality, postal_code, country
  • street_address
  • locality
  • postal_code
  • country
mojeidPlMailAddresstest@example.plEmail address of the end-user.
mojeidPlIdDocumentTypePASSPORTID document type. Available values: IDENTITY_CARD, PASSPORT, RESIDENCE_CARD.
mojeidPlIdDocumentNumberID document number.
mojeidPlIdDocumentIssueDate1899-12-31ID document issue date with format YYYY-MM-DD.
mojeidPlIdDocumentExpiryDate1899-12-31ID document expiry date with format YYYY-MM-DD.
mojeidPlBankAccountNumber86 10202498 1111222233334444Bank account number of the end-user.

Authentication API response example

The following is an example of a response showing the end-user information attributes:

mojeid-pl

{
...
"id": "4ccb8a1b-6f40-e146-af1b-15f1c6eabb56",
"subject": {
"id": "tXOq9614vLHkXBkENWcZGQO02Fc98IPaHq6iRwK-ytA=",
"idpId": "rpx5rrbsn4ktvhm3m0q4uh2iepsdat34i9vf",
"name": "firstName middleName lastName",
"firstName": "firstName",
"middleName": "middleName",
"lastName": "lastName",
"dateOfBirth": "1899-12-31",
"nin": {
"value": "99923106807",
"issuingCountry": "PL",
"type": "PERSON",
},
},
...
}

SAML 2.0 attributes

SAML Authentication service

When integrating with SAML 2.0, use the following request attributes in your request with mojeID:

AttributeExampleDescription
nameJane DoeFull name of the end-user including first name, middle name, last name, titles and suffixes.
firstNameJaneFirst name of the end-user.
middleNameMiddle name(s) of the end-user.
lastNameDoeLast name of the end-user.
dateOfBirth1899-12-31Date of birth of the end-user represented as a string in YYYY-MM-DD date format.
nin99923106807The response contains three separate fields for nin, nin.type and nin.issuingCountry, which represent respectively the national identity number of the end-user, the type of national identity number and the country issuing the identity number.
PERSONThe type of national identity number.
PLThe country issuing the identity number.
nationalityPLNationality of the end-user. Value format is ISO 3166-1 alpha-2 country code.
address{
"formatted": "ul. Lirowa 137, Gdańsk, PostName, 80-298, Poland",
"street_address": "ul. Lirowa 137 Gdańsk",
"locality": "PostName",
"postal_code": "80-298",
"country": "Poland"
},
Postal address of the end-user. Formatted as JSON object containing the following fields:

  • formatted full address string with format: street_adddress, locality, postal_code, country
  • street_address
  • locality
  • postal_code
  • country
mojeidPlMailAddresstest@example.plEmail address of the end-user.
mojeidPlIdDocumentTypePASSPORTID document type. Available values: IDENTITY_CARD, PASSPORT, RESIDENCE_CARD.
mojeidPlIdDocumentNumberID document number.
mojeidPlIdDocumentIssueDate1899-12-31ID document issue date with format YYYY-MM-DD.
mojeidPlIdDocumentExpiryDate1899-12-31ID document expiry date with format YYYY-MM-DD.
mojeidPlBankAccountNumber86 10202498 1111222233334444Bank account number of the end-user.

SAML 2.0 response example

The following is a SAML 2.0 response example:

<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="<YOUR_SAML_ACS_ENDPOINT>" ID="_79c74fabd7a896ee879729c92ca6c231" InResponseTo="_064f5303e14c84a59d7eaa24b6cd3558" IssueInstant="2024-04-15T11:56:12.648Z" Version="2.0" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
https://<YOUR_SIGNICAT_DOMAIN>/auth/saml
</saml2:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
...
</ds:Signature>
<saml2p:Status>
<saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</saml2p:Status>
<saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="_d9da2112740b886681bf7da6185d986f" IssueInstant="2024-04-15T11:56:12.657Z" Version="2.0" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<saml2:Issuer>
https://<YOUR_SIGNICAT_DOMAIN>/auth/saml
</saml2:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
...
</ds:Signature>
<saml2:Subject>
<saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="https://wb.kir.pl">
tXOq9614vLHkXBkENW...QO02Fc98IPaHq6iRwK-ytA=
</saml2:NameID>
<saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml2:SubjectConfirmationData InResponseTo="_064f5303e14c84a59d7eaa24b6cd3558" NotOnOrAfter="2024-04-15T11:58:12.657Z" Recipient="<YOUR_SAML_ACS_ENDPOINT>"/>
</saml2:SubjectConfirmation>
</saml2:Subject>
<saml2:Conditions NotBefore="2024-04-15T11:56:07.657Z" NotOnOrAfter="2024-04-15T11:58:12.657Z">
<saml2:AudienceRestriction>
<saml2:Audience>
https://<YOUR_SIGNICAT_DOMAIN>/broker/authn/saml
</saml2:Audience>
</saml2:AudienceRestriction>
</saml2:Conditions>
<saml2:AttributeStatement>
<saml2:Attribute Name="name">
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">
Jane Doe
</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute Name="nin">
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">
99923106807
</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute Name="nin.type">
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">
PERSON
</saml2:AttributeValue>
</saml2:Attribute>
</saml2:Attribute>
<saml2:Attribute Name="nin.issuingCountry">
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">
PL
</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute Name="email">
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">
test@example.pl
</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute Name="idpId">
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">
rpx5rrbsn4ktvhm3m0...uh2iepsdat34i9vf
</saml2:AttributeValue>
</saml2:Attribute>
</saml2:AttributeStatement>
<saml2:AuthnStatement AuthnInstant="2024-04-14T11:56:12.657Z" SessionIndex="fbd7098e-f7bd-4291-820a-70c9c2c0dff0">
<saml2:AuthnContext>
<saml2:AuthnContextClassRef>
urn:oasis:names:tc:SAML:2.0:ac:classes:SmartcardPKI
</saml2:AuthnContextClassRef>
<saml2:AuthenticatingAuthority>
https://wb.kir.pl
</saml2:AuthenticatingAuthority>
</saml2:AuthnContext>
</saml2:AuthnStatement>
</saml2:Assertion>
</saml2p:Response>