Attributes reference
You use mojeID to verify the identity of end-users and obtain relevant personal information.
This page shows what end-user information is available for a given authentication protocol.
Available attributes
Attributes (scopes in OIDC) allow your application to specify the desired set of user data for each authentication.
The attributes an application should request depend on which user information your use case needs and the type of contract you signed with KIR.
After the end-user consents to share the requested attributes and completes an authentication, you can retrieve their personal details.
PESEL number
The PESEL number is the Polish national identity number.
The number is 11 digits long with format YYMMDDZZZXQ
, where YYMMDD
corresponds to the date of birth, ZZZ
is a unique ID number, X
represents the biological sex (even numbers for females, odd numbers for males) and Q
is a check digit used to validate a given PESEL number.
OIDC scopes and claims
With OIDC, you specify scopes in the authorization request that triggers an identity verification flow.
After the end-user verifies themselves, consents to sharing their data and the flow is complete, you can retrieve the claims in the ID Token or through the UserInfo endpoint.
Use the following OIDC scopes in your request to perform end-user authentication with mojeID:
Scope | OIDC Claim | Example | Description |
---|---|---|---|
profile | name | Jane Doe | Full name of the end-user including first name, middle name, last name, titles and suffixes. |
given_name | Jane | First name of the end-user. | |
middle_name | Middle name(s) of the end-user. | ||
family_name | Doe | Last name of the end-user. | |
birthdate | 1899-12-31 | Date of birth of the end-user represented as a string in YYYY-MM-DD date format. | |
nin | nin | 99923106807 | The PESEL number (Polish national identity number) of the end-user. |
nin_type | PERSON | The type of national identity number. | |
nin_issuing_country | PL | The country issuing the identity number. | |
nationality | nationality | PL | Nationality of the end-user. Value format is ISO 3166-1 alpha-2 country code. |
address | address | { "formatted": "ul. Lirowa 137, Gdańsk, PostName, 80-298, Poland", "street_address": "ul. Lirowa 137 Gdańsk", "locality": "PostName", "postal_code": "80-298", "country": "Poland" }, | Postal address of the end-user. Formatted as JSON object containing the following fields:
|
mojeid-pl-mail-address | mojeid_pl_mail_address | test@example.pl | Email address of the end-user. |
mojeid-pl-extra | mojeid_pl_id_document_type | PASSPORT | ID document type. Available values: IDENTITY_CARD , PASSPORT , RESIDENCE_CARD . |
mojeid_pl_id_document_number | ID document number. | ||
mojeid_pl_id_document_issue_date | 1899-12-31 | ID document issue date with format YYYY-MM-DD . | |
mojeid_pl_id_document_expiry_date | 1899-12-31 | ID document expiry date with format YYYY-MM-DD . | |
mojeid_pl_bank_account_number | 86 10202498 1111222233334444 | Bank account number of the end-user. |
OIDC response example
Below, you find an example of a response obtained from an identity verification flow with mojeID.
Scopes in request: openid, nin, address, profile
Example of ID token in response:
{
"iss": "https://<YOUR_SIGNICAT_DOMAIN>/auth/open",
"nbf": 1712237928,
"iat": 1712237928,
"exp": 1712238528,
"aud": "<OIDC_CLIENT_ID>",
"amr": [
"external"
],
"at_hash": "0zAbHkX...IeNDhkFoWlhKg",
"sid": "8930E9EC6FAF...874DF7BA6FC907383",
"sub": "1q3Yf0-oFOvZCALyfLI98p0lgWgoSneWICAwQOzY18E=",
"auth_time": 1712237927,
"idp": "mojeid",
"name": "firstName middleName lastName",
"family_name": "lastName",
"given_name": "firstName",
"middle_name": "middleName",
"birthdate": "1899-12-31",
"address": {
"formatted": "ul. Lirowa 137, Gdańsk, PostName, 80-298, Poland",
"street_address": "ul. Lirowa 137 Gdańsk",
"locality": "PostName",
"postal_code": "80-298",
"country": "Poland"
},
"nin": "99923106807",
"nin_type": "PERSON",
"nin_issuing_country": "PL",
"idp_issuer": "https://wb.kir.pl",
"transaction_id": "355f42c4-a1ec-a...-87af-1eaad9a89435",
"sandbox": true
}
Example of a response from the UserInfo endpoint:
{
"name": "firstName middleName lastName",
"family_name": "lastName",
"given_name": "firstName",
"middle_name": "middleName",
"birthdate": "1899-12-31",
"address": {
"formatted": "ul. Lirowa 137, Gdańsk, PostName, 80-298, Poland",
"street_address": "ul. Lirowa 137 Gdańsk",
"locality": "PostName",
"postal_code": "80-298",
"country": "Poland"
},
"nin": "99923106807",
"nin_type": "PERSON",
"nin_issuing_country": "PL",
"sub": "1q3Yf0-oFOvZCALyfLI98p0lgWgoSneWICAwQOzY18E=",
"idp_issuer":"https://wb.kir.pl",
}
Signicat Authentication REST API attributes
The Signicat Authentication REST API supports the following request attributes for mojeID:
Attribute | Sub-field (response) | Example | Description |
---|---|---|---|
name | Jane Doe | Full name of the end-user including first name, middle name, last name, titles and suffixes. | |
firstName | Jane | First name of the end-user. | |
middleName | Middle name(s) of the end-user. | ||
lastName | Doe | Last name of the end-user. | |
dateOfBirth | 1899-12-31 | Date of birth of the end-user represented as a string in YYYY-MM-DD date format. | |
nin | value | 99923106807 | The national identity number of the end-user. |
type | PERSON | The type of national identity number. | |
issuingCountry | PL | The country issuing the identity number. | |
nationality | PL | Nationality of the end-user. Value format is ISO 3166-1 alpha-2 country code. | |
address | { "formatted": "ul. Lirowa 137, Gdańsk, PostName, 80-298, Poland", "street_address": "ul. Lirowa 137 Gdańsk", "locality": "PostName", "postal_code": "80-298", "country": "Poland" }, | Postal address of the end-user. Formatted as JSON object containing the following fields:
| |
mojeidPlMailAddress | test@example.pl | Email address of the end-user. | |
mojeidPlIdDocumentType | PASSPORT | ID document type. Available values: IDENTITY_CARD , PASSPORT , RESIDENCE_CARD . | |
mojeidPlIdDocumentNumber | ID document number. | ||
mojeidPlIdDocumentIssueDate | 1899-12-31 | ID document issue date with format YYYY-MM-DD . | |
mojeidPlIdDocumentExpiryDate | 1899-12-31 | ID document expiry date with format YYYY-MM-DD . | |
mojeidPlBankAccountNumber | 86 10202498 1111222233334444 | Bank account number of the end-user. |
Authentication API response example
The following is an example of a response showing the end-user information attributes:
mojeid-pl
{
...
"id": "4ccb8a1b-6f40-e146-af1b-15f1c6eabb56",
"subject": {
"id": "tXOq9614vLHkXBkENWcZGQO02Fc98IPaHq6iRwK-ytA=",
"idpId": "rpx5rrbsn4ktvhm3m0q4uh2iepsdat34i9vf",
"name": "firstName middleName lastName",
"firstName": "firstName",
"middleName": "middleName",
"lastName": "lastName",
"dateOfBirth": "1899-12-31",
"nin": {
"value": "99923106807",
"issuingCountry": "PL",
"type": "PERSON",
},
},
...
}
SAML 2.0 attributes
SAML Authentication service
When integrating with SAML 2.0, use the following request attributes in your request with mojeID:
Attribute | Example | Description |
---|---|---|
name | Jane Doe | Full name of the end-user including first name, middle name, last name, titles and suffixes. |
firstName | Jane | First name of the end-user. |
middleName | Middle name(s) of the end-user. | |
lastName | Doe | Last name of the end-user. |
dateOfBirth | 1899-12-31 | Date of birth of the end-user represented as a string in YYYY-MM-DD date format. |
nin | 99923106807 | The response contains three separate fields for nin , nin.type and nin.issuingCountry , which represent respectively the national identity number of the end-user, the type of national identity number and the country issuing the identity number. |
PERSON | The type of national identity number. | |
PL | The country issuing the identity number. | |
nationality | PL | Nationality of the end-user. Value format is ISO 3166-1 alpha-2 country code. |
address | { "formatted": "ul. Lirowa 137, Gdańsk, PostName, 80-298, Poland", "street_address": "ul. Lirowa 137 Gdańsk", "locality": "PostName", "postal_code": "80-298", "country": "Poland" }, | Postal address of the end-user. Formatted as JSON object containing the following fields:
|
mojeidPlMailAddress | test@example.pl | Email address of the end-user. |
mojeidPlIdDocumentType | PASSPORT | ID document type. Available values: IDENTITY_CARD , PASSPORT , RESIDENCE_CARD . |
mojeidPlIdDocumentNumber | ID document number. | |
mojeidPlIdDocumentIssueDate | 1899-12-31 | ID document issue date with format YYYY-MM-DD . |
mojeidPlIdDocumentExpiryDate | 1899-12-31 | ID document expiry date with format YYYY-MM-DD . |
mojeidPlBankAccountNumber | 86 10202498 1111222233334444 | Bank account number of the end-user. |
SAML 2.0 response example
The following is a SAML 2.0 response example:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="<YOUR_SAML_ACS_ENDPOINT>" ID="_79c74fabd7a896ee879729c92ca6c231" InResponseTo="_064f5303e14c84a59d7eaa24b6cd3558" IssueInstant="2024-04-15T11:56:12.648Z" Version="2.0" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
https://<YOUR_SIGNICAT_DOMAIN>/auth/saml
</saml2:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
...
</ds:Signature>
<saml2p:Status>
<saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</saml2p:Status>
<saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="_d9da2112740b886681bf7da6185d986f" IssueInstant="2024-04-15T11:56:12.657Z" Version="2.0" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<saml2:Issuer>
https://<YOUR_SIGNICAT_DOMAIN>/auth/saml
</saml2:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
...
</ds:Signature>
<saml2:Subject>
<saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="https://wb.kir.pl">
tXOq9614vLHkXBkENW...QO02Fc98IPaHq6iRwK-ytA=
</saml2:NameID>
<saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml2:SubjectConfirmationData InResponseTo="_064f5303e14c84a59d7eaa24b6cd3558" NotOnOrAfter="2024-04-15T11:58:12.657Z" Recipient="<YOUR_SAML_ACS_ENDPOINT>"/>
</saml2:SubjectConfirmation>
</saml2:Subject>
<saml2:Conditions NotBefore="2024-04-15T11:56:07.657Z" NotOnOrAfter="2024-04-15T11:58:12.657Z">
<saml2:AudienceRestriction>
<saml2:Audience>
https://<YOUR_SIGNICAT_DOMAIN>/broker/authn/saml
</saml2:Audience>
</saml2:AudienceRestriction>
</saml2:Conditions>
<saml2:AttributeStatement>
<saml2:Attribute Name="name">
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">
Jane Doe
</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute Name="nin">
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">
99923106807
</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute Name="nin.type">
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">
PERSON
</saml2:AttributeValue>
</saml2:Attribute>
</saml2:Attribute>
<saml2:Attribute Name="nin.issuingCountry">
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">
PL
</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute Name="email">
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">
test@example.pl
</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute Name="idpId">
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">
rpx5rrbsn4ktvhm3m0...uh2iepsdat34i9vf
</saml2:AttributeValue>
</saml2:Attribute>
</saml2:AttributeStatement>
<saml2:AuthnStatement AuthnInstant="2024-04-14T11:56:12.657Z" SessionIndex="fbd7098e-f7bd-4291-820a-70c9c2c0dff0">
<saml2:AuthnContext>
<saml2:AuthnContextClassRef>
urn:oasis:names:tc:SAML:2.0:ac:classes:SmartcardPKI
</saml2:AuthnContextClassRef>
<saml2:AuthenticatingAuthority>
https://wb.kir.pl
</saml2:AuthenticatingAuthority>
</saml2:AuthnContext>
</saml2:AuthnStatement>
</saml2:Assertion>
</saml2p:Response>