Attributes reference
You use mojeID to verify the identity of end-users and obtain relevant personal information.
This page shows what end-user information is available for a given authentication protocol.
Available attributes
Attributes (scopes in OIDC) allow your application to specify the desired set of user data for each authentication.
The attributes an application should request depend on which user information your use case needs and the type of contract you signed with KIR.
After the end-user consents to share the requested attributes and completes an authentication, you can retrieve their personal details.
PESEL number
The PESEL number is the Polish national identity number.
The number is 11 digits long with format YYMMDDZZZXQ, where YYMMDD corresponds to the date of birth, ZZZ is a unique ID number, X represents the biological sex (even numbers for females, odd numbers for males) and Q is a check digit used to validate a given PESEL number.
OIDC scopes and claims
With OIDC, you specify scopes in the authorization request that triggers an identity verification flow.
After the end-user verifies themselves, consents to sharing their data and the flow is complete, you can retrieve the claims in the ID Token or through the UserInfo endpoint.
Use the following OIDC scopes in your request to perform end-user authentication with mojeID:
OIDC response example
Below, you find an example of a response obtained from an identity verification flow with mojeID.
Scopes in request: openid, nin, address, profile
Example of ID token in response:
{
"iss": "https://<YOUR_SIGNICAT_DOMAIN>/auth/open",
"nbf": 1712237928,
"iat": 1712237928,
"exp": 1712238528,
"aud": "<OIDC_CLIENT_ID>",
"amr": [
"external"
],
"at_hash": "0zAbHkX...IeNDhkFoWlhKg",
"sid": "8930E9EC6FAF...874DF7BA6FC907383",
"sub": "1q3Yf0-oFOvZCALyfLI98p0lgWgoSneWICAwQOzY18E=",
"auth_time": 1712237927,
"idp": "mojeid",
"name": "firstName middleName lastName",
"family_name": "lastName",
"given_name": "firstName",
"middle_name": "middleName",
"birthdate": "1899-12-31",
"address": {
"formatted": "ul. Lirowa 137, Gdańsk, PostName, 80-298, Poland",
"street_address": "ul. Lirowa 137 Gdańsk",
"locality": "PostName",
"postal_code": "80-298",
"country": "Poland"
},
"nin": "99923106807",
"nin_type": "PERSON",
"nin_issuing_country": "PL",
"idp_issuer": "https://wb.kir.pl",
"transaction_id": "355f42c4-a1ec-a...-87af-1eaad9a89435",
"sandbox": true
}
Example of a response from the UserInfo endpoint:
{
"name": "firstName middleName lastName",
"family_name": "lastName",
"given_name": "firstName",
"middle_name": "middleName",
"birthdate": "1899-12-31",
"address": {
"formatted": "ul. Lirowa 137, Gdańsk, PostName, 80-298, Poland",
"street_address": "ul. Lirowa 137 Gdańsk",
"locality": "PostName",
"postal_code": "80-298",
"country": "Poland"
},
"nin": "99923106807",
"nin_type": "PERSON",
"nin_issuing_country": "PL",
"sub": "1q3Yf0-oFOvZCALyfLI98p0lgWgoSneWICAwQOzY18E=",
"idp_issuer":"https://wb.kir.pl",
}
Signicat Authentication REST API attributes
The Signicat Authentication REST API supports the following request attributes for mojeID:
Authentication API response example
The following is an example of a response showing the end-user information attributes:
mojeid-pl
{
...
"id": "4ccb8a1b-6f40-e146-af1b-15f1c6eabb56",
"subject": {
"id": "tXOq9614vLHkXBkENWcZGQO02Fc98IPaHq6iRwK-ytA=",
"idpId": "rpx5rrbsn4ktvhm3m0q4uh2iepsdat34i9vf",
"name": "firstName middleName lastName",
"firstName": "firstName",
"middleName": "middleName",
"lastName": "lastName",
"dateOfBirth": "1899-12-31",
"nin": {
"value": "99923106807",
"issuingCountry": "PL",
"type": "PERSON",
},
},
...
}
SAML 2.0 attributes
SAML Authentication service
When integrating with SAML 2.0, use the following request attributes in your request with mojeID:
SAML 2.0 response example
The following is a SAML 2.0 response example:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://*SP_APP_DOMAIN*/saml/acs" ID="_79c74fabd7a896ee879729c92ca6c231" InResponseTo="_064f5303e14c84a59d7eaa24b6cd3558" IssueInstant="2024-04-15T11:56:12.648Z" Version="2.0" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
https://*YOUR_SIGNICAT_DOMAIN*/auth/saml
</saml2:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
XML_SIGNATURE
</ds:Signature>
<saml2p:Status>
<saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</saml2p:Status>
<saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="_d9da2112740b886681bf7da6185d986f" IssueInstant="2024-04-15T11:56:12.657Z" Version="2.0" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<saml2:Issuer>
https://*YOUR_SIGNICAT_DOMAIN*/auth/saml
</saml2:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
XML_SIGNATURE
</ds:Signature>
<saml2:Subject>
<saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="https://wb.kir.pl">
tXOq9614vLHkXBkENW...QO02Fc98IPaHq6iRwK-ytA=
</saml2:NameID>
<saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml2:SubjectConfirmationData InResponseTo="_064f5303e14c84a59d7eaa24b6cd3558" NotOnOrAfter="2024-04-15T11:58:12.657Z" Recipient="https://*SP_APP_DOMAIN*/saml/acs"/>
</saml2:SubjectConfirmation>
</saml2:Subject>
<saml2:Conditions NotBefore="2024-04-15T11:56:07.657Z" NotOnOrAfter="2024-04-15T11:58:12.657Z">
<saml2:AudienceRestriction>
<saml2:Audience>ENTITY_ID</saml2:Audience>
</saml2:AudienceRestriction>
</saml2:Conditions>
<saml2:AttributeStatement>
<saml2:Attribute Name="name">
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">
Jane Doe
</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute Name="nin">
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">
99923106807
</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute Name="nin.type">
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">
PERSON
</saml2:AttributeValue>
</saml2:Attribute>
</saml2:Attribute>
<saml2:Attribute Name="nin.issuingCountry">
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">
PL
</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute Name="email">
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">
test@example.pl
</saml2:AttributeValue>
</saml2:Attribute>
<saml2:Attribute Name="idpId">
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">
rpx5rrbsn4ktvhm3m0...uh2iepsdat34i9vf
</saml2:AttributeValue>
</saml2:Attribute>
</saml2:AttributeStatement>
<saml2:AuthnStatement AuthnInstant="2024-04-14T11:56:12.657Z" SessionIndex="fbd7098e-f7bd-4291-820a-70c9c2c0dff0">
<saml2:AuthnContext>
<saml2:AuthnContextClassRef>
urn:oasis:names:tc:SAML:2.0:ac:classes:SmartcardPKI
</saml2:AuthnContextClassRef>
<saml2:AuthenticatingAuthority>
https://wb.kir.pl
</saml2:AuthenticatingAuthority>
</saml2:AuthnContext>
</saml2:AuthnStatement>
</saml2:Assertion>
</saml2p:Response>