Skip to main content

Attributes reference

You use SMS OTP to authenticate your end-users with a one-time password (OTP) sent to their phone by SMS. After authentication, you can receive their phone number.

This page shows scopes, attributes and response examples for each authentication protocol.

OIDC scopes and claims

OIDC scopes enable your application to specify the desired set of user data for each authentication.

ScopeClaimDescriptionExample
openididp_issuerThe IdP used during authentication.otp-sms
idp-ididp_idThe phone number of the user.+447700900000

Advanced configuration

ACR values

In OIDC, the acr_values query parameter lets your application specify the authentication context requirements for end-user authentication.

When building the OIDC authentication request for SMS OTP, the following keys apply:

KeyDescriptionValue example
idpDefines which IdP to use. This works in conjunction with login_hint.otp-sms
otp_sms_senderOverrides the SMS sender name displayed to the recipient. The value cannot contain spaces; use a double underscore instead.Signicat__AS
More information about acr_values

To learn more about generic acr_values that you can use in authentication requests to Signicat, see the acr_values reference page.

Set the UI language

To change the language on the SMS OTP UI, use the query string parameter ui_locales in the OIDC authorization request. For example, use ui_locales=gr to set the SMS OTP UI to Greek.

SMS OTP supports the following languages in ISO 639-1 format:

LanguageParameter
Danishda
Dutchnl
English (default)en
Finnishfi
Greekel
Norwegianno
Swedishsv

Note: English is the default language.

Examples

OIDC request example

To trigger an authentication, you build an OIDC request like:

https://<YOUR_SIGNICAT_DOMAIN>/auth/open/connect/authorize?
&client_id=<OIDC_CLIENT_ID>
&response_type=code
&redirect_uri=<REDIRECT_URI>
&state=1599045135410-jFe
&scope=openid%20idp-id
&acr_values=idp:otp-sms
&prompt=login
&ui_locales=en
&nonce=1599046102647-dv4

OIDC response example

Below, you find an example of a response example for the UserInfo endpoint.

Scopes in request: openid, idp-id

Response example:

{
"idp_id":"+447700900000",
"sub":"TOuh-Q-Qx2-EBXT3a3OgaoGXgQSx55ggpIym7PNOg=",
"idp_issuer":"otp-sms"
}

Signicat Authentication REST API attributes

The Signicat Authentication REST API supports the following request and response attributes for SMS OTP:

AttributesExampleDescription
idpId+447700900000The phone number of the user.

Additional parameters

When sending requests to the Signicat Authentication REST API, you can customise end-user authentication with the additionalParameters field. The key-values you define in the additionalParameters field vary depending on the ID method.

SMS OTP supports the following parameters:

KeyDescriptionValue example
otp_sms_senderOverrides the SMS sender name displayed to the recipient for a specific request.Signicat AS

Example in a request payload:

    ...
{
"additionalParameters": {
"otp_sms_sender": "Signicat AS"
}
}
...

Set the UI language

To change the language on the SMS OTP UI, use the language parameter in the payload of your request to the CreateSession endpoint. For example, use "language": "gr" to set the SMS OTP UI to Greek.

SMS OTP supports the following languages in ISO 639-1 format:

LanguageParameter
Danishda
Dutchnl
English (default)en
Finnishfi
Greekel
Norwegianno
Swedishsv

Note: English is the default language.

Examples

Authentication API request example

To create a session using the Authentication REST API, you send a POST request to the CreateSession endpoint. This is https://api.signicat.com/auth/rest/sessions.

You define the parameters of the session in the payload of the request. For example:

{
"allowedProviders": [
"otp-sms"
],
"flow": "redirect",
"language": "en",
"requestedAttributes": [
"idpId",
],
{
"additionalParameters": {
"otp_sms_sender": "Signicat AS"
},
}
"callbackUrls": {
"success": "https://example.com/success",
"abort": "https://example.com/abort",
"error": "https://example.com/error"
}
}

Authentication API response example

The following is an example of a response:

{
...
"id": "4ccb8a1b-6f40-e146-af1b-15f1c6eabb56",
"status": "SUCCESS",
"provider": "otp-sms",
"subject": {
"id": "TOuh-Q-Qx2-XXXXXXXXXXXX",
"idpId": "+447700900000",
}
...
}

SAML 2.0 attributes

SAML 2.0 Protocol AttributeExampleDescription
idpId+447700900000The phone number of the user.

Additional attributes

Apart from regular requested attributes, the AuthnRequest to Signicat may contain additional parameters in the Extensions in the form of RequestedAttributes. To process these, the name of the RequestedAttribute should be of the form signicat:param:parametername. These can optionally contain a string type value.

With SMS OTP, you can override the SMS sender name displayed to the recipient:

SAML 2.0 Requested AttributeExampleDescription
otp_sms_senderSignicat ASOverrides the SMS sender name displayed to the recipient for a specific request.

For example, the request would contain:

<saml2p:Extensions xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
<req-attr:RequestedAttributes xmlns:req-attr="urn:oasis:names:tc:SAML:protocol:ext:req-attr">
<md:RequestedAttribute xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
Name="signicat:param:otp_sms_sender"
isRequired="true"
>
<saml2:AttributeValue xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xsi:type="xsd:string">Signicat AS</saml2:AttributeValue>
</md:RequestedAttribute>
</req-attr:RequestedAttributes>
</saml2p:Extensions>

Response example

<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="..." ID="..." InResponseTo="..." IssueInstant="2023-08-18T13:21:19.716Z" Version="2.0">
<saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://*YOUR_SIGNICAT_DOMAIN*/auth/saml</saml2:Issuer>
<saml2p:Status>
<saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</saml2p:Status>
<saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema" ID="_59c600d2f1f8695fd2b837c6f0be0faf" IssueInstant="2023-07-18T13:21:19.736Z" Version="2.0">
<saml2:Issuer>https://*YOUR_SIGNICAT_DOMAIN*/auth/saml</saml2:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference URI="#_59c600d2f1f8695fd2b837c6f0be0fss">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="xsd"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>...</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>SIGNATURE_VALUE</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>X509_CERTIFICATE</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<saml2:Subject>
<saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="smt-otp">OZWWk8DKdFYf1JzLU8zJtku0uXkPaLvnIt</saml2:NameID>
<saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml2:SubjectConfirmationData InResponseTo="_2d3e23bb30673b750e73e1f4e5b89f8e" NotOnOrAfter="2023-08-18T13:23:19.736Z" Recipient="RECIPIENT"/>
</saml2:SubjectConfirmation>
</saml2:Subject>
<saml2:Conditions NotBefore="2023-08-18T13:21:14.737Z" NotOnOrAfter="2023-08-18T13:23:19.737Z">
<saml2:AudienceRestriction>
<saml2:Audience>ENTITY_ID</saml2:Audience>
</saml2:AudienceRestriction>
</saml2:Conditions>
<saml2:AttributeStatement>
<saml2:Attribute Name="idpId">
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">+447700900000</saml2:AttributeValue>
</saml2:Attribute>
</saml2:AttributeStatement>
<saml2:AuthnStatement AuthnInstant="2023-08-18T13:21:19.737Z" SessionIndex="XXXXXXX-fdff-47c9-b65f-XXXXXXX">
<saml2:AuthnContext>
<saml2:AuthnContextClassRef>substantial</saml2:AuthnContextClassRef>
<saml2:AuthenticatingAuthority>otp-sms</saml2:AuthenticatingAuthority>
</saml2:AuthnContext>
</saml2:AuthnStatement>
</saml2:Assertion>
</saml2p:Response>