eSignet

The eSignet service is utilized by Inji Wallet for online login and downloading the VC. Users have the ability to log in to any service provider portal that is integrated with eSignet.

The user is required to open the portal integrated with eSignet and utilize the app scanner to scan the QR code.

After successfully scanning the QR code, Inji Wallet will access the API below and transmit the link code.

Link Transaction endpoint

The link transaction endpoint is invoked from Wallet-app.

Validates the link-code and its expiry and generates the linkTransactionId. This linkTransactionId is linked to transactionId returned from /oauth-details endpoint.
Returns the auth-factors, clientName, logoUrl, User claims, authorize scopes along with linkTransactionId.

Note: Wallet-app will hereafter address the transaction with this linkTransactionId for the /authenticate and /consent endpoints.

POSThttps://esignet.collab.mosip.net/v1/esignet/linked-authorization/link-transaction

Body

requestTime*string

request*object

Response

Body

responseTimestring

responseobject

errorsarray of object

Request

const response = await fetch('https://esignet.collab.mosip.net/v1/esignet/linked-authorization/link-transaction', {
    method: 'POST',
    headers: {
      "Content-Type": "application/json"
    },
    body: JSON.stringify({
      "requestTime": "2023-09-22T08:01:10.000Z",
      "request": {
        "linkCode": "xl4cnYtLQkGRxUj"
      }
    }),
});
const data = await response.json();

Response

{
  "responseTime": "text",
  "response": {
    "linkTransactionId": "text",
    "clientName": "text",
    "logoUrl": "text",
    "authorizeScopes": [
      "text"
    ],
    "essentialClaims": [
      "text"
    ],
    "voluntaryClaims": [
      "text"
    ],
    "authFactors": [
      [
        {
          "type": "PIN",
          "bioSubTypes": [
            "text"
          ]
        }
      ]
    ]
  },
  "errors": [
    {
      "errorCode": "invalid_link_code",
      "errorMessage": "text"
    }
  ]
}

After successfully completing the offline face authentication and selecting the required and optional information, the two specified APIs are invoked.

Linked Authentication Endpoint

Once end user provides the user identifier (UIN/VID) and all the required auth challenge to the Wallet-app, this endpoint will be invoked from wallet-app.

Supported auth-challenge depends on the integrated authentication server.

Validates linkedTransactionId.
Validates null / empty individualId.
Invokes kyc-auth call to integrated authentication server (IDA).
Relays error from integrated authentication server to UI on failure.

On Authentication Success: Only linkTransactionId is returned in the below response without any errors.

On Authentication Failure: Error list will be set with the errors returned from the integrated authentication server.

POSThttps://esignet.collab.mosip.net/v1/esignet/linked-authorization/authenticate

Body

requestTime*string

Pattern: yyyy-MM-dd'T'HH:mm:ss.SSS'Z'

request*object

Response

Body

responseTimestring

responseobject

errorsarray of object

List of Errors in case of request validation / processing failure in Idp server.

Request

const response = await fetch('https://esignet.collab.mosip.net/v1/esignet/linked-authorization/authenticate', {
    method: 'POST',
    headers: {
      "Content-Type": "application/json"
    },
    body: JSON.stringify({
      "requestTime": "2023-09-22T08:01:10.000Z",
      "request": {
        "linkedTransactionId": "qwert_yt46_hX0xlBJNExl9cnYtL8kGvcbf555",
        "individualId": "34543276756",
        "challengeList": [
          {
            "authFactorType": "OTP",
            "challenge": "111111",
            "format": "alpha-numeric"
          }
        ]
      }
    }),
});
const data = await response.json();

Response

{
  "responseTime": "text",
  "response": {
    "linkedTransactionId": "text"
  },
  "errors": [
    {
      "errorCode": "invalid_transaction_id",
      "errorMessage": "text"
    }
  ]
}

Once the authentication is successful and user consent is obtained, this endpoint will be invoked by the wallet app to send the accepted consent and permitted scopes.

Validates linkedTransactionId.
Validate accepted claims and permitted scopes in the request.
If valid, stores the accepted claims and permitted scopes in the cache.

POSThttps://esignet.collab.mosip.net/v1/esignet/linked-authorization/consent

Body

requestTime*string

Pattern: yyyy-MM-dd'T'HH:mm:ss.SSS'Z'

request*object

Response

Body

responseTimestring

responseobject

errorsarray of object

Request

const response = await fetch('https://esignet.collab.mosip.net/v1/esignet/linked-authorization/consent', {
    method: 'POST',
    headers: {
      "Content-Type": "application/json"
    },
    body: JSON.stringify({
      "requestTime": "2023-09-22T08:01:10.000Z",
      "request": {
        "linkedTransactionId": "qwert_yt46_hX0xlBJNExl9cnYtL8kGvcbf555",
        "permittedAuthorizeScopes": [],
        "acceptedClaims": [
          "name",
          "email",
          "phone_number",
          "address"
        ]
      }
    }),
});
const data = await response.json();

Response

{
  "responseTime": "text",
  "response": {
    "linkedTransactionId": "text"
  },
  "errors": [
    {
      "errorCode": "invalid_transaction_id",
      "errorMessage": "text"
    }
  ]
}

Download VC

The user is currently on the Add new card screen and chooses the option to Download via eSignet.

Inji Wallet utilizes the react-native-app-auth library to authorize and redirect the user to the eSignet user interface. The configuration for redirection is retrieved as part of the issuer's configuration.
Once the user is on the eSignet user interface, they input the necessary information such as a unique ID and OTP (One-time Password). After entering the OTP, the user is redirected back to Inji Wallet in order to generate a key pair and initiate the request to download the credential.

For credential request, refer credential_endpoint attribute in issuer's configuration response.

VC Issuance endpoint

Once the access token is received via the token endpoint, Wallet should invoke this endpoint to get the verifiable credential.

POSThttps://esignet.collab.mosip.net/v1/esignet/vci/credential

Authorization

Body

format*enum

Format of the Credential to be issued.

ldp_vcjwt_vc_jsonjwt_vc_json-ld

proof*CredentialProof

JSON object containing proof of possession of the key material the issued Credential shall be bound to.

credential_definition*CredentialDefinition

JSON object containing (and isolating) the detailed description of the credential type. * This object MUST be processed using full JSON-LD processing. * It consists of the following sub claims: * @context: REQUIRED. JSON array * types: REQUIRED. JSON array. This claim contains the type values the Wallet shall request * in the subsequent Credential Request.

Response

Body

format*string

JSON string denoting the format of the issued Credential.

credential*objectstring

Contains issued Credential. MUST be present when acceptance_token is not returned. MAY be a JSON string or a JSON object, depending on the Credential format.

Request

const response = await fetch('https://esignet.collab.mosip.net/v1/esignet/vci/credential', {
    method: 'POST',
    headers: {
      "Authorization": "Bearer <token>",
      "Content-Type": "application/json"
    },
    body: JSON.stringify({
      "format": "ldp_vc",
      "credential_definition": {
        "type": [
          "VerifiableCredential",
          "SampleVerifiableCredential_ldp"
        ],
        "@context": [
          "https://www.w3.org/2018/credentials/v1"
        ]
      },
      "proof": {
        "proof_type": "jwt",
        "jwt": "eyJ0eXAiOiJvcGVuaWQ0dmNpLXByb29mK2p3dCIsImFsZyI6IlJTMjU2IiwiandrIjp7Imt0eSI6IlJTQSIsIm4iOiJtYzdzbWdHd0N6ZzZ5WENoM2ZYc3hTc2ROZlFzM3BTZGdZZUstdnpnYWZCQkNBTnZ2YWxqeUJ2YTlYZzA5YWhLMG9KV0hZY2p3Rm5QeU5uX0dkSjJValZPRlJDbllZNWZvejUxbmt0NUJod2l1V1IteWpZN2NZaXI5MjAySlI2RldaNExpamVVNm54WUVrbnFxZ1B6LXZmU0pSa2M5b2t6VEJ4LW9qb0FaOWJTaUJqMm9XNzVsWkhrMlBoU0NkTDNtQzUyaVRkUWpra2NFNHY0ZVpzWVBrZVROSmlmWE1sQ1J3Mlg0X1N6d2N3YkNNWUJqWlhRUFJ1OXdudEJqd0NUOGZTaDJjZVlCdUs4YlViQXBLelhDSGotUnAwZHMyMDdtbEFhcnRlRURhMS1qbW5ZYWxxS2lfQ2tzU1ZuNEQyMThXOWZHSElYcEJlSXBTWjlHc3hHdXciLCJlIjoiQVFBQiIsImtpZCI6IkY1R0hPai1STHF0S19TSUtabmx4ckpoTFN4MFAyVlZsNFVzTXpuT1ByNW8iLCJhbGciOiJSUzI1NiIsInVzZSI6InNpZyJ9fQ.eyJpYXQiOjE2OTg2NDY2NDMsIm5iZiI6MTY5ODY0NjY0MywiZXhwIjoxNjk4NjQ3MjQ4LCJqdGkiOiJPR0J3RjRCNGNsSWJzWUxGT3ZWM2IiLCJhdWQiOiJodHRwczovL2VzaWduZXQtbW9jay5jb2xsYWIubW9zaXAubmV0L3YxL2VzaWduZXQiLCJub25jZSI6IllXZUluR2MwdVljcHQ1TlZLcTVYIiwiaXNzIjoiODhWanQzNGM1VHd6MW9KIn0.MMVBHdIpvmRwBw4-MY6LaE4p-k5NwCRcwktKCK3MvNiJ5LNqx_Z4lJ23x359IxFtpMNbH0xnC0ajU-mYLJRJ7WsbKWemENmHp3e7nRDzDlDufu92vzh_dmHvxmcxQQKEEr_xH5c8vypUANsAbg8Ltas6eoe5jFoSrS-Oi4TNplw8aoS4cdH16ezEdb1RtluSKi5tajM9eS2reREj3sFXyVphxIxCUD6VbwuvByPPOWhSVf4bW_pCAoztiRJ9Fc_WXR7XLTIn3i46QczopaBIp8xPwEbBE_cl3Lo9etA0oLOxnRz6bzk5sa-ZtvVnsW4vOusy3mzSjVe10oHxWgw2CQ"
      }
    }),
});
const data = await response.json();

Response

{
  "format": "text"
}

Last updated 3 months ago

const response = await fetch('https://esignet.collab.mosip.net/v1/esignet/vci/credential', { method: 'POST', headers: { "Authorization": "Bearer <token>", "Content-Type": "application/json" }, body: JSON.stringify({ "format": "ldp_vc", "credential_definition": { "type": [ "VerifiableCredential", "SampleVerifiableCredential_ldp" ], "@context": [ "https://www.w3.org/2018/credentials/v1" ] }, "proof": { "proof_type": "jwt", "jwt": "eyJ0eXAiOiJvcGVuaWQ0dmNpLXByb29mK2p3dCIsImFsZyI6IlJTMjU2IiwiandrIjp7Imt0eSI6IlJTQSIsIm4iOiJtYzdzbWdHd0N6ZzZ5WENoM2ZYc3hTc2ROZlFzM3BTZGdZZUstdnpnYWZCQkNBTnZ2YWxqeUJ2YTlYZzA5YWhLMG9KV0hZY2p3Rm5QeU5uX0dkSjJValZPRlJDbllZNWZvejUxbmt0NUJod2l1V1IteWpZN2NZaXI5MjAySlI2RldaNExpamVVNm54WUVrbnFxZ1B6LXZmU0pSa2M5b2t6VEJ4LW9qb0FaOWJTaUJqMm9XNzVsWkhrMlBoU0NkTDNtQzUyaVRkUWpra2NFNHY0ZVpzWVBrZVROSmlmWE1sQ1J3Mlg0X1N6d2N3YkNNWUJqWlhRUFJ1OXdudEJqd0NUOGZTaDJjZVlCdUs4YlViQXBLelhDSGotUnAwZHMyMDdtbEFhcnRlRURhMS1qbW5ZYWxxS2lfQ2tzU1ZuNEQyMThXOWZHSElYcEJlSXBTWjlHc3hHdXciLCJlIjoiQVFBQiIsImtpZCI6IkY1R0hPai1STHF0S19TSUtabmx4ckpoTFN4MFAyVlZsNFVzTXpuT1ByNW8iLCJhbGciOiJSUzI1NiIsInVzZSI6InNpZyJ9fQ.eyJpYXQiOjE2OTg2NDY2NDMsIm5iZiI6MTY5ODY0NjY0MywiZXhwIjoxNjk4NjQ3MjQ4LCJqdGkiOiJPR0J3RjRCNGNsSWJzWUxGT3ZWM2IiLCJhdWQiOiJodHRwczovL2VzaWduZXQtbW9jay5jb2xsYWIubW9zaXAubmV0L3YxL2VzaWduZXQiLCJub25jZSI6IllXZUluR2MwdVljcHQ1TlZLcTVYIiwiaXNzIjoiODhWanQzNGM1VHd6MW9KIn0.MMVBHdIpvmRwBw4-MY6LaE4p-k5NwCRcwktKCK3MvNiJ5LNqx_Z4lJ23x359IxFtpMNbH0xnC0ajU-mYLJRJ7WsbKWemENmHp3e7nRDzDlDufu92vzh_dmHvxmcxQQKEEr_xH5c8vypUANsAbg8Ltas6eoe5jFoSrS-Oi4TNplw8aoS4cdH16ezEdb1RtluSKi5tajM9eS2reREj3sFXyVphxIxCUD6VbwuvByPPOWhSVf4bW_pCAoztiRJ9Fc_WXR7XLTIn3i46QczopaBIp8xPwEbBE_cl3Lo9etA0oLOxnRz6bzk5sa-ZtvVnsW4vOusy3mzSjVe10oHxWgw2CQ" } }), }); const data = await response.json();

Online login

QR code scanning and login to the service provider portal

Link Transaction endpoint

Linked Authentication Endpoint

Linked Consent Endpoint

Download VC

VC Issuance endpoint

Linked Consent Endpoint

Linked Authentication Endpoint

Link Transaction endpoint

VC Issuance endpoint