# eSignet

The eSignet service is utilized by Inji Wallet for online login. Users have the ability to log in to any service provider portal that is integrated with eSignet.

## Online login

### QR code scanning and login to the service provider portal

The user is required to open the portal integrated with eSignet and utilize the app scanner to scan the QR code.

After successfully scanning the QR code, Inji Wallet will access the API below and transmit the link code.

#### Link Transaction endpoint V2

## Link Transaction endpoint V2

> The link transaction endpoint is invoked from Wallet-app.\
> \
> 1\. Validates the link-code and its expiry and generates the linkTransactionId. This linkTransactionId is linked to transactionId returned from /oauth-details endpoint.\
> \
> 2\. Returns the auth-factors, clientName, logoUrl, User claims, authorize scopes along with linkTransactionId.\
> \
> \*\*Note:\*\*\
> Wallet-app will hereafter address the transaction with this linkTransactionId for the /authenticate and /consent endpoints.

```json
{"openapi":"3.1.0","info":{"title":"e-Signet","version":"1.0"},"tags":[],"servers":[{"url":"https://esignet.collab.mosip.net/v1/esignet"}],"paths":{"/linked-authorization/v2/link-transaction":{"post":{"summary":"Link Transaction endpoint V2","operationId":"post-authorization-link-transaction-v2","responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"type":"object","properties":{"responseTime":{"type":"string"},"response":{"type":"object","properties":{"linkTransactionId":{"type":"string","description":"Unique link-transaction-id."},"clientName":{"type":"object","description":"OIDC client name in different languages where language is the key and client name\nis the value. Default name is passed in @none key."},"logoUrl":{"type":"string","description":"Registered OIDC client Logo URL."},"authorizeScopes":{"type":"array","description":"List of requested scopes to be permitted by the end user.","items":{"type":"string"}},"essentialClaims":{"type":"array","description":"List of client request mandatory claim names.","items":{"type":"string"}},"voluntaryClaims":{"type":"array","description":"List of client request optional claim names.","items":{"type":"string"}},"authFactors":{"type":"array","description":"Auth factors defines the authentication screens displayed in IDP frontend. More than one authFactor may be resolved or combination of auth factors. Precedence of authFactors is based on its order","items":{"type":"array","items":{"$ref":"#/components/schemas/AuthFactor"}}},"configs":{"type":"object"},"credentialScopes":{"type":"array","description":"List of valid credential scopes requested","items":{"type":"string"}}}},"errors":{"type":"array","items":{"type":"object","properties":{"errorCode":{"type":"string","enum":["invalid_link_code","invalid_transaction","invalid_client_id","unknown_error"]},"errorMessage":{"type":"string"}}}}}}}}}},"requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"requestTime":{"type":"string"},"request":{"type":"object","required":["linkCode"],"properties":{"linkCode":{"type":"string","description":"Link code as received by the wallet-app from the QR code scanning."}}}},"required":["requestTime","request"]}}}},"description":"The link transaction endpoint is invoked from Wallet-app.\n\n1. Validates the link-code and its expiry and generates the linkTransactionId. This linkTransactionId is linked to transactionId returned from /oauth-details endpoint.\n\n2. Returns the auth-factors, clientName, logoUrl, User claims, authorize scopes along with linkTransactionId.\n\n**Note:**\nWallet-app will hereafter address the transaction with this linkTransactionId for the /authenticate and /consent endpoints.","tags":["WALLET"]}}},"components":{"schemas":{"AuthFactor":{"title":"AuthFactor","type":"object","properties":{"type":{"type":"string","description":"Name of the authentication method","enum":["PIN","OTP","L1-bio-device","Wallet","KBA"]},"count":{"type":"integer","description":"Applicable for biometric based authentication, number of bio segments to be captured for authentication."},"bioSubTypes":{"type":"array","description":"Applicable for biometric based authentication. Can be more specific about which bio segments should be captured.","items":{"type":"string"}}},"required":["type"]}}}}
```

After successfully completing the offline face authentication and selecting the required and optional information, the two specified APIs are invoked.

#### Linked Authentication Endpoint V2

## Linked Authentication Endpoint V2

> Once end user provides the user identifier (UIN/VID) and all the required auth challenge to the Wallet-app, this endpoint will be invoked from wallet-app.\
> \
> Supported auth-challenge depends on the integrated authentication server.\
> \
> 1\. Validates linkedTransactionId.\
> 2\. Validates null / empty individualId.\
> 4\. Invokes kyc-auth call to integrated authentication server (IDA).\
> 5\. Relays error from integrated authentication server to UI on failure.\
> 6\. It validates stored userconsent against the requested claims and scopes\
> \
> On Authentication Success: linkTransactionId and consentAction is returned in the below response without any errors.\
> \
> On Authentication Failure: Error list will be set with the errors returned from the integrated authentication server.

```json
{"openapi":"3.1.0","info":{"title":"e-Signet","version":"1.0"},"tags":[],"servers":[{"url":"https://esignet.collab.mosip.net/v1/esignet"}],"paths":{"/linked-authorization/v2/authenticate":{"post":{"summary":"Linked Authentication Endpoint V2","operationId":"post-linked-authenticate-v2","responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"type":"object","properties":{"responseTime":{"type":"string"},"response":{"type":"object","properties":{"linkedTransactionId":{"type":"string","description":"This is the same transactionId sent in the oauth-details response."},"consentAction":{"type":"string","enum":["CAPTURE","NOCAPTURE"],"description":"This field indicates the need to capture user consent or not\n"}}},"errors":{"type":"array","description":"List of Errors in case of request validation / processing failure in Idp server.","items":{"type":"object","properties":{"errorCode":{"type":"string","enum":["invalid_transaction_id","invalid_transaction","invalid_identifier","invalid_no_of_challenges","auth_failed","unknown_error"]},"errorMessage":{"type":"string"}}}}}}}}}},"requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"requestTime":{"type":"string","pattern":"yyyy-MM-dd'T'HH:mm:ss.SSS'Z'"},"request":{"type":"object","required":["linkedTransactionId","individualId","challengeList"],"properties":{"linkedTransactionId":{"type":"string","description":"This is the same transactionId sent in the link-transaction response."},"individualId":{"type":"string","description":"User identifier (UIN/VID)."},"challengeList":{"type":"array","description":"Authentication Challenge.","items":{"$ref":"#/components/schemas/AuthChallenge"}}}}},"required":["requestTime","request"]}}},"description":""},"description":"Once end user provides the user identifier (UIN/VID) and all the required auth challenge to the Wallet-app, this endpoint will be invoked from wallet-app.\n\nSupported auth-challenge depends on the integrated authentication server.\n\n1. Validates linkedTransactionId.\n2. Validates null / empty individualId.\n4. Invokes kyc-auth call to integrated authentication server (IDA).\n5. Relays error from integrated authentication server to UI on failure.\n6. It validates stored userconsent against the requested claims and scopes\n\nOn Authentication Success: linkTransactionId and consentAction is returned in the below response without any errors.\n\nOn Authentication Failure: Error list will be set with the errors returned from the integrated authentication server.","parameters":[],"tags":["WALLET"]}}},"components":{"schemas":{"AuthChallenge":{"title":"AuthChallenge","type":"object","description":"Model to take any type of challenge from the end user as part of authenticate request.","properties":{"authFactorType":{"type":"string","description":"Defines the type of auth challenge. It should be same as authfactor.type (oauth-details response).","enum":["OTP","BIO","PIN","WLA","PWD","KBA"]},"challenge":{"type":"string","description":"Actual challenge as string."},"format":{"type":"string","description":"Format of the challenge provided.","enum":["alpha-numeric","jwt","encoded-json","number","base64url-encoded-json"]}},"required":["authFactorType","challenge","format"]}}}}
```

#### Linked Consent Endpoint V2

## Linked Consent Endpoint V2

> Once the authentication is successful and user consent is obtained, this endpoint will be invoked by the wallet app to send the accepted consent and permitted scopes.\
> \
> 1\. Validates linkedTransactionId.\
> 2\. Validate accepted claims and permitted scopes in the request and the signature.\
> 3\. If valid, stores the accepted claims, permitted scopes and signature in the consent registry.<br>

```json
{"openapi":"3.1.0","info":{"title":"e-Signet","version":"1.0"},"tags":[],"servers":[{"url":"https://esignet.collab.mosip.net/v1/esignet"}],"paths":{"/linked-authorization/v2/consent":{"post":{"summary":"Linked Consent Endpoint V2","operationId":"post-linked-consent-v2","description":"Once the authentication is successful and user consent is obtained, this endpoint will be invoked by the wallet app to send the accepted consent and permitted scopes.\n\n1. Validates linkedTransactionId.\n2. Validate accepted claims and permitted scopes in the request and the signature.\n3. If valid, stores the accepted claims, permitted scopes and signature in the consent registry.\n","requestBody":{"content":{"application/json":{"schema":{"type":"object","properties":{"requestTime":{"type":"string","pattern":"yyyy-MM-dd'T'HH:mm:ss.SSS'Z'"},"request":{"type":"object","required":["linkedTransactionId"],"properties":{"linkedTransactionId":{"type":"string","description":"Transaction id echoed starting from /authorize call."},"permittedAuthorizeScopes":{"type":"array","description":"List of permitted scopes by end-user.","items":{"type":"string"}},"acceptedClaims":{"type":"array","description":"List of accepted essential and voluntary claims by end-user.","items":{"type":"string"}},"signature":{"type":"string","description":"Signature of permittedscopes and acceptedclaims from inji"}}}},"required":["requestTime","request"]}}}},"parameters":[],"responses":{"200":{"description":"OK","content":{"application/json":{"schema":{"type":"object","properties":{"responseTime":{"type":"string"},"response":{"type":"object","properties":{"linkedTransactionId":{"type":"string","description":"This is the same transactionId sent in the link-transaction response."}}},"errors":{"type":"array","items":{"type":"object","properties":{"errorCode":{"type":"string","enum":["invalid_transaction_id","invalid_transaction","invalid_accepted_claim","invalid_permitted_scope"]},"errorMessage":{"type":"string"}}}}}}}}}},"tags":["WALLET"]}}}}
```