eSignet

The eSignet service is utilized by Inji Wallet for online login. Users have the ability to log in to any service provider portal that is integrated with eSignet.

Online login

QR code scanning and login to the service provider portal

The user is required to open the portal integrated with eSignet and utilize the app scanner to scan the QR code.

After successfully scanning the QR code, Inji Wallet will access the API below and transmit the link code.

Link Transaction endpoint V2

post

The link transaction endpoint is invoked from Wallet-app.

  1. Validates the link-code and its expiry and generates the linkTransactionId. This linkTransactionId is linked to transactionId returned from /oauth-details endpoint.

  2. Returns the auth-factors, clientName, logoUrl, User claims, authorize scopes along with linkTransactionId.

Note: Wallet-app will hereafter address the transaction with this linkTransactionId for the /authenticate and /consent endpoints.

Body
requestTimestringRequired
Responses
200
OK
application/json
post
POST /v1/esignet/linked-authorization/v2/link-transaction HTTP/1.1
Host: esignet.collab.mosip.net
Content-Type: application/json
Accept: */*
Content-Length: 83

{
  "requestTime": "2023-09-22T08:01:10.000Z",
  "request": {
    "linkCode": "xl4cnYtLQkGRxUj"
  }
}
200

OK

{
  "responseTime": "2023-09-22T08:01:13.000Z",
  "response": {
    "linkTransactionId": "qwert_yt46_hX0xlBJNExl9cnYtL8kGvcbf555",
    "clientName": {
      "eng": "Fastlane e-Sim Service",
      "fra": "Service e-Sim de Fastlane",
      "ara": "خدمة فاست لين e-SIM"
    },
    "logoUrl": "https://fastlane.com/logo.png",
    "authFactors": [
      [
        {
          "type": "OTP",
          "count": 0,
          "subTypes": null
        }
      ]
    ],
    "authorizeScopes": [],
    "credentialScopes": [],
    "essentialClaims": [
      "name",
      "address"
    ],
    "voluntaryClaims": [
      "email",
      "phone_number"
    ],
    "configs": {
      "sbi.env": "Staging",
      "sbi.threshold.face": 40,
      "sbi.threshold.finger": 40,
      "sbi.threshold.iris": 40
    }
  },
  "errors": null
}

After successfully completing the offline face authentication and selecting the required and optional information, the two specified APIs are invoked.

Linked Authentication Endpoint V2

Linked Authentication Endpoint V2

post

Once end user provides the user identifier (UIN/VID) and all the required auth challenge to the Wallet-app, this endpoint will be invoked from wallet-app.

Supported auth-challenge depends on the integrated authentication server.

  1. Validates linkedTransactionId.

  2. Validates null / empty individualId.

  3. Invokes kyc-auth call to integrated authentication server (IDA).

  4. Relays error from integrated authentication server to UI on failure.

  5. It validates stored userconsent against the requested claims and scopes

On Authentication Success: linkTransactionId and consentAction is returned in the below response without any errors.

On Authentication Failure: Error list will be set with the errors returned from the integrated authentication server.

Body
requestTimestringRequiredPattern: yyyy-MM-dd'T'HH:mm:ss.SSS'Z'
Responses
200
OK
application/json
post
POST /v1/esignet/linked-authorization/v2/authenticate HTTP/1.1
Host: esignet.collab.mosip.net
Content-Type: application/json
Accept: */*
Content-Length: 235

{
  "requestTime": "2023-09-22T08:01:10.000Z",
  "request": {
    "linkedTransactionId": "qwert_yt46_hX0xlBJNExl9cnYtL8kGvcbf555",
    "individualId": "34543276756",
    "challengeList": [
      {
        "authFactorType": "OTP",
        "challenge": "111111",
        "format": "alpha-numeric"
      }
    ]
  }
}
200

OK

{
  "responseTime": "2023-09-22T08:01:13.000Z",
  "response": {
    "linkedTransactionId": "qwert_yt46_hX0xlBJNExl9cnYtL8kGvcbf555",
    "consentAction": "CAPTURE"
  },
  "errors": []
}

Linked Consent Endpoint V2

post

Once the authentication is successful and user consent is obtained, this endpoint will be invoked by the wallet app to send the accepted consent and permitted scopes.

  1. Validates linkedTransactionId.

  2. Validate accepted claims and permitted scopes in the request and the signature.

  3. If valid, stores the accepted claims, permitted scopes and signature in the consent registry.

Body
requestTimestringRequiredPattern: yyyy-MM-dd'T'HH:mm:ss.SSS'Z'
Responses
200
OK
application/json
post
POST /v1/esignet/linked-authorization/v2/consent HTTP/1.1
Host: esignet.collab.mosip.net
Content-Type: application/json
Accept: */*
Content-Length: 241

{
  "requestTime": "2023-09-22T08:01:13.000Z",
  "request": {
    "linkedTransactionId": "qwert_yt46_hX0xlBJNExl9cnYtL8kGvcbf555",
    "permittedAuthorizeScopes": [],
    "acceptedClaims": [
      "name",
      "email",
      "phone_number",
      "address"
    ],
    "signature": "<detached signature>"
  }
}
200

OK

{
  "responseTime": "2023-09-22T08:01:14.000Z",
  "response": {
    "linkedTransactionId": "qwert_yt46_hX0xlBJNExl9cnYtL8kGvcbf555"
  },
  "errors": []
}

Last updated

Was this helpful?