Authentication System
This system is an identity repository that stores the individual's demographic and biometric information to perform authentication and provide user information. As part of this integration with e-Signet, the authentication system should implement below interfaces,
This is the main interface of e-Signet. Provides methods to authenticate the end-user with control of the supported authentication factors. If OTP is one of the supported authentication factors, the interface provides a method to define the supported OTP channels and implement the send-OTP functionality.
As per OIDC standards, all the certificates used to verify the user data must be published in
/.well-known/jwks.json
endpoint. This interface provides a method to return a list of X509 certificates (both active and expired).The two main functionalities of this interface, KYC Auth and KYC Exchange are depicted in the diagram below

The Authenticator implementation class must be annotated with
ConditionalOnProperty
with mosip.esignet.integration.authenticator
property. Ex:@ConditionalOnProperty(value = "mosip.esignet.integration.authenticator", havingValue = "mock-authentication-service")
@Component
@Slf4j
public class MockAuthenticationService implements Authenticator {
//Implement authenticator methods
}
This interface provides a method to bind a
individualId
with a public key. On successful binding, returns a signed certificate walletUserId
which uniquely identifies a user. It is expected that the KeyBinder
implementation takes care of overriding previously bound certificates with the newly generated signed certificate for a user.Individual needs to be authenticated before binding key. It is structured to accept any type of auth challenge, namely OTP/ BIO.
The bound certificate will then be usable to do token-based authentication like WLA (Wallet Local Authentication) from any digital wallet app.


The KeyBinder implementation class must be annotated with
ConditionalOnProperty
with mosip.esignet.integration.key-binder
property. Ex:@ConditionalOnProperty(value = "mosip.esignet.integration.key-binder", havingValue = "mock-keybinder-service")
@Component
@Slf4j
public class MockKeyBindingWrapperService implements KeyBinder {
//Implement keybinder methods
}
This interface provides two methods to audit any action in e-Signet. An instance of this audit plugin is injected into all the services of e-Signet, and almost all the events are audited.
The Audit plugin implementation class must be annotated with
ConditionalOnProperty
with mosip.esignet.integration.audit-plugin
property. Ex:@ConditionalOnProperty(value = "mosip.esignet.integration.audit-plugin", havingValue = "mock-audit-service")
@Component
@Slf4j
public class LoggerAuditService implements AuditPlugin {
//Implement audit plugin methods
}
Last modified 1mo ago