Relying Party
The relying party is an OAuth client who should be able to authenticate the end user and get the user information. For availing these features, the relying party needs to partner with an e-Signet-compliant authentication system to register and integrate.
Connect with an authentication system which uses the e-Signet solution for onboarding relying parties. As a part of this activity, you should receive the environment details and register yourself to receive a client ID.
You can use our sandbox environment to integrate as well. For more details visit our page on Sandbox Details.
Create a webpage where the user is redirected after successful authentication and consent is provided. The URL of this page should be shared as a query parameter as part of the Authorization Endpoint.
Ensure that the redirect URI is also shared with the Authentication Partner to configure the same in the e-Signet server.
Add a button on your website (i.e, Log in with e-Signet), which should call the authorization endpoint and navigate the user to the e-Signet UI screen for authentication and consent capture.
get
https://api.esignet.io/v1/esignet
/authorize
Authorization Endpoint
After the authorization endpoint is called, the e-Signet server validates the request and redirects the user to the authentication screen.
After the authentication is performed successfully, the webpage will receive a "code" in the query parameter which is the "authorization code" to call the token API to get the ID and Access tokens.
In case of failure, the redirect URI webpage would receive an "error" and "error description" in the query parameter. The OIDC client can also define its behaviour in case of failure.
Once the authentication code is received, you can now call the token endpoint to get the ID and Access tokens.
post
https://api.esignet.io/v1/esignet
/oauth/token
Token Endpoint
Sample ID-token
header:
{
"kid": "NOt7BZBkG4nAAX0vE_-S4wT8S5cKUqDTLPOyaTJAu_w",
"alg": "RS256"
}
payload:
{
"at_hash": "ggJyqKcuYHdwARpWzeHKMMgDdRRNe61oN6O7xzEuyiY",
"sub": "268524736272681240519736297238054502",
"aud": "yzLgU7sj8fr2qcqL-MZjwYnl-5ADiClp7Ycj8LiUV5I",
"acr": "mosip:idp:acr:generated-code",
"auth_time": 1672759590,
"iss": "https://api.dev.mosip.net/v1/idp",
"exp": 1672766837,
"iat": 1672759637,
"nonce": "973eieljzng"
}
Access Token
header:
{
"kid": "NOt7BZBkG4nAAX0vE_-S4wT8S5cKUqDTLPOyaTJAu_w",
"alg": "RS256"
}
payload:
{
"sub": "268524736272681240519736297238054502",
"aud": "yzLgU7sj8fr2qcqL-MZjwYnl-5ADiClp7Ycj8LiUV5I",
"iss": "https://api.dev.mosip.net/v1/idp",
"exp": 1672766837,
"iat": 1672759637
}
Using the access token you can call the user info endpoint to get the user information as an encrypted JWT.
get
https://api.esignet.io/v1/esignet
/oidc/userinfo
UserInfo Endpoint
Example 1
{
"sub": "63EBC25D699305A26EE740A955852EAB2E6527BFF2F5E9E5562B502DACECD020",
"address": {
"street_address": "#991, 47 Street, 6 block",
"country": "KTA",
"locality": "KNT",
"region": "RSK",
"postal_code": "14022"
},
"gender": "Male",
"phone": "91600395660",
"name": "Manoj",
"email": "[email protected]"
}
Example 2
{
"sub": "63EBC25D699305A26EE740A955852EAB2E6527BFF2F5E9E5562B502DACECD020",
"name#en": "Manoj",
"address#en": {
"formatted#en": "#991, 47 Street, 6 block"
},
"phone": "91600395660",
"gender#kn": "ಗಂಡು",
"name#kn": "ಮನೋಜ್",
"address#kn": {
"formatted#kn": "#991, 47 ಸ್ಟ್ರೀಟ್, 6 ಬ್ಲಾಕ್"
},
"gender#en": "Male",
"email": "[email protected]"
}
The response is signed and then encrypted, with the result being a nested JWT. Signed using the authentication system's private key. Signed full JWT will then be encrypted using the OIDC client's public key.
e-Signet exposes APIs using which a relying party can be registered and receive credentials to connect with e-Signet.
post
https://api.esignet.io/v1/esignet
/client-mgmt/oidc-client
Create OIDC Client Endpoint
put
https://api.esignet.io/v1/esignet
/client-mgmt/oidc-client/{client_id}
Update OIDC Client Endpoint
You can connect with your identity provider for details to get registered and receive your client ID.
Last modified 1mo ago