The Authenticator plugin is the main interface for eSignet, which provides methods to authenticate the end-user with control of the supported authentication factors.
The two main functionalities of the authenticator interface, KYC Auth and KYC Exchange, are depicted in the below diagram
Below is the eSignet authenticator interface,
publicinterfaceAuthenticator { /** * Delegate request to authenticate the user, and get KYC token * @param relyingPartyId Relying Party (RP) ID. This ID will be provided during the partner self registration process * @param clientId OIDC client Id. Auto-generated while creating OIDC client in PMS * @param kycAuthDto * @return KYC Token and Partner-specific User Token (PSUT) * @throwsKycAuthException */KycAuthResultdoKycAuth(String relyingPartyId,String clientId,KycAuthDto kycAuthDto)throwsKycAuthException; /** * Delegate request to exchange KYC token with encrypted user data * @param relyingPartyId Relying Party (RP) ID. This ID will be provided during partner self registration process * @param clientId OIDC client Id. Auto-generated while creating OIDC client in PMS * @param kycExchangeDto * @return signed and encrypted KYC data. * @throwsKycExchangeException */KycExchangeResultdoKycExchange(String relyingPartyId,String clientId,KycExchangeDto kycExchangeDto)throwsKycExchangeException; /** * Delegate request to send out OTP to provided individual ID on the configured channel * @param relyingPartyId Relying Party (RP) ID. This ID will be provided during partner self registration process * @param clientId OIDC client Id. Auto-generated while creating OIDC client in PMS * @param sendOtpDto * @return status of send OTP response. * @throwsSendOtpException */SendOtpResultsendOtp(String relyingPartyId,String clientId,SendOtpDto sendOtpDto)throwsSendOtpException; /** * supported OTP channel to validate in Send-otp request. * @return true if supported, otherwise false */booleanisSupportedOtpChannel(String channel); /** * Get the list of KYC signing certificates and their details. * List of certificates used for verifying KYC JWT will be published in /.well-known/jwks.json, as per OIDC standards * @return list of certificates */List<KycSigningCertificateData> getAllKycSigningCertificates() throwsKycSigningCertificateException;}
For the latest version of the interface please check our code base - Authenticator.java
Who should implement Authenticator plugin interface?
The authenticator plugin is implemented by Identity Systems that wish to integrate with eSignet to leverage the digital usage of identities.
An Identity system can be as simple as a table in a database or an Excel file storing user identity data, or can be a complex Identity System.
How to implement this plugin?
The Authenticator implementation class must be annotated with ConditionalOnProperty with mosip.esignet.integration.authenticator property.
Below is an example of how our Mock Identity System has implemented the eSignet Authenticator plugin.