# v1.7.0 **Release Number:** v1.7.0 **Release Date:** 2nd December, 2025 ## **Overview** We’re excited to announce the release of [**eSignet v1.7.0**](https://github.com/mosip/esignet/tree/release-1.7.x), a feature-rich upgrade over v1.6.1 that introduces major advancements in security, enhanced user interaction flexibility, and improved deployment efficiency. This release includes full support for the [**FAPI 2.0 Security Profile**](https://docs.esignet.io/esignet-authentication/features#fapi-2.0-security-profile), implemented through multiple industry-standard RFCs, and brings dynamic, schema-driven UI enhancements for both Signup and KBI authentication—while ensuring complete backward compatibility with existing authentication flows. ## **Major Highlights** ### **New Features** #### **Support for FAPI 2.0 Security Profile** eSignet now [implements key RFCs required for FAPI 2.0 compliance](https://docs.esignet.io/esignet-authentication/features#fapi-2.0-security-profile), strengthening security and interoperability: * **Pushed Authorization Request (PAR)** – A new PAR endpoint is introduced to support secure, tamper-resistant authorization requests. * **Demonstration of Proof of Possession (DPoP)** – Adds cryptographic proof-of-possession for access tokens, preventing token replay attacks. * **Authorization Server Issuer Identification** – Enhances security by enabling the ‘Authorization Server’ to uniquely identify itself during authorization flows; includes updates to configurations in [oauth authorization server well-known](https://docs.esignet.io/esignet-authentication/develop/configuration/.well-known/oauth-configuration). {% hint style="success" %} **Tips**: **eSignet now supports FAPI 2.0 security profile.** However, enforcement of the FAPI 2.0 security profile is **client-configurable**. Each client can choose whether or not to enable FAPI 2.0 security profile for their integrations.\ If a client does **not** enforce the FAPI 2.0 security profile, their authentication flows will continue to work **seamlessly without any change**. {% endhint %} ### **Enhancements** #### **Dynamic Schema-Driven Signup UI** The Signup UI has been improved and [can now be generated dynamically based on a backend-driven UI schema](https://docs.esignet.io/esignet-signup/features#dynamic-signup-form-schema-driven-ui).\ This leverages a JSON form-builder library for improved flexibility and faster configuration changes. #### **Dynamic Schema-Driven KBI Authentication UI** [The KBI authentication UI](https://docs.esignet.io/esignet-authentication/features#supported-authentication-methods) is now also fully dynamic and powered by the same schema-based JSON form builder, enhancing consistency and maintainability. #### **Improved Deployment Scripts** Deployment scripts for the eSignet service have been refined to simplify setup, reduce configuration overhead, and ensure smoother deployments across environments. ### **Bug Fixes** Several known issues from the previous release have been addressed to improve platform stability and performance. Please refer to the link [here](https://mosip.atlassian.net/issues/?jql=issuetype%20%3D%20Bug%20and%20%22Release%20Number%5BLabels%5D%22%20%3D%20eSignet_v1.7.0) for the complete list of resolved issues.

Jira ID	Summary
ES-2702	Deployment : Not able to complete the sanity, after registration getting the error "Unable to process. Please try again".
ES-2691	Deployment : signup captcha is not working, throwing an error "The captcha you entered is incorrect. Please try again".
ES-2683	Deployment : esignet image is not getting updated to mosipqa/esignet-with-plugins:1.7.x its taking develop branch image.
ES-2678	Deployment : In init_values.yaml branch is pointing to develop branch instead of release-1.7.x.
ES-2677	Deployment : Still keyclock postgres image is pointing to bitnami.
ES-2665	Docker-compose : In mock-relying-party-portal-fapi2-docker-compose.yml volumes: are not given.
ES-2659	Linux : Docker Compose fails to start containers — “failed to extract layer” error.
ES-2632	eSignet-MOSIP: User is unable to complete eKYC verification in MOSIP-ID plugin.
ES-2629	esignet mock: Captcha is enabled but its not displayed in UI, but checking for captcha in UI and we are getting this error while signing up.
ES-2588	In mock : KBI Login is not working.
ES-2577	eSignet-MOCK: fetchUserInfo fails with error "Failed to get the User Info." when DPoP and PAR are disabled.
ES-2574	eSignet-MOSIP-ID: User is unable to register in signup-mosipid-qabase.
ES-2556	JWKS.json returning incorrect userinfo signing certificate.

### Known Issues Please refer [here](https://mosip.atlassian.net/issues/?jql=issuetype%20%3D%20Bug%20and%20labels%20%3D%20known_issue_eSignet_1.7.0) for full list of known issues.

Jira ID	Summary
ES-2716	In UI schema when email is marked as optional field by default its taking as mandatory field.
ES-2709	KBI login in mock is not working when captcha is enabled
MOSIP-43956	Update documentation for partner-onboarding/esignet.
MOSIP-43957	Update keycloak init scripts in esignet-signup.
MOSIP-43958	Issue in partner on boarder script for eSignet.
MOSIP-43960	Partner on boarder script issue in esignet-signup.

### Story Development

Story ID	Description
ES-2589	eSignet - Signup - Add a new endpoint to support the multi-part data.
ES-2429	Signup Module - Signup UI registration Form - Add support to capture the face photo for the user.
ES-2379	Authorization Server Issuer Identification for FAPI 2.0 Compliance.
ES-2346	Add Support for additional Config in client management endpoint.
ES-2333	Push Authorization request (PAR) - FAPI 2.0 Compliance - Add a new authorize url to process request with clientid and request uri.
ES-2296	Push Authorization request (PAR) - FAPI 2.0 Compliance - New endpoint development to initiate PAR flow.
ES-2297	Sender constrained tokens using DPOP for FAPI 2.0 security profile compliance.
ES-2058	Enhance KBI form in eSignet UI.
ES-1644	Registration form on the eSignet sign-up page should dynamically adjust its fields and layout based on a predefined UI schema.

### Repositories Released | Repository | Tag | | --------------------- | ---------------------------------------------------------------------- | | esignet | [v1.7.0](https://github.com/mosip/esignet/tree/v1.7.0) | | esignet-signup | [v1.3.0](https://github.com/mosip/esignet-signup/tree/v1.3.0) | | esignet-mock-services | [v0.12.0](https://github.com/mosip/esignet-mock-services/tree/v0.12.0) | | esignet-plugins | [v1.3.4](https://github.com/mosip/esignet-plugins/tree/v1.3.4) | ### Compatible Modules #### eSignet compatibility with MOSIP | Module/Repo | Compatible Version | | ----------- | ----------------------------------------------------------------------------------------------------------------------------------- | | PMS | [1.2.2.1](https://github.com/mosip/partner-management-services/tree/v1.2.2.1) | | IDA |

1.2.1.0
1.3.x (for identity assurance 1.0 support)

| #### eSignet compatibility with Sunbird | Module/Repo | Compatible Version | | ----------- | --------------------------------------------------------------------------- | | Sunbird | [v2.0.0-rc3](https://github.com/Sunbird-RC/sunbird-rc-core/tree/v2.0.0-rc3) | #### eSignet Signup compatibility with MOSIP | Module/Repo | Compatible Version | | --------------------------- | ----------------------------------------------------------------------------------------------------------------------------------- | | ID Repository |

1.2.1.0
1.3.x (for identity assurance 1.0 support)

| | otpmanager | [1.2.0.1](https://github.com/mosip/otp-manager/tree/v1.2.0.1) | | kernel-notification-service | [1.2.0.1](https://github.com/mosip/commons/tree/v1.2.0.1/kernel/kernel-notification-service) | | auditmanager | [1.2.0.1](https://github.com/mosip/audit-manager/tree/v1.2.0.1) | ### DB Changes * **eSignet Mock Identity System**: * Please refer the [link here](https://github.com/mosip/esignet-mock-services/blob/master/db_upgrade_script/mosip_mockidentitysystem/sql/0.11.2_to_0.12.0_upgrade.sql) for the DB upgrade script * Please refer the [link here](https://github.com/mosip/esignet-mock-services/blob/master/db_upgrade_script/mosip_mockidentitysystem/sql/0.11.2_to_0.12.0_rollback.sql) for the DB rollback script ### Config Changes * **eSignet**: The properties listed below are newly added to the eSignet default configuration. For a comprehensive view of all configuration properties in eSignet, please [refer here](https://github.com/mosip/esignet/blob/master/esignet-service/src/main/resources/application-default.properties). * `mosip.esignet.par.expire-seconds=60` * `mosip.esignet.par.request-uri.prefix=urn:ietf:params:oauth:request_uri:` * `mosip.esignet.dpop.clock-skew=10` * `mosip.esignet.dpop.nonce.expire.seconds=15` * `mosip.esignet.kbispec.ttl.seconds=18000` * `mosip.esignet.client-assertion.unique.jti.required=true` * **Signup**: The properties listed below are newly added to the Signup default configuration. For a comprehensive view of all configuration properties in eSignet, please [refer here](https://github.com/mosip/esignet-signup/blob/master/signup-service/src/main/resources/application-default.properties). * `mosip.signup.uispec.ttl.seconds=18000` ### Documentation **API Documentation** * [**eSignet API (v1.7.0)**](https://github.com/mosip/esignet/blob/master/docs/esignet-openapi.yaml) * [**Signup API (v1.3.0)**](https://github.com/mosip/esignet-signup/blob/master/docs/esignet-signup-openapi.yaml) **Integration Guides** * [**eSignet Integration Guide**](https://docs.esignet.io/esignet-authentication/develop/integration) * [**Signup Integration Guide**](https://docs.esignet.io/esignet-signup/develop/integration-guide-signup-portal) **End User Guides** * [**eSignet End User Guide**](https://docs.esignet.io/esignet-authentication/test/end-user-guide) * [**Signup End User Guide**](https://docs.esignet.io/esignet-signup/test/end-user-guide) [**QA Report**](https://docs.esignet.io/roadmap-and-releases/versions/v1.7.0/test-report)