v1.7.0

Coming Soon!

Release Number: v1.7.0

Release Date: Coming Soon!

Overview

We’re excited to announce the release of eSignet v1.7.0, a feature-rich upgrade over v1.6.1 that introduces major advancements in security, enhanced user interaction flexibility, and improved deployment efficiency. This release includes full support for the FAPI 2.0 Security Profile, implemented through multiple industry-standard RFCs, and brings dynamic, schema-driven UI enhancements for both Sign-Up and KBI authentication—while ensuring complete backward compatibility with existing authentication flows.

Major Highlights

New Features

Support for FAPI 2.0 Security Profile

eSignet now implements key RFCs required for FAPI 2.0 compliance, strengthening security and interoperability:

Pushed Authorization Request (PAR) – RFC 9126 - A new PAR endpoint is introduced to support secure, tamper-resistant authorization requests.
Demonstration of Proof of Possession (DPoP) – RFC 9449 Adds cryptographic proof-of-possession for access tokens, preventing token replay attacks.
Authorization Server Issuer Identification – RFC 9207 - Enhances security by enabling the ‘Authorization Server’ to uniquely identify itself during authorization flows; includes updates to .well-known/oauth-authorization-server configuration.

Tips:

FAPI 2.0 support is now fully enabled in eSignet. However, enforcement of the FAPI 2.0 security profile is client-configurable. Each client can choose whether or not to enable FAPI 2.0 for their integrations. If a client does not enforce the FAPI 2.0 profile, their authentication flows will continue to work seamlessly without any change.

Enhancements

The Sign-Up experience has been improved with the UI that can now be generated dynamically based on a backend-driven UI schema. This leverages a JSON form-builder library for improved flexibility and faster configuration changes.

Dynamic Schema-Driven KBI Authentication UI

The KBI authentication UI is now also fully dynamic and powered by the same schema-based JSON form builder, enhancing consistency and maintainability.

Improved Deployment Scripts

Deployment scripts for the eSignet service have been refined to simplify setup, reduce configuration overhead, and ensure smoother deployments across environments.

Bug Fixes

Several known issues from the previous release have been addressed to improve platform stability and performance. Please refer to the link here for the complete list of resolved issues.

Known Issues

Please refer here for full list of known issues.

Jira ID

Summary

ES-2716

esignet mosip id SendBindingOtp and WalletBinding test cases are failing with "errorCode": "IDA-MLC-018".

ES-2709

In mock when we are providing "trust_framework": null we are getting the user info response for first claim.

Story Development

Story ID

Description

ES-2589

eSignet - Signup - Add a new endpoint to support the multi-part data.

ES-2429

Signup Module - Signup UI registration Form - Add support to capture the face photo for the user.

ES-2379

Authorization Server Issuer Identification for FAPI 2.0 Compliance.

ES-2346

Add Support for additional Config in client management endpoint.

ES-2333

Push Authorization request (PAR) - FAPI 2.0 Compliance - Add a new authorize url to process request with clientid and request uri.

ES-2296

Push Authorization request (PAR) - FAPI 2.0 Compliance - New endpoint development to initiate PAR flow.

ES-2297

Sender constrained tokens using DPOP for FAPI 2.0 security profile compliance.

ES-2058

Enhance KBI form in eSignet UI.

ES-1644

Registration form on the eSignet sign-up page should dynamically adjust its fields and layout based on a predefined UI schema.

Repositories Released

Repository

Tag

esignet

v1.7.0

esignet-signup

v1.3.0

esignet-mock-services

v0.12.0

esignet-plugins

v1.3.4

Compatible Modules

eSignet compatibility with MOSIP

Module/Repo

Compatible Version

PMS

1.2.2.1

IDA

1.2.1.0 1.3.x (for identity assurance 1.0 support)

eSignet compatibility with Sunbird

Module/Repo

Compatible Version

Sunbird

v2.0.0-rc3

Module/Repo

Compatible Version

ID Repository

1.2.1.0 1.3.x (for identity assurance 1.0 support)

otpmanager

1.2.0.1

kernel-notification-service

1.2.0.1

auditmanager

1.2.0.1

DB Changes

eSignet: N/A
Signup: N/A
eSignet Mock Identity System:
- https://github.com/mosip/esignet-mock-services/blob/master/db_upgrade_script/mosip_mockidentitysystem/sql/0.11.2_to_0.12.0_upgrade.sql
- https://github.com/mosip/esignet-mock-services/blob/master/db_upgrade_script/mosip_mockidentitysystem/sql/0.11.2_to_0.12.0_rollback.sql

Config Changes

eSignet:
- mosip.esignet.par.expire-seconds=60
- mosip.esignet.par.request-uri.prefix=urn:ietf:params:oauth:request_uri:
- mosip.esignet.dpop.clock-skew=10
- mosip.esignet.dpop.nonce.expire.seconds=15
- mosip.esignet.kbispec.ttl.seconds=18000
- mosip.esignet.client-assertion.unique.jti.required=true
Signup:
- mosip.signup.uispec.ttl.seconds=18000

Documentation

API Documentation

Integration Guides

End User Guides

QA Report

Last updated 1 day ago

Was this helpful?

Overview

Major Highlights

New Features

Support for FAPI 2.0 Security Profile

Enhancements

Dynamic Schema-Driven Sign-Up UI

Dynamic Schema-Driven KBI Authentication UI

Improved Deployment Scripts

Bug Fixes

Known Issues

Story Development

Repositories Released

Compatible Modules

eSignet compatibility with MOSIP

eSignet compatibility with Sunbird

eSignet Signup compatibility with MOSIP

DB Changes

Config Changes

Documentation