FrejaEIDSignRequestValve
Note
Creates a sign request to the Freja e-ID backend. Typically used with the sign API module. Because of this, the data used is expected to come from the request. Not an item.
The valve will create an item if none is present.
For more detailed information see https://frejaeid.com/rest-api/Signature%20Service.html
Properties
| Name | Description | Default value | Mandatory | Supports property expansion |
|---|---|---|---|---|
| keystoreID | The id of the keystore in configuration | Yes | No | |
| mode | Decides the target endpoint to send the request to. Allowed values are 'test_personal_sign,production_organisation_sign,production_personal_sign,test_organisation_sign,test_personal_sign'. Only one value is allowed. | Yes | No | |
| relyingPartyId | Defines the relying party ID. Used with partner certificate which is allowed to be used for multiple customers. | No | Yes | |
| customer | Used for event logging to add differentiator if desired. | No | No |
Example Configuration
{
"name" : "FrejaEIDSignRequestValve",
"config" : {
"keystoreID" : "93f5e7e1-c3f4-436b-9bbc-0b94d454a352",
"mode" : "production_personal_sign"
}
}
Requirements
- The server must trust the Freja e-ID backend TLS certificate (cacerts update).
- A client certificate & private key (keystore) thsat is issued by Freja e-ID is present in the configuration.
Request parameters
The incoming request must contain the following parameters:
- attributesToGet, indicates what data the backend will release after a successful signature. Valid values are: BASIC_USER_INFO,EMAIL_ADDRESS,ALL_EMAIL_ADDRESSES,DATE_OF_BIRTH,ADDRESSES,ORGANISATION_ID_IDENTIFIER,SSN.
- reqiredRegistrationLevel valid value is one of: BASIC, EXTENDED, PLUS
- userInfoType, valid value is one of: PHONE, EMAIL, SSN, ORG_ID, INFERRED
- userIdentifier, must contain a matching value of the Freja e-ID profile. An email address for instance. If INFERRED, put this as N/A.
- visibleDataToSign, the text shown to the user. This MUST be base64 encoded.
The incoming request may also contain the following optional parameters:
- useDynamicQrCode -- Whether a dynamic QR code should be used for the transaction.
- orgIdIssuer -- The Freja orgIdIssuer attribute. Should have the value
ANYif requested organisation ID is set by another Relying Party. - userConfirmationMethod -- The Freja userConfirmationMethod attribute -- can be
DEFAULTorDEFAULT_AND_FACE.
Example requests
{
"attributesToGet":"SSN,BASIC_USER_INFO",
"reqiredRegistrationLevel":"EXTENDED",
"userInfoType":"email",
"visibleDataToSign":"U2lnbiBpdA==",
"userIdentifier":"usern@acme.com"
}
{
"attributesToGet":"SSN,BASIC_USER_INFO",
"reqiredRegistrationLevel":"EXTENDED",
"userInfoType":"INFERRED",
"visibleDataToSign":"U2lnbiBpdA==",
"userIdentifier":"N/A"
}
Optional request parameters
- requirePin, "true/false", user must use pin before operation is visible
- title - Title of the request
- pushTitle
- pushMessage
- expiry - For how long is the request valid. Must be of the format JAVA instant/ISO-8601.
- invisibleDataToSign -Base64 data that is not visible to the user
- useDynamicQrCode -- whether a dynamic QR code should be used for the transaction.
- orgIdIssuer -- Freja orgIdIssuer attribute -- should have the value
ANYif requested organisation ID is set by another Relying Party. - userConfirmationMethod -- Freja userConfirmationMethod attribute -- can be
DEFAULTorDEFAULT_AND_FACE.