Identity Verification with Nem ID or mitID
Step 1: Initialize session
POST to
Test enviornment : https://test-gateway.zignsec.com/core/api/sessions/workflow/danish_login_workflow
Production enviornment : https://gateway.zignsec.com/core/api/sessions/workflow/danish_login_workflow
Request Example
POST https://test-gateway.zignsec.com/core/api/sessions/workflow/danish_login_workflow
Content-Type: application/json
Authorization: 12345678-YOUR-ACCESS-TOKEN-5352305c9fb0
Content-Length: 725
{
"locale": "En",
"metadata": {},
"redirect_failure": "https://my_failure_url.com",
"redirect_success": "https://my_success_url.com",
"relay_state": "my-unique-customer-id",
"webhook": "https://my_webhook_url.com"
}
1.2: Description of Request Model
| Paramter | Description | Required |
| locale | Preferred Language to Use . example: En | |
| metadata | Yes | |
| redirect_failure | URL to redirect the end-user to on failure | |
| redirect_success | URL to redirect the end-user to on success | |
| relay_state | This optional parameter will be returned to you at the redirect back to your server. Use it to link an unique ID of your choice that you can parse. Example: relaystate=zignsec_eid_1234 | No |
| webhook | A URL where success/error results will automatically be POST:ed. During test you try https://webhook.site/ for free webhook URLs. | No |
1.3: Example of Response Body
{
"data": {
"id": "35ed3537-ee1b-4b0e-b6b8-39998119c88d",
"redirect_url": "https://test-gateway.zignsec.com/core/workflow_instances/35ed3537-ee1b-4b0e-b6b8-39998119c88d"
}
}
1.4: Description of Response Model
| id | A unique session identifier generated for each workflow instance. |
| redirect_url | Redirected URL will open the below form |
Follow the steps to finish the session .
In Step1 choose the verification method. Complete the session by verifying with MitID or NemID.
NemID Test users details can be found here – Test: NemID -dk – ZignSec Docs
| Step 1 | Step 2 :MitID | Step 2 :NemID |
 |  |  |
Step 2: GET Results
GET to
Test enviornment: https://test-gateway.zignsec.com/core/api/sessions/35ed3537-ee1b-4b0e-b6b8-39998119c88d
Prod enviornment: https://gateway.zignsec.com/core/api/sessions/35ed3537-ee1b-4b0e-b6b8-39998119c88d
How to get notified of Workflow Finished
There is both active and passive notification for when the workflow is finished:
- Callback: Set Target URL parameter in step 1 and when the target URL is navigated you can do the above collect-GET.
- Webhook. To set up a webhook URL for callback, contact ZignSec. Results will be posted to the URL.
2.1: Response Body for MitID
{
"data": {
"request_data": {
"metadata": {
"action": "LogOn",
"language": "En",
"level": "Substantial",
"method": "Loa",
"popup_context": false,
"psd2": true,
"reference_text_body": "Follow me when you feel hard",
"relay_state": "my-unique-customer-id",
"requested_attributes": [
"UUID",
"DATE_OF_BIRTH",
"AGE",
"IAL_IDENTITY_ASSURANCE_LEVEL",
"IDENTITY_NAME",
"IDENTITY_ADDRESS",
"CPR_NAME",
"CPR_ADDRESS",
"ACCESS_TO_SELF_SERVICE"
],
"service_provider_reference": " ZignSec always with you"
},
"redirect_failure": "https://docs.zignsec.com/",
"redirect_success": "https://zignsec.com/",
"relay_state": "my-unique-customer-id",
"webhook": "https://my_webhook_url.com"
},
"errors": [],
"id": "35ed3537-ee1b-4b0e-b6b8-39998119c88d",
"result": {
"signedIdentity": "eyJhbGciOiJSUzI1NiIsImtpZCI6ImE1YjkxYjYxLTlhZGYtNGNhNy04OGQ3LTBmY2I0OTQzZGQ0ZSIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL3ppZ25zZWMudGVzdC5taXRpZC5kay8iLCJpYXQiOjE2NTk2MjE3MjUsIm5iZiI6MTY1OTYyMTcyNSwiZXhwIjoxNjU5NjI1MzI1LCJpZGVudGl0eSI6eyJjcHJOdW1iZXIiOiIyMDAzMjkwNzYyIiwiaGFzQ3ByIjp0cnVlLCJjb3VudHJ5Q29kZSI6IkRLIiwiZmlyc3ROYW1lIjoiR2FyaW1hIFZlcm1hIiwiZnVsbE5hbWUiOiJHYXJpbWEgVmVybWEiLCJwZXJzb25hbE51bWJlciI6IjIwMDMyOTA3NjIiLCJkYXRlT2ZCaXJ0aCI6IjE5MjktMDMtMjAiLCJhZ2UiOjkzLCJpZFByb3ZpZGVyTmFtZSI6Ik1pdElEIiwiaWRlbnRpZmljYXRpb25EYXRlIjoiMjAyMi0wOC0wNFQxNDowMjowNS40ODg5MjQxWiIsImlkUHJvdmlkZXJSZXF1ZXN0SWQiOiJkMGNiYjAyNC1jOGMzLTRjYmItODg1YS1jYTg4ZDdlY2U1YjAiLCJpZFByb3ZpZGVyUGVyc29uSWQiOiIyMjUzMGE2OS1hOGNiLTRlMWEtODE3ZC1iZDEyODc4YzEzMTgifSwicHJvdmlkZXJEYXRhIjp7ImRrLm1pdGlkLmFzc3VyYW5jZWxldmVsIjp7ImxvYSI6IlNVQlNUQU5USUFMIiwiaWFsIjoiU1VCU1RBTlRJQUwiLCJhYWwiOiJTVUJTVEFOVElBTCIsImZhbCI6IkhJR0gifSwic3ViIjoiMjI1MzBhNjktYThjYi00ZTFhLTgxN2QtYmQxMjg3OGMxMzE4IiwiZGsubWl0aWQucHNkMiI6dHJ1ZSwiYW1yIjpbImFwcDoxNjU5NjIxNzIzNzgyOlNVQlNUQU5USUFMOlNVQlNUQU5USUFMOkhJR0g6SElHSCJdLCJraWQiOiJqd3RfbWl0aWRfMjEwMzIzIiwiaXNzIjoiTWl0SUQiLCJkay5taXRpZC5oYXNDUFIiOnRydWUsImV4cCI6MTY1OTYzOTcyMywiaWF0IjoxNjU5NjIxNzIzLCJqdGkiOiIzZWZjMWY0OS02MjI5LTQzMzEtOTBiYi0xNzBlYzc5M2VmMjYiLCJkay5taXRpZC50cmFuc2FjdGlvbmlkIjoiZDBjYmIwMjQtYzhjMy00Y2JiLTg4NWEtY2E4OGQ3ZWNlNWIwIiwiYXVkIjoiMWNkZTMxNDQtMzRmYy00ZGU3LWE1NTMtZTViMTYwNzAyYjEyIiwibmJmIjoxNjU5NjIxNzIzLCJkay5taXRpZC5hdHRyaWJ1dGVzIjp7Im1pdGlkLmRrLmRhdGVfb2ZfYmlydGgiOiIxOTI5LTAzLTIwIiwibWl0aWQuZGsuaWRlbnRpdHlfbmFtZSI6IkdhcmltYSBWZXJtYSIsIm1pdGlkLmRrLmlhbF9pZGVudGl0eV9hc3N1cmFuY2VfbGV2ZWwiOiJTVUJTVEFOVElBTCIsIm1pdGlkLmRrLmFnZSI6IjkzIn19fQ.snfP7fuSrraCR07FcsUScEiiLdJQFOnXc6b9Xpcp4G3h9i4FLYMQRXytK5mufpS3HFWJZENkYfsEaww2NfPevpmn8nrLRJc30ksgiBWcz59dGVsVwvtPceoCbdMmScblge38nYRTOMsl8mjHRONC_OSTmpktg0xFaNUBQ4I4ZhUiiqcHSONEmBR-_uqR4QuFHY8xywzVA2Y4iWe0tYj6nE6HnnmOiDRxEWl6KtbO3fNBoSw2LM1vYEdk1zBhO8gWbZXTKi-JM8MrfMbGb8lyn5E20S9EKQ6pozU28qTrPYzipwAKnJmm3ZthyLElj22-BT0P0CZQ9K2bsqEcLmtdeQ"
},
"status": "Finished"
}
}
| Description | |
signedIdentity | Represents result with a signed identity in a JSON Web Token form, see JWT-signature. |
2.1.1: Decoded JWT Response
The signed identity can be decoded with JWT Web Token convertors, see JWT convertor tool.
{
"iss": "https://zignsec.test.mitid.dk/",
"iat": 1652341402,
"nbf": 1652341402,
"exp": 1652345002,
"identity": {
"cprNumber": "2003290762",
"hasCpr": true,
"countryCode": "DK",
"firstName": "Linda Marie",
"fullName": "Linda Marie Hassan Ahmed",
"personalNumber": "2003290762",
"dateOfBirth": "1929-03-20",
"age": 93,
"idProviderName": "MitID",
"identificationDate": "2022-08-04T14:02:05.4889241Z",
"idProviderRequestId": "d0cbb024-c8c3-4cbb-885a-ca88d7ece5b0",
"idProviderPersonId": "22530a69-a8cb-4e1a-817d-bd12878c1318"
},
"providerData": {
"dk.mitid.assurancelevel": {
"loa": "SUBSTANTIAL",
"ial": "SUBSTANTIAL",
"aal": "SUBSTANTIAL",
"fal": "HIGH"
},
"sub": "22530a69-a8cb-4e1a-817d-bd12878c1318",
"dk.mitid.psd2": true,
"amr": [
"app:1659621723782:SUBSTANTIAL:SUBSTANTIAL:HIGH:HIGH"
],
"kid": "jwt_mitid_210323",
"iss": "MitID",
"dk.mitid.hasCPR": true,
"exp": 1659639723,
"iat": 1659621723,
"jti": "3efc1f49-6229-4331-90bb-170ec793ef26",
"dk.mitid.transactionid": "d0cbb024-c8c3-4cbb-885a-ca88d7ece5b0",
"aud": "1cde3144-34fc-4de7-a553-e5b160702b12",
"nbf": 1659621723,
"dk.mitid.attributes": {
"mitid.dk.date_of_birth": "1929-03-20",
"mitid.dk.identity_name": "Linda Marie Hassan Ahmed",
"mitid.dk.ial_identity_assurance_level": "SUBSTANTIAL",
"mitid.dk.age": "93"
}
}
}
2.1.2: Decoded Identity for MitID identity Verification Response
The signed identity can be decoded with JWT Web Token convertors, see JWT convertor tool.
| Name | Description | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
iss | URL of issuer | |||||||||||
iat | time session was issued in Unix time format | |||||||||||
nbf | not before timestamp in Unix time format | |||||||||||
exp | time of expiry of session in Unix time format | |||||||||||
identity |
| |||||||||||
providerData | data node from provider (MitID) containing raw original data. Note that this node should only be used as reference since this node could change at provider side. |
