Identity Verification with Nem ID or mitID including a CPR Match

Step 1: Initialize session

POST to

Test enviornment : https://test-gateway.zignsec.com/core/api/sessions/workflow/danish_login_workflow_with_cpr_match

Production enviornment : https://gateway.zignsec.com/core/api/sessions/workflow/danish_login_workflow_with_cpr_match

Request Example

POST https://test-gateway.zignsec.com/core/api/sessions/workflow/danish_login_workflow_with_cpr_match
Content-Type: application/json
Authorization: 12345678-YOUR-ACCESS-TOKEN-5352305c9fb0
Content-Length: 725

{
"locale": "En",
"metadata": {
"personal_number": "2312813846"
},
"redirect_failure": "https://my_failure_url.com",
"redirect_success": "https://my_success_url.com",
"relay_state": "my-unique-customer-id",
"webhook": "https://my_webhook_url.com"
}

1.2: Description of Request Model

ParamterDescriptionRequired
localePreferred Language to Use . example: En
personal_numberThe CPR Number of the individual that you wish to identify Yes
redirect_failureURL to redirect the end-user to on failure
redirect_successURL to redirect the end-user to on success
relay_stateThis optional parameter will be returned to you at the redirect back to your server. Use it to link an unique ID of your choice that you can parse. Examplerelaystate=zignsec_eid_1234No
webhookA URL where success/error results will automatically be POST:ed. During test you try https://webhook.site/  for free webhook URLs.No

1.3 Example of Response Body


{
  "data": {
    "id": "b2961aeb-eb69-4ed2-a5c3-d78b6a15715c",
    "redirect_url": "https://test-gateway.zignsec.com/core/workflow_instances/b2961aeb-eb69-4ed2-a5c3-d78b6a15715c"
  }
}

1.4: Description of Response Model

idA unique session identifier generated for each workflow instance.
redirect_urlRedirected  URL will open the below form
Follow the steps to finish the session . In Step1 choose the verification method. Complete the session by verifying with MitID or NemID. NemID Test users details can be found here – Test: NemID -dk – ZignSec Docs
Step 1Step 2 :MitIDStep 2 :NemID
   

 

Step 2: GET Results

GET to

Test enviornment: https://test-gateway.zignsec.com/core/api/sessions/b2961aeb-eb69-4ed2-a5c3-d78b6a15715c

Prod enviornment: https://gateway.zignsec.com/core/api/sessions/b2961aeb-eb69-4ed2-a5c3-d78b6a15715c

How to get notified of Workflow Finished

There is both active and passive notification for when the workflow is finished:

  • Callback: Set Target URL parameter in step 1 and when the target URL is navigated you can do the above collect-GET.
  • Webhook. To set up a webhook URL for callback, contact ZignSec. Results will be posted to the URL.

2.1: Response Body for MitID

{
  "data": {
    "request_data": {
      "locale": "En",
      "metadata": {
        "personal_number": "2003290762"
      },
      "redirect_failure": "https://my_failure_url.com",
      "redirect_success": "https://my_success_url.com",
      "relay_state": "my-unique-customer-id",
      "webhook": "https://my_webhook_url.com"
    },
    "id": "c5431006-b47e-4e8d-bde4-94812f83218c",
    "signedIdentity": "eyJhbGciOiJSUzI1NiIsImtpZCI6ImE1ZTk3NTZmLTgxMzItNDdhYy1hZmY3LTE5Y2FjMjY0ZTQ0MCIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL3ppZ25zZWMudGVzdC5taXRpZC5kay8iLCJpYXQiOjE2NjAwMzc3ODQsIm5iZiI6MTY2MDAzNzc4NCwiZXhwIjoxNjYwMDQxMzg0LCJpZGVudGl0eSI6eyJjcHJOdW1iZXJNYXRjaCI6dHJ1ZSwiaGFzQ3ByIjp0cnVlLCJjb3VudHJ5Q29kZSI6IkRLIiwiZmlyc3ROYW1lIjoiR2FyaW1hIFZlcm1hIiwiZnVsbE5hbWUiOiJHYXJpbWEgVmVybWEiLCJwZXJzb25hbE51bWJlciI6IiIsImRhdGVPZkJpcnRoIjoiMTkyOS0wMy0yMCIsImFnZSI6OTMsImlkUHJvdmlkZXJOYW1lIjoiTWl0SUQiLCJpZGVudGlmaWNhdGlvbkRhdGUiOiIyMDIyLTA4LTA5VDA5OjM2OjI0LjM0MDM0ODRaIiwiaWRQcm92aWRlclJlcXVlc3RJZCI6IjBjOWEyZTg3LThmMGYtNDhjZi1iNzI3LTdiNTI1YzEwMDM1YiIsImlkUHJvdmlkZXJQZXJzb25JZCI6IjIyNTMwYTY5LWE4Y2ItNGUxYS04MTdkLWJkMTI4NzhjMTMxOCJ9LCJwcm92aWRlckRhdGEiOnsiZGsubWl0aWQuYXNzdXJhbmNlbGV2ZWwiOnsibG9hIjoiU1VCU1RBTlRJQUwiLCJpYWwiOiJTVUJTVEFOVElBTCIsImFhbCI6IlNVQlNUQU5USUFMIiwiZmFsIjoiSElHSCJ9LCJzdWIiOiIyMjUzMGE2OS1hOGNiLTRlMWEtODE3ZC1iZDEyODc4YzEzMTgiLCJkay5taXRpZC5wc2QyIjp0cnVlLCJhbXIiOlsiYXBwOjE2NjAwMzc3ODIwNzA6U1VCU1RBTlRJQUw6U1VCU1RBTlRJQUw6SElHSDpISUdIIl0sImtpZCI6Imp3dF9taXRpZF8yMTAzMjMiLCJpc3MiOiJNaXRJRCIsImRrLm1pdGlkLmhhc0NQUiI6dHJ1ZSwiZXhwIjoxNjYwMDU1NzgyLCJpYXQiOjE2NjAwMzc3ODIsImp0aSI6Ijc5YzNlNmY0LWVlNGQtNDU3NC1hMTFhLTU3MmU5YjgyNTNmMyIsImRrLm1pdGlkLnRyYW5zYWN0aW9uaWQiOiIwYzlhMmU4Ny04ZjBmLTQ4Y2YtYjcyNy03YjUyNWMxMDAzNWIiLCJhdWQiOiIxY2RlMzE0NC0zNGZjLTRkZTctYTU1My1lNWIxNjA3MDJiMTIiLCJuYmYiOjE2NjAwMzc3ODIsImRrLm1pdGlkLmF0dHJpYnV0ZXMiOnsibWl0aWQuZGsuZGF0ZV9vZl9iaXJ0aCI6IjE5MjktMDMtMjAiLCJtaXRpZC5kay5pZGVudGl0eV9uYW1lIjoiR2FyaW1hIFZlcm1hIiwibWl0aWQuZGsuaWFsX2lkZW50aXR5X2Fzc3VyYW5jZV9sZXZlbCI6IlNVQlNUQU5USUFMIiwibWl0aWQuZGsuYWdlIjoiOTMifX19.arkrP9Y86cRDfNBe6U3zYcwYT5A730Qb9UYc8wQ8PkP7xXyGOCKUxKPu4CV3FDtdL6NN83YgGt31Mw_tDIZLtiRA7v34UyW5mGOQ4XRXzVTiN5_rVxU1DLgiYG9xYcTOZxFSvvPd42hJbP_v7vl6NnwD-UbVHicNIsrREbx_012cHCc6iuxdp8AKVDzJl2WMxFih-XR1s822HHRXlOg3pcS2k94nZHfhoJMyLm3P9Bz2S6PAdh1i3KFhpyvTrpT88DBUwxWlG7tsSzZl4xc15Th8jmthS4TMJXttsq3V9Eh5Oj01IDIsQCGZR7H59B0m6NQP6Zr0j4Q6oLhMgezDbQ",
    "state": "complete"
  }
}

Description
signedIdentityRepresents result with a signed identity in a JSON Web Token form, see JWT-signature.

2.1.1: Decoded JWT Response

The signed identity can be decoded with JWT Web Token convertors, see JWT convertor tool.

{
  "iss": "https://zignsec.test.mitid.dk/",
  "iat": 1660037784,
  "nbf": 1660037784,
  "exp": 1660041384,
  "identity": {
    "cprNumberMatch": true,
    "hasCpr": true,
    "countryCode": "DK",
    "firstName": "Linda Marie",
    "fullName": "Linda Marie Hassan Ahmed",
    "personalNumber": "",
    "dateOfBirth": "1929-03-20",
    "age": 93,
    "idProviderName": "MitID",
    "identificationDate": "2022-08-09T09:36:24.3403484Z",
    "idProviderRequestId": "0c9a2e87-8f0f-48cf-b727-7b525c10035b",
    "idProviderPersonId": "22530a69-a8cb-4e1a-817d-bd12878c1318"
  },
  "providerData": {
    "dk.mitid.assurancelevel": {
      "loa": "SUBSTANTIAL",
      "ial": "SUBSTANTIAL",
      "aal": "SUBSTANTIAL",
      "fal": "HIGH"
    },
    "sub": "22530a69-a8cb-4e1a-817d-bd12878c1318",
    "dk.mitid.psd2": true,
    "amr": [
      "app:1660037782070:SUBSTANTIAL:SUBSTANTIAL:HIGH:HIGH"
    ],
    "kid": "jwt_mitid_210323",
    "iss": "MitID",
    "dk.mitid.hasCPR": true,
    "exp": 1660055782,
    "iat": 1660037782,
    "jti": "79c3e6f4-ee4d-4574-a11a-572e9b8253f3",
    "dk.mitid.transactionid": "0c9a2e87-8f0f-48cf-b727-7b525c10035b",
    "aud": "1cde3144-34fc-4de7-a553-e5b160702b12",
    "nbf": 1660037782,
    "dk.mitid.attributes": {
      "mitid.dk.date_of_birth": "1929-03-20",
      "mitid.dk.identity_name": "Linda Marie Hassan Ahmed",
      "mitid.dk.ial_identity_assurance_level": "SUBSTANTIAL",
      "mitid.dk.age": "93"
    }
  }
}

2.1.2: Decoded Identity for MitID identity Verification Response

NameDescription
issURL of issuer
iattime session was issued in Unix time format
nbfnot before timestamp in Unix time format
exptime of expiry of session in Unix time format
identity
hasCpr – boolean that indicates whether it is possible to perform lookup/matchCPR e.g. true or false
countryCode – 2 character country code following ISO 3166-1 alpha-2 standard
firstName – name of person associated with the used eID
fullName – name of person associated with the used eID
personalNumber – CPR number of person associated with used eID only returned when lookup_CPR metod is called
dateOfBirth – date of birth of person associated with the used eID returned in format YYYY-MM-DD (1949-05-10)
age – age of person associated with the used eID
idProviderName – name of product provider (MitID)
identificationDate – date of identification in timestamp format 2022-05-27T09:17:45.4954754Z”,
idProviderRequestId – a call-unique reference string for tracing and support issues e.g. “691e2183-f677-47a4-9d40-d9c42e8c6a0f”
idProviderPersonId – UUID of the eID used “f14f3093-f661-46f3-a2ea-3e1364b30584”
providerDatadata node from provider (MitID) containing raw original data. Note that this node should only be used as reference since this node could change at provider side.