Identity Verification with Nem ID or mitID including a CPR Match
Step 1: Initialize session
POST
to
Test enviornment : https://test-gateway.zignsec.com/core/api/sessions/workflow/danish_login_workflow_with_cpr_match
Production enviornment : https://gateway.zignsec.com/core/api/sessions/workflow/danish_login_workflow_with_cpr_match
Request Example
POST https://test-gateway.zignsec.com/core/api/sessions/workflow/danish_login_workflow_with_cpr_match Content-Type: application/json Authorization: 12345678-YOUR-ACCESS-TOKEN-5352305c9fb0 Content-Length: 725 { "locale": "En", "metadata": { "personal_number": "2312813846" }, "redirect_failure": "https://my_failure_url.com", "redirect_success": "https://my_success_url.com", "relay_state": "my-unique-customer-id", "webhook": "https://my_webhook_url.com" }
1.2: Description of Request Model
Paramter | Description | Required |
locale | Preferred Language to Use . example: En | |
personal_number | The CPR Number of the individual that you wish to identify | Yes |
redirect_failure | URL to redirect the end-user to on failure | |
redirect_success | URL to redirect the end-user to on success | |
relay_state | This optional parameter will be returned to you at the redirect back to your server. Use it to link an unique ID of your choice that you can parse. Example: relaystate=zignsec_eid_1234 | No |
webhook | A URL where success/error results will automatically be POST:ed. During test you try https://webhook.site/ for free webhook URLs. | No |
1.3 Example of Response Body
{ "data": { "id": "b2961aeb-eb69-4ed2-a5c3-d78b6a15715c", "redirect_url": "https://test-gateway.zignsec.com/core/workflow_instances/b2961aeb-eb69-4ed2-a5c3-d78b6a15715c" } }
1.4: Description of Response Model
id | A unique session identifier generated for each workflow instance. |
redirect_url | Redirected URL will open the below form |
Step 1 | Step 2 :MitID | Step 2 :NemID |
| | |
Step 2: GET Results
GET
to
Test enviornment: https://test-gateway.zignsec.com/core/api/sessions/b2961aeb-eb69-4ed2-a5c3-d78b6a15715c
Prod enviornment: https://gateway.zignsec.com/core/api/sessions/b2961aeb-eb69-4ed2-a5c3-d78b6a15715c
How to get notified of Workflow Finished
There is both active and passive notification for when the workflow is finished:
- Callback: Set Target URL parameter in step 1 and when the target URL is navigated you can do the above collect-GET.
- Webhook. To set up a webhook URL for callback, contact ZignSec. Results will be posted to the URL.
2.1: Response Body for MitID
{ "data": { "request_data": { "locale": "En", "metadata": { "personal_number": "2003290762" }, "redirect_failure": "https://my_failure_url.com", "redirect_success": "https://my_success_url.com", "relay_state": "my-unique-customer-id", "webhook": "https://my_webhook_url.com" }, "id": "c5431006-b47e-4e8d-bde4-94812f83218c", "signedIdentity": "eyJhbGciOiJSUzI1NiIsImtpZCI6ImE1ZTk3NTZmLTgxMzItNDdhYy1hZmY3LTE5Y2FjMjY0ZTQ0MCIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL3ppZ25zZWMudGVzdC5taXRpZC5kay8iLCJpYXQiOjE2NjAwMzc3ODQsIm5iZiI6MTY2MDAzNzc4NCwiZXhwIjoxNjYwMDQxMzg0LCJpZGVudGl0eSI6eyJjcHJOdW1iZXJNYXRjaCI6dHJ1ZSwiaGFzQ3ByIjp0cnVlLCJjb3VudHJ5Q29kZSI6IkRLIiwiZmlyc3ROYW1lIjoiR2FyaW1hIFZlcm1hIiwiZnVsbE5hbWUiOiJHYXJpbWEgVmVybWEiLCJwZXJzb25hbE51bWJlciI6IiIsImRhdGVPZkJpcnRoIjoiMTkyOS0wMy0yMCIsImFnZSI6OTMsImlkUHJvdmlkZXJOYW1lIjoiTWl0SUQiLCJpZGVudGlmaWNhdGlvbkRhdGUiOiIyMDIyLTA4LTA5VDA5OjM2OjI0LjM0MDM0ODRaIiwiaWRQcm92aWRlclJlcXVlc3RJZCI6IjBjOWEyZTg3LThmMGYtNDhjZi1iNzI3LTdiNTI1YzEwMDM1YiIsImlkUHJvdmlkZXJQZXJzb25JZCI6IjIyNTMwYTY5LWE4Y2ItNGUxYS04MTdkLWJkMTI4NzhjMTMxOCJ9LCJwcm92aWRlckRhdGEiOnsiZGsubWl0aWQuYXNzdXJhbmNlbGV2ZWwiOnsibG9hIjoiU1VCU1RBTlRJQUwiLCJpYWwiOiJTVUJTVEFOVElBTCIsImFhbCI6IlNVQlNUQU5USUFMIiwiZmFsIjoiSElHSCJ9LCJzdWIiOiIyMjUzMGE2OS1hOGNiLTRlMWEtODE3ZC1iZDEyODc4YzEzMTgiLCJkay5taXRpZC5wc2QyIjp0cnVlLCJhbXIiOlsiYXBwOjE2NjAwMzc3ODIwNzA6U1VCU1RBTlRJQUw6U1VCU1RBTlRJQUw6SElHSDpISUdIIl0sImtpZCI6Imp3dF9taXRpZF8yMTAzMjMiLCJpc3MiOiJNaXRJRCIsImRrLm1pdGlkLmhhc0NQUiI6dHJ1ZSwiZXhwIjoxNjYwMDU1NzgyLCJpYXQiOjE2NjAwMzc3ODIsImp0aSI6Ijc5YzNlNmY0LWVlNGQtNDU3NC1hMTFhLTU3MmU5YjgyNTNmMyIsImRrLm1pdGlkLnRyYW5zYWN0aW9uaWQiOiIwYzlhMmU4Ny04ZjBmLTQ4Y2YtYjcyNy03YjUyNWMxMDAzNWIiLCJhdWQiOiIxY2RlMzE0NC0zNGZjLTRkZTctYTU1My1lNWIxNjA3MDJiMTIiLCJuYmYiOjE2NjAwMzc3ODIsImRrLm1pdGlkLmF0dHJpYnV0ZXMiOnsibWl0aWQuZGsuZGF0ZV9vZl9iaXJ0aCI6IjE5MjktMDMtMjAiLCJtaXRpZC5kay5pZGVudGl0eV9uYW1lIjoiR2FyaW1hIFZlcm1hIiwibWl0aWQuZGsuaWFsX2lkZW50aXR5X2Fzc3VyYW5jZV9sZXZlbCI6IlNVQlNUQU5USUFMIiwibWl0aWQuZGsuYWdlIjoiOTMifX19.arkrP9Y86cRDfNBe6U3zYcwYT5A730Qb9UYc8wQ8PkP7xXyGOCKUxKPu4CV3FDtdL6NN83YgGt31Mw_tDIZLtiRA7v34UyW5mGOQ4XRXzVTiN5_rVxU1DLgiYG9xYcTOZxFSvvPd42hJbP_v7vl6NnwD-UbVHicNIsrREbx_012cHCc6iuxdp8AKVDzJl2WMxFih-XR1s822HHRXlOg3pcS2k94nZHfhoJMyLm3P9Bz2S6PAdh1i3KFhpyvTrpT88DBUwxWlG7tsSzZl4xc15Th8jmthS4TMJXttsq3V9Eh5Oj01IDIsQCGZR7H59B0m6NQP6Zr0j4Q6oLhMgezDbQ", "state": "complete" } }
Description | |
signedIdentity | Represents result with a signed identity in a JSON Web Token form, see JWT-signature. |
2.1.1: Decoded JWT Response
The signed identity can be decoded with JWT Web Token convertors, see JWT convertor tool.
{ "iss": "https://zignsec.test.mitid.dk/", "iat": 1660037784, "nbf": 1660037784, "exp": 1660041384, "identity": { "cprNumberMatch": true, "hasCpr": true, "countryCode": "DK", "firstName": "Linda Marie", "fullName": "Linda Marie Hassan Ahmed", "personalNumber": "", "dateOfBirth": "1929-03-20", "age": 93, "idProviderName": "MitID", "identificationDate": "2022-08-09T09:36:24.3403484Z", "idProviderRequestId": "0c9a2e87-8f0f-48cf-b727-7b525c10035b", "idProviderPersonId": "22530a69-a8cb-4e1a-817d-bd12878c1318" }, "providerData": { "dk.mitid.assurancelevel": { "loa": "SUBSTANTIAL", "ial": "SUBSTANTIAL", "aal": "SUBSTANTIAL", "fal": "HIGH" }, "sub": "22530a69-a8cb-4e1a-817d-bd12878c1318", "dk.mitid.psd2": true, "amr": [ "app:1660037782070:SUBSTANTIAL:SUBSTANTIAL:HIGH:HIGH" ], "kid": "jwt_mitid_210323", "iss": "MitID", "dk.mitid.hasCPR": true, "exp": 1660055782, "iat": 1660037782, "jti": "79c3e6f4-ee4d-4574-a11a-572e9b8253f3", "dk.mitid.transactionid": "0c9a2e87-8f0f-48cf-b727-7b525c10035b", "aud": "1cde3144-34fc-4de7-a553-e5b160702b12", "nbf": 1660037782, "dk.mitid.attributes": { "mitid.dk.date_of_birth": "1929-03-20", "mitid.dk.identity_name": "Linda Marie Hassan Ahmed", "mitid.dk.ial_identity_assurance_level": "SUBSTANTIAL", "mitid.dk.age": "93" } } }
2.1.2: Decoded Identity for MitID identity Verification Response
Name | Description | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
iss | URL of issuer | |||||||||||
iat | time session was issued in Unix time format | |||||||||||
nbf | not before timestamp in Unix time format | |||||||||||
exp | time of expiry of session in Unix time format | |||||||||||
identity |
| |||||||||||
providerData | data node from provider (MitID) containing raw original data. Note that this node should only be used as reference since this node could change at provider side. |