Versions Compared

Version Old Version 1 New Version Current
Changes made by

Kristoffer Kristoffer (Unlicensed)

Kristoffer Kristoffer (Unlicensed)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space PDOIDC and version master

The Sign sign service supports scopes and claims as shown below.

Scopes

The following scopes with corresponding API access are supported. See the section on Access Tokens sign for further information on the use of the signdoc/read_write scope.

ScopeAccess
signdoc/read_write

API access to SignDoc RS

sign

Access to start a sign session using the authorize endpoint

Claims

Simplified flow

The following table show the additional claims in the id_token after a simplified flow sign session has been finished.

ClaimExampleDescription
sign_result
"sign_result" : {
    "endUser" : "MIAGC...",
    "merchant" : "MIAGC...",
    "hash" : "4oK3g..."
}

Signatures of the merchant and end user, as well as the hash over the received text.

Full flow: SEID-SDO

The following table shows the supported claims in response from the sign service after a sing session has been finishedSEID-SDO sign session is completed.

ClaimExampleResult specifierDescription
documentHashsdocumentHashes
documentHashsdocumentHashes": [
     "w5SZXrar2s7lR+lafX4Bx9v8/dm2xs5eybCTUOE9rao="
 ]
documentHash
array Array of hashes over the documents to be signed in the same order as the documents in the signing order.
sdos
"sdos": [
  "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZ......"
 ]
sdo
the sdo The SEID-SDO represented as base64 (unpack to UTF-8), one for each document
merchantSignatures
"merchantSignatures": [
  "MIAGCSqGSIb3DQEHAqCAMIACAQExDzANB...."
 ]
basicSignature
the The merchant signature, one for each document
endUserSignatures
"endUserSignatures": [
  "MIAGCSqGSIb3DQEHAqCAMIACAQExDTALBAA....."
 ]
basicSignature
the endUser The end user signature, one for each document
signId
"910bd95b-41c0-4b6d-ae3f-d9458110d12a"

the The sign_id used
clientId
"oidc-testclient"

The OIDC client used
orderState
"SIGN_COMPLETED"

Current order state
orderName
"Overlay-example"

Name of order

Full flow: PAdES

The following table shows the supported claims in response from the sign service after a PAdES sign session is completed.

ClaimExampleResult specifierDescription
unsignedDocumentSha256
"unsignedDocumentSha256": "ZfesfmamB+ADft4A0DVMAbHQ7mEeg24v3PXBsXDKf5k="
documentHash
Hash over the original document
signedDocumentSha256
"signedDocumentSha256": "ApPACd0HXMzuSB/Zt1HU9oJLAxpWvRX2/gRpu63Vs1k="
documentHash
Hash over the signed document
padesSignedPdf
"padesSignedPdf": "JVBERi0xLjQNJeLjz9MNCjEwIDAgb2JqDTw8L0xpbmVhcml6...
padesSignedPdf
The signed pdf as a base64 encoded text string
padesAppendix
"padesAppendix": "DQoxMSAwIG9iago8PAovTWV0YWRhdGEgMiAwIFIKL09wZW5BY...
padesAppendix
The signature data added to the original PDF represented as base64
description
"description": "some_document.pdf"

Description of the document
signId
"signId": "058d8691-6f2d-40c0-b6fb-f120a868cf48"

The sign_id reference
orderState
"SIGN_COMPLETED"

The current order state
orderName
"Overlay-example"
name

Name of the order