Simple flow implementation guide
- Jan Åge Lavik
- Markdown Macros for Confluence
API
The simplified flow can be used for text signing and can be initiated by providing the sign scope and the text to be signed, i.e. sign_txt, as query parameters to the authorization request:
GET [authorize_endpoint]... &scope=sign&sign_txt=base64encoded(utf8-string) |
The text to be signed must be base64 encoded and provided in the query parameter sign_txt.
The result contains the basic signatures of the merchant and end user, as well as the hash over the received text. The result is contained in the sign_result claim in the ID token.
Claims
The following table show the additional claims in the id_token after a simplified flow sign session has been finished.
| Claim | Example | Description |
|---|---|---|
sign_result | "sign_result" : { | Signatures of the merchant and end user, as well as the hash over the received text. |
Step-by-step
Simple-text signing allows the end user to sign a predefined text. The result contains the basic signatures of the merchant and end user, as well as the hash over the received text.
Following the regular Authorization Code flow:
| Step | What you do | Endpoint | Method | Considerations | Remarks |
|---|---|---|---|---|---|
| 1 | Get the key properties of the OIDC provider | Openid-configuration | GET | ||
| 2 | Build the authorization URL, and redirect the user to the authorization endpoint | Authorize | GET | Include In the callback, make sure to check for error and matching states |
This is where the end user interacts with BankID.
|
| 3 | Exchange authorization code for tokens | Token | POST | Check matching | The ID Token will contain signed data in |
| 4 | Fetch our public keys and use these to validate token signatures | Jwk | GET | Example "sign_result" : { |
Note that