Integrate with MOSIP e-Signet

Description

This guide provides steps to integrate OpenG2P with e-Signet with MOSIP as the authentication provider.

Prerequisites

MOSIP IDA is installed
The e-Signet server is installed and configured to connect to MOSIP IDA
MOSIP IDA APIs are accessible from the machine running the e-Signet server
Both Yes/No and KYC APIs are enabled on MOSIP IDA
e-Signet APIs are accessible from machines running OpenG2P
Biometric auth devices (already onboarded on MOSIP) are available for authentication
Email and SMS are enabled on MOSIP IDA for OTP authentication
MOSIP Partner Management Services (PMS) Portal or APIs must be accessible to both MOSIP Partner Admin and OpenG2P Admin
MOSIP Partner Specific User Token (PSUT) ID type is configured. See Configure ID Types.

Steps

Configure OpenG2P as a partner on MOSIP

Create an Auth Partner for OpenG2P on MOSIP.
- Guide for MOSIP 1.2.0
- Guide for MOSIP 1.1.5 (TBD)
Create a MISP Partner for OpenG2P on MOSIP.
Note down the following from the above steps:
1. Auth Partner ID
2. Auth Policy ID
3. Auth API Key
4. MISP License Key
5. Auth partner signed certificate
6. IDA Partner certificate (App id: IDA, Ref Id: PARTNER)

Configure OpenG2P as relying party on e-Signet

Using PMS API

This method is applicable if MOSIP Partner Management APIs are available. These steps are executed by MOSIP Partner Admin

Create an e-Signet OIDC client using PMS OIDC API:

POSThttps://api-internal.mec.mosip.net/v1/partnermanager/oidc/client

Body

idstring

versionstring

requesttimestring (date-time)

metadataobject

request*ClientDetailCreateRequest (object)

Response

Body

idstring

versionstring

responsetimestring (date-time)

metadataobject

response*ClientDetailResponse (object)

errorsarray of ErrorResponse (object)

Request

const response = await fetch('https://api-internal.mec.mosip.net/v1/partnermanager/oidc/client', {
    method: 'POST',
    headers: {
      "Content-Type": "application/json"
    },
    body: JSON.stringify({
      "request": {
        "authPartnerId": "text",
        "clientAuthMethods": [
          "text"
        ],
        "grantTypes": [
          "text"
        ],
        "logoUri": "text",
        "name": "text",
        "policyId": "text",
        "redirectUris": [
          "text"
        ]
      }
    }),
});
const data = await response.json();

Response

{
  "id": "text",
  "version": "text",
  "responsetime": "2024-11-21T11:35:08.272Z",
  "response": {
    "clientId": "text",
    "status": "text"
  },
  "errors": [
    {
      "errorCode": "text",
      "message": "text"
    }
  ]
}

authParnterId: Partner ID in this step.
policyId : Policy ID in this step.
publicKey: Generate JWK.
logoUri: URL of your logo accessible publicly.
grantTypes = ["authorization_code"]
clientAuthMethods= ["private_key_jwt"]
redirectUris: URLs of the form https://<your web portal>/auth_oauth/signin

Note down the Client ID as an output of the above step.

Using e-Signet API

This method is applicable if MOSIP Partner Management APIs are not available.

Create an e-Signet OIDC client using the following API:

POSThttps://api-internal.mec.mosip.net/v1/esignet/client-mgmt/oidc-client

Body

requestTimestring

request*ClientDetailCreateRequest (object)

Response

Body

responseTimestring

responseClientDetailResponse (object)

errorsarray of Error (object)

Request

const response = await fetch('https://api-internal.mec.mosip.net/v1/esignet/client-mgmt/oidc-client', {
    method: 'POST',
    headers: {
      "Content-Type": "application/json"
    },
    body: JSON.stringify({
      "request": {
        "authContextRefs": [
          "text"
        ],
        "clientAuthMethods": [
          "text"
        ],
        "clientName": "text",
        "grantTypes": [
          "text"
        ],
        "logoUri": "text",
        "redirectUris": [
          "text"
        ],
        "userClaims": [
          "text"
        ]
      }
    }),
});
const data = await response.json();

Response

{
  "responseTime": "text",
  "response": {
    "clientId": "text",
    "status": "text"
  },
  "errors": [
    {
      "errorCode": "text",
      "errorMessage": "text"
    }
  ]
}

clientId: Arbitrary string.
clientName: Arbitrary string.
relyingParnterId: Partner ID in this step.
publicKey: Generated JWK.

authContextRefs:

["mosip:idp:acr:biometrics","mosip:idp:acr:generated-code"]

userClaims:

["birthdate","address","gender","name","phone_number","email","picture"]

logoUri: URL of your logo accessible publicly.
grantTypes = ["authorization_code"]
clientAuthMethods= ["private_key_jwt"]
redirectUris: URLs of the form https://<your web portal>/auth_oauth/signin

Enable e-Signet on OpenG2P

These steps are executed by OpenG2P Admin on the OpenG2P Admin interface.

Go to Settings -> General Settings (Menu) -> General Settings (Panel) -> Integrations (Section) -> Oauth Providers

Create a new OIDC Provider with the following details:

Parameter

Value

PreviousMap ODK Form NextMap Self Service Portal Form

Last updated 1 year ago