LogoLogo
PlatformUse CasesCommunityBlog
1.2
1.2
  • ๐Ÿ Home
  • ๐ŸฉPLATFORM
    • Architecture
    • Modules
      • Program & Beneficiary Management System
        • Program Management
        • Program Disbursement Cycles
        • Beneficiary Management
        • ID Verification
        • Beneficiary Registry
        • Eligibility
          • Proxy Means Test
        • Deduplication
        • Enrolment
        • Entitlement
        • Disbursement
          • In-kind Transfer
          • Digital Cash Transfer
          • Voucher
        • Self Service Portal
        • Document Management
        • Multi-tenancy
        • Notifications
        • Accounting
        • Administration
          • Multi-tenancy
          • RBAC
          • i18n
      • Social Registry
      • Registration Tool Kit
        • ODK Collection App
      • SPAR
      • G2P Cash Transfer Bridge
        • File-based Payment Backend
      • 4Sure Verifier
    • Monitoring and Reporting
    • Logging
    • Privacy and Security
      • Key Manager
      • Key Manager Architecture
    • Interoperability
    • Integrations
      • OpenG2P eSignet Integration
      • OpenG2P M-Pesa Integration
      • OpenG2P Mojaloop Integration
    • Technology Stack
    • Reference
      • โ†”๏ธAPI
    • Releases
      • 1.1.0
        • Release Notes
    • License
      • OpenG2P Support Policy
    • FAQ
  • โ›ŽUSE CASES
    • Use Cases
      • Immediate Assistance On Demand
      • Registration using Self Service Portal
      • Registration in Low Connectivity Areas
      • Service Provider Reimbursement
  • ๐Ÿ—„๏ธDEPLOYMENT
    • Deployment Architecture
    • Infrastructure Setup
      • Hardware Requirements
      • Wireguard Server Setup
      • Rancher Setup
      • NFS Server Setup
      • OpenG2P K8s Cluster Setup
      • Loadbalancer Setup
    • External Components Setup
      • PostgreSQL Server Deployment
      • Keycloak Deployment
      • Minio Deployment
      • ODK Central Deployment
      • Kafka Deployment
      • Logging & OpenSearch Deployment
      • Keymanager Deployment
      • eSignet Deployment
    • OpenG2P Modules Deployment
      • PBMS Deployment
        • Post Install Configuration
      • Social Registry Deployment
      • GCTB Deployment
      • SPAR Deployment
        • SPAR Post Installation Configuration
      • Reporting Deployment
    • Deployment Guides
      • Giving Access to Users
      • Packaging OpenG2P Docker
      • SSL Certificates using Letsencrypt
      • Install WireGuard Client on Desktop/Laptop
      • Install WireGuard Client on Android Device
      • Make Environment Publicly Accessible using AWS LB Configuration
  • ๐Ÿ‘จโ€๐Ÿ’ปDEVELOPER ZONE
    • Getting Started
      • Installing OpenG2P On Linux
    • Repositories
      • openg2p-mts
        • MTS Connector
        • OpenG2P Registry MTS Connector
      • openg2p-documents
      • openg2p-formio
        • G2P Formio
      • openg2p-registry
        • G2P Registry: Rest API Extension Demo
        • G2P Registry: Additional Info REST API
        • G2P Registry: Bank Details Rest API
        • G2P Registry: Additional Info
        • G2P Registry:Bank Details
        • G2P Registry:Membership
        • G2P Registry: Group
        • G2P Registry: Individual
        • G2P Registry: Base
        • G2P Registry: Rest API
      • openg2p-program
        • OpenG2P Program Payments: In Files
        • OpenG2P Program: Documents
        • OpenG2P Program Payment (Payment Hub EE)
        • G2P Programs: REST API
        • G2P Program : Program Registrant Info Rest API
        • OpenG2P Entitlement: Differential
        • G2P Program Payment Manager: Payment Interoperability Layer
        • G2P Program Approval
        • OpenG2P Entitlement Voucher
        • OpenG2P Program Assessment
        • OpenG2P Program Reimbursement
        • OpenG2P Program Registrant Info
        • OpenG2P Program Payment Cash
        • OpenG2P Program Payment Simple Mpesa Payment Manager
        • OpenG2P Programs Cycleless
        • OpenG2P Programs Autoenrol
        • OpenG2P Entitlement In-kind
        • G2P SelfServicePortal
        • OpenG2P Program Payment: G2P Connect Payment Manager
        • G2P Notifications: Wiserv SMS Service Provider
        • G2P: Proxy Means Test
      • openg2p-testing
      • openg2p-fastapi-template
      • openg2p-fastapi-common
        • OpenG2P FastAPI Common
        • OpenG2P FastAPI Auth
        • OpenG2P Common: G2P Connect ID Mapper
      • social-payments-account-registry
      • g2p-cash-transfer-bridge
      • openg2p-deployment
      • openg2p-documentation
      • openg2p-helm
      • openg2p-theme
      • openg2p-portal-api
      • openg2p-mosip
      • openg2p-notifications
      • openg2p-packaging
      • openg2p-importers
        • G2P ODK Importer
      • openg2p-documents
      • openg2p-reporting
      • openg2p-self-service-portal
      • openg2p-portal
      • odoo-json-field
      • spar-ui
      • openg2p-auth
      • openg2p-voucher-scanner-app
      • openg2p-security
      • openg2p-mts
      • server-auth
      • openg2p-data
      • openg2p-esignet
      • spar-load-test
      • 4sure
    • Testing
      • Test Workflow
      • Automation Framework
  • ๐Ÿ‘ฉโ€๐Ÿ’ปCOMMUNITY
    • Contributing
    • Code of Conduct
  • ๐Ÿ“”USER GUIDES
    • Platform Guides
      • Registration
        • Self Register Online
        • ODK
          • Create a Project for a Program
          • Create a Form
          • Upload a Form
          • Upload revised Form
          • Test a Form
          • Publish a Form
          • Provide Form Access to Field Agent
          • Download Form on ODK Collect
          • Delete a Form
          • Register Offline
        • ODK Importer
          • Customize the ODK Importer Configuration based on the ODK Form Fields
      • Authentication
        • Integrate with MOSIP e-Signet
      • Deduplication
        • Deduplicate Registrants
      • Eligibility and Program Enrollment
        • Enrol Registrants into Program
        • Program
          • Create Manager Type
            • Create Eligibility Manager Types
              • Create Default Eligibility Manager
              • Create ID Document Eligibility Manager
              • Create Phone Number Eligibility Manager
            • Create Deduplication Manager Types
              • Create ID Deduplication Manager
              • Create Phone Number Deduplication
            • Create Notification Manager Types
              • Create SMS Notification Manager
              • Create Email Notification Manager
              • Create Fast2SMS Notification Manager
            • Create Entitlement Manager Type
              • Create Default Entitlement Manager
              • Create Voucher Entitlement Manager
            • Create Payment Manager Types
              • Create Payment Hub EE Payment Manager
              • Create Payment Interoperability Layer Payment Manager
              • Create Default Payment Manager
              • Create Cash Payment Manager
              • Create File Payment Manager
          • Create Program
          • Map Self-Service Portal Form
          • Create Eligibility Manager under Program
          • Create Deduplication Manager under Program
          • Create Notification Manager under Program
          • Configure Program Manager under Program
          • Create Entitlement Voucher Template
        • Configuration
          • Configure Proxy Means Test
          • Configure ID Types
          • Configure Entitlement Manager under Program
          • Configure Payment Manager in Program
        • Approval
          • Create and Approve Program Cycle
          • Multi-Stage Approval
        • MTS Connector
          • Create MTS Connector
            • Create ODK MTS Connector
            • Create OpenG2P Registry MTS Connector
        • Settings
          • Create User and Assign Role
        • Website
          • Create Self-Service Portal Form
      • Notification
        • Send Notifications to Individual Registrants
        • Prepare and Send Payment
      • Entitlement
        • Install SmartScanner App
      • Cash Transfer
        • Reimbursement
          • Submit Reimbursement Using the Service Provider Portal
          • Reimburse the service provider
      • Accounting and Reporting
      • SPAR
        • Self Update ID with Financial Address information
        • Admin Guide to Link ID with Financial Address information
      • 4Sure
        • Verify Digital Credentials using 4Sure
        • Verify and Populate the form in ODK Collect using 4Sure
    • Documentation Guides
      • Documentation Guidelines
      • OpenG2P Module Doc Template
  • BLOG
    • Articles
      • OpenG2P and SDG Goals
      • OpenG2P - A Building Block for DPI
    • Case Studies
Powered by GitBook
LogoLogo

Copyright ยฉ 2024 OpenG2P. This work is licensed under Creative Commons Attribution International LicenseCC-BY-4.0 unless otherwise noted.

On this page
  1. USER GUIDES
  2. Platform Guides
  3. Authentication

Integrate with MOSIP e-Signet

PreviousAuthenticationNextDeduplication

Last updated 1 year ago

Description

This guide provides steps to integrate as the authentication provider.

Pre-requisites

  1. MOSIP IDA is installed

  2. The e-Signet server is installed and configured to connect to MOSIP IDA

  3. MOSIP IDA APIs are accessible from the machine running the e-Signet server

  4. Both Yes/No and KYC APIs are enabled on MOSIP IDA

  5. e-Signet APIs are accessible from machines running OpenG2P

  6. Biometric auth devices (already onboarded on MOSIP) are available for authentication

  7. Email and SMS are enabled on MOSIP IDA for OTP authentication

  8. MOSIP Partner Management Services (PMS) Portal or APIs must be accessible to both MOSIP Partner Admin and OpenG2P Admin

  9. MOSIP Partner Specific User Token (PSUT) ID type is configured. See .

Steps

Configure OpenG2P as a partner on MOSIP

  1. Create an Auth Partner for OpenG2P on MOSIP.

    • Guide for MOSIP 1.1.5 (TBD)

  2. Create a MISP Partner for OpenG2P on MOSIP.

  3. Note down the following from the above steps:

    1. Auth Partner ID

    2. Auth Policy ID

    3. Auth API Key

    4. MISP License Key

    5. Auth partner signed certificate

    6. IDA Partner certificate (App id: IDA, Ref Id: PARTNER)

Configure OpenG2P as relying party on e-Signet

Using PMS API

This method is applicable if MOSIP Partner Management APIs are available. These steps are executed by MOSIP Partner Admin

  1. Create an e-Signet OIDC client using PMS OIDC API:

  • logoUri: URL of your logo accessible publicly.

  • grantTypes = ["authorization_code"]

  • clientAuthMethods= ["private_key_jwt"]

  • redirectUris: URLs of the form https://<your web portal>/auth_oauth/signin

Note down the Client ID as an output of the above step.

Using e-Signet API

This method is applicable if MOSIP Partner Management APIs are not available.

  1. Create an e-Signet OIDC client using the following API:

  • clientId: Arbitrary string.

  • clientName: Arbitrary string.

  • authContextRefs:

    ["mosip:idp:acr:biometrics","mosip:idp:acr:generated-code"]
  • userClaims:

    ["birthdate","address","gender","name","phone_number","email","picture"]
  • logoUri: URL of your logo accessible publicly.

  • grantTypes = ["authorization_code"]

  • clientAuthMethods= ["private_key_jwt"]

  • redirectUris: URLs of the form https://<your web portal>/auth_oauth/signin

Enable e-Signet on OpenG2P

These steps are executed by OpenG2P Admin on the OpenG2P Admin interface.

  1. Go to Settings -> General Settings (Menu) -> General Settings (Panel) -> Integrations (Section) -> Oauth Providers

  1. Create a new OIDC Provider with the following details:

Parameter
Value

Client ID

Auth Flow

OpenID Connect (authorization code flow)

Token map

sub:user_id

Client Authentication Method

Private Key JWT

Private Key Method

Assertion Type

JWT Bearer

Authorization URL

e-Signet's authorize endpoint.

Userinfo URL

e-Signet's userinfo API

Token URL

e-Signet's token API

JWKS URL

e-Signet's JWKS API

Use G2P Reg ID

True

G2P Registrant ID Type

MOSIP PSUT ID Type

Partner Creation Call Validate URL

True

Specifies whether to call the MOSIP e-KYC API to fetch data into OpenG2P

Partner Creation Validate Response

name:name email:email phone:phone_number birthdate:birthdate gender:gender address:address

Default Group User Creation

User types / Portal

Specifies all users signing up through this OIDC Provider (e-Signet) are only going to be portal users

Login Attribute Mapping On User Creation

email

To allow users to sign in with their email and password after initial signup with e-Signet.

for MOSIP 1.2.0

authParnterId: Partner ID in step.

policyId : Policy ID in step.

publicKey: Generate .

relyingParnterId: Partner ID in step.

publicKey: Generated .

The output of the .

Private key used for JWK creation in the .

Example:

Example:

Example:

Example:

As configured in step 9 of .

๐Ÿ“”
OpenG2P with e-Signet with MOSIP
Configure ID Types
Guide
JWK
JWK
this
this
this
https://esignet.mec.mosip.net/authorize
https://api.mec.mosip.net/v1/esignet/oidc/userinfo
https://api.mec.mosip.net/v1/esignet/oauth/token
https://api.mec.mosip.net/v1/esignet/oauth/.well-known/jwks.json
previous section
previous section
Prerequisites
post
Body
idstringOptional
versionstringOptional
requesttimestring ยท date-timeOptional
metadataobjectOptional
Responses
200
OK
application/json
post
POST /v1/partnermanager/oidc/client HTTP/1.1
Host: api-internal.mec.mosip.net
Content-Type: application/json
Accept: */*
Content-Length: 287

{
  "id": "text",
  "version": "text",
  "requesttime": "2025-05-13T05:56:05.679Z",
  "metadata": {},
  "request": {
    "name": "text",
    "policyId": "text",
    "publicKey": {
      "ANY_ADDITIONAL_PROPERTY": {}
    },
    "authPartnerId": "text",
    "logoUri": "text",
    "redirectUris": [
      "text"
    ],
    "grantTypes": [
      "text"
    ],
    "clientAuthMethods": [
      "text"
    ]
  }
}
200

OK

{
  "id": "text",
  "version": "text",
  "responsetime": "2025-05-13T05:56:05.679Z",
  "metadata": {},
  "response": {
    "clientId": "text",
    "status": "text"
  },
  "errors": [
    {
      "errorCode": "text",
      "message": "text"
    }
  ]
}
  • Description
  • Pre-requisites
  • Steps
  • Configure OpenG2P as a partner on MOSIP
  • Configure OpenG2P as relying party on e-Signet
  • POST/oidc/client
  • POST/client-mgmt/oidc-client
  • Enable e-Signet on OpenG2P
post
Body
requestTimestringOptional
Responses
200
OK
application/json
post
POST /v1/esignet/client-mgmt/oidc-client HTTP/1.1
Host: api-internal.mec.mosip.net
Content-Type: application/json
Accept: */*
Content-Length: 280

{
  "requestTime": "text",
  "request": {
    "clientId": "text",
    "clientName": "text",
    "publicKey": {
      "ANY_ADDITIONAL_PROPERTY": {}
    },
    "relyingPartyId": "text",
    "userClaims": [
      "text"
    ],
    "authContextRefs": [
      "text"
    ],
    "logoUri": "text",
    "redirectUris": [
      "text"
    ],
    "grantTypes": [
      "text"
    ],
    "clientAuthMethods": [
      "text"
    ]
  }
}
200

OK

{
  "responseTime": "text",
  "response": {
    "clientId": "text",
    "status": "text"
  },
  "errors": [
    {
      "errorCode": "text",
      "errorMessage": "text"
    }
  ]
}