Integrate with MOSIP e-Signet
This guide provides steps to integrate OpenG2P with e-Signet with MOSIP as the authentication provider.
- 1.MOSIP IDA is installed
- 2.The e-Signet server is installed and configured to connect to MOSIP IDA
- 3.MOSIP IDA APIs are accessible from the machine running the e-Signet server
- 4.Both Yes/No and KYC APIs are enabled on MOSIP IDA
- 5.e-Signet APIs are accessible from machines running OpenG2P
- 6.Biometric auth devices (already onboarded on MOSIP) are available for authentication
- 7.Email and SMS are enabled on MOSIP IDA for OTP authentication
- 8.MOSIP Partner Management Services (PMS) Portal or APIs must be accessible to both MOSIP Partner Admin and OpenG2P Admin
- 2.Create a MISP Partner for OpenG2P on MOSIP.
- 3.Note down the following from the above steps:
- 1.Auth Partner ID
- 2.Auth Policy ID
- 3.Auth API Key
- 4.MISP License Key
- 5.Auth partner signed certificate
- 6.IDA Partner certificate (App id: IDA, Ref Id: PARTNER)
This method is applicable if MOSIP Partner Management APIs are available. These steps are executed by MOSIP Partner Admin
- 1.Create an e-Signet OIDC client using PMS OIDC API:
Note down the Client ID as an output of the above step.
This method is applicable if MOSIP Partner Management APIs are not available.
- 1.Create an e-Signet OIDC client using the following API:
logoUri: URL of your logo accessible publicly.
redirectUris: URLs of the form
https://<your web portal>/auth_oauth/signin
These steps are executed by OpenG2P Admin on the OpenG2P Admin interface.
- 1.Go to Settings -> General Settings (Menu) -> General Settings (Panel) -> Integrations (Section) -> Oauth Providers
- 2.Create a new OIDC Provider with the following details:
Client Authentication Method
Private Key Method
e-Signet's authorize endpoint.
e-Signet's userinfo API
e-Signet's token API
e-Signet's JWKS API
Use G2P Reg ID
G2P Registrant ID Type
MOSIP PSUT ID Type
Partner Creation Call Validate URL
Specifies whether to call the MOSIP e-KYC API to fetch data into OpenG2P
Partner Creation Validate Response
Default Group User Creation
Specifies all users signing up through this OIDC Provider (e-Signet) are only going to be portal users
Login Attribute Mapping On User Creation
To allow users to sign in with their email and password after initial signup with e-Signet.