search

Integrate with MOSIP e-Signet

hashtag
Description

This guide provides steps to integrate OpenG2P with e-Signet with MOSIP as the authentication provider.

hashtag
Pre-requisites

  1. MOSIP IDA is installed

  2. The e-Signet server is installed and configured to connect to MOSIP IDA

  3. MOSIP IDA APIs are accessible from the machine running the e-Signet server

  4. Both Yes/No and KYC APIs are enabled on MOSIP IDA

  5. e-Signet APIs are accessible from machines running OpenG2P

  6. Biometric auth devices (already onboarded on MOSIP) are available for authentication

  7. Email and SMS are enabled on MOSIP IDA for OTP authentication

  8. MOSIP Partner Management Services (PMS) Portal or APIs must be accessible to both MOSIP Partner Admin and OpenG2P Admin

  9. MOSIP Partner Specific User Token (PSUT) ID type is configured. See Configure ID Types.

hashtag
Steps

hashtag
Configure OpenG2P as a partner on MOSIP

  1. Create an Auth Partner for OpenG2P on MOSIP.

  2. Create a MISP Partner for OpenG2P on MOSIP.

  3. Note down the following from the above steps:

    1. Auth Partner ID

    2. Auth Policy ID

    3. Auth API Key

    4. MISP License Key

    5. Auth partner signed certificate

    6. IDA Partner certificate (App id: IDA, Ref Id: PARTNER)

hashtag
Configure OpenG2P as relying party on e-Signet

hashtag
Using PMS API

This method is applicable if MOSIP Partner Management APIs are available. These steps are executed by MOSIP Partner Admin

  1. Create an e-Signet OIDC client using PMS OIDC API:

post
Body
idstringOptional
versionstringOptional
requesttimestring Β· date-timeOptional
metadataobjectOptional
Responses
chevron-right
200

OK

application/json
idstringOptional
versionstringOptional
responsetimestring Β· date-timeOptional
metadataobjectOptional
post
/oidc/client
200

OK

  • authParnterId: Partner ID in this step.

  • policyId : Policy ID in this step.

  • publicKey: Generate JWKarrow-up-right.

  • logoUri: URL of your logo accessible publicly.

  • grantTypes = ["authorization_code"]

  • clientAuthMethods= ["private_key_jwt"]

  • redirectUris: URLs of the form https://<your web portal>/auth_oauth/signin

Note down the Client ID as an output of the above step.

hashtag
Using e-Signet API

This method is applicable if MOSIP Partner Management APIs are not available.

  1. Create an e-Signet OIDC client using the following API:

post
Body
requestTimestringOptional
Responses
chevron-right
200

OK

application/json
responseTimestringOptional
post
/client-mgmt/oidc-client
200

OK

  • clientId: Arbitrary string.

  • clientName: Arbitrary string.

  • relyingParnterId: Partner ID in this step.

  • publicKey: Generated JWKarrow-up-right.

  • authContextRefs:

  • userClaims:

  • logoUri: URL of your logo accessible publicly.

  • grantTypes = ["authorization_code"]

  • clientAuthMethods= ["private_key_jwt"]

  • redirectUris: URLs of the form https://<your web portal>/auth_oauth/signin

hashtag
Enable e-Signet on OpenG2P

These steps are executed by OpenG2P Admin on the OpenG2P Admin interface.

  1. Go to Settings -> General Settings (Menu) -> General Settings (Panel) -> Integrations (Section) -> Oauth Providers

  1. Create a new OIDC Provider with the following details:

Parameter
Value

Client ID

The output of the previous section.

Auth Flow

OpenID Connect (authorization code flow)

Token map

sub:user_id

Client Authentication Method

Private Key JWT

Private Key Method

Private key used for JWK creation in the previous section.

Assertion Type

JWT Bearer

Authorization URL

e-Signet's authorize endpoint.

Example: https://esignet.mec.mosip.net/authorizearrow-up-right

Userinfo URL

e-Signet's userinfo API

Example: https://api.mec.mosip.net/v1/esignet/oidc/userinfoarrow-up-right

Token URL

e-Signet's token API

Example: https://api.mec.mosip.net/v1/esignet/oauth/tokenarrow-up-right

JWKS URL

e-Signet's JWKS API

Example: https://api.mec.mosip.net/v1/esignet/oauth/.well-known/jwks.jsonarrow-up-right

Use G2P Reg ID

True

G2P Registrant ID Type

MOSIP PSUT ID Type

As configured in step 9 of Prerequisites.

Partner Creation Call Validate URL

True

Specifies whether to call the MOSIP e-KYC API to fetch data into OpenG2P

Partner Creation Validate Response

name:name email:email phone:phone_number birthdate:birthdate gender:gender address:address

Default Group User Creation

User types / Portal

Specifies all users signing up through this OIDC Provider (e-Signet) are only going to be portal users

Login Attribute Mapping On User Creation

email

To allow users to sign in with their email and password after initial signup with e-Signet.

PreviousSelf Register OnlineNextCreate ODK Form

Last updated