FrejaEIDSignRequestValve

Creates a sign request to the Freja e-ID backend. Typically used with the sign API module.  Because of this, the data used is expected to come from the request. Not an item.

The valve will create an item if none is present.

For more detailed information see https://frejaeid.com/rest-api/Signature%20Service.html

Properties

Name Description Default value Mandatory Supports property expansion
keystoreID The id of the keystore in configuration Yes No
mode Decides the target endpoint to send the request to. Allowed values are 'test_personal_sign,production_organisation_sign,production_personal_sign,test_organisation_sign,test_personal_sign'. Only one value is allowed. Yes No
relyingPartyId Defines the relying party ID. Used with partner certificate which is allowed to be used for multiple customers. No Yes
customer Used for event logging to add differentiator if desired. No No

Example Configuration

{
      "name" : "FrejaEIDSignRequestValve",
      "config" : {
        "keystoreID" : "93f5e7e1-c3f4-436b-9bbc-0b94d454a352",
        "mode" : "production_personal_sign"
      }
    }

Requirements

  • The server must trust the Freja e-ID backend TLS certificate (cacerts update).
  • A client certificate & private key (keystore) thsat is issued by Freja e-ID is present in the configuration.

Request parameters

The incoming request must contain the following parameters:

  • attributesToGet, indicates what data the backend will release after a successful signature.  Valid values are: BASIC_USER_INFO,EMAIL_ADDRESS,ALL_EMAIL_ADDRESSES,DATE_OF_BIRTH,ADDRESSES,ORGANISATION_ID_IDENTIFIER,SSN.
  • reqiredRegistrationLevel valid value is one of: BASIC, EXTENDED, PLUS
  • userInfoType,  valid value is one of: PHONE, EMAIL, SSN, ORG_ID
  • userIdentifier, must contain a matching value of the Freja e-ID profile. An email address for instance
  • visibleDataToSign, the text shown to the user. This MUST be base64 encoded.

Example request

{
   "attributesToGet":"SSN,BASIC_USER_INFO",
   "reqiredRegistrationLevel":"EXTENDED",
   "userInfoType":"email",
   "visibleDataToSign":"U2lnbiBpdA==",
   "userIdentifier":"usern@acme.com"
}

Optional request parameters

  • requirePin, "true/false", user must use pin before operation is visible 
  • title - Title of the request
  • pushTitle
  • pushMessage
  • expiry - For how long is the request valid. Must be of the format JAVA instant/ISO-8601.
  • invisibleDataToSign -Base64 data that is not visible to the user