FrejaEIDAuthRequestValve

Creates a authentication request to the Freja e-ID backend. Typically used with the authentication API module.  Because of this, the data used is expected to come from the request. Not an item. If you want the data to come from an item, use the "propsFromItem" config parameter.

The valve will create an item if none is present.

For more detailed information see https://frejaeid.com/rest-api/Authentication%20Service.html

Properties

Name Description Default value Mandatory Supports property expansion
keystoreID The id of the keystore in configuration Yes No
mode Decides the target endpoint to send the request to. Allowed values are 'test_personal_auth,production_organisation_auth,production_personal_auth,test_organisation_auth,test_personal_auth'. Only one value is allowed. Yes No
relyingPartyId Defines the relying party ID. Used with partner certificate which is allowed to be used for multiple customers. No Yes
customer Used for event logging to add differentiator if desired. No No
propsFromItem Whether or not to fetch the Freja eID request properties from the flow item instead of the request. false No No

Example Configuration

{
      "name" : "FrejaEIDAuthRequestValve",
      "config" : {
        "keystoreID" : "93f5e7e1-c3f4-436b-9bbc-0b94d454a352",
        "mode" : "production_personal_auth"
      }
    }

Requirements

  • The server trusts the Freja e-ID backend TLS certificate.
  • A client certificate & private key (keystore) thsat is issued by Freja e-ID is present in the configuration.

Request parameters

The incoming request must contain the following parameters:

  • attributesToGet, indicates what data the backend will release after a successful signature.  Valid values are: BASIC_USER_INFO,EMAIL_ADDRESS,ALL_EMAIL_ADDRESSES,DATE_OF_BIRTH,ADDRESSES,ORGANISATION_ID_IDENTIFIER,SSN.
  • reqiredRegistrationLevel valid value is one of: BASIC, EXTENDED, PLUS
  • userInfoType,  valid value is one of: PHONE, EMAIL, SSN, ORG_ID, INFERRED 
  • userIdentifier, must contain a matching value of the Freja e-ID profile. An email address for instance. If INFERRED (QR-code), put this as N/A.

Example request

<p>{
   "attributesToGet":"SSN,BASIC_USER_INFO",
   "reqiredRegistrationLevel":"EXTENDED",
   "userInfoType":"email",
   "userIdentifier":"[email protected]"
}</p>
Click to copy
{
   "attributesToGet":"SSN,BASIC_USER_INFO",
   "reqiredRegistrationLevel":"EXTENDED",
   "userInfoType":"INFERRED",
   "userIdentifier":"N/A"
}

Optional parameters

  • requirePin, "true/false", user must use pin before operation is visible 
  • title - Title of the request
  • pushTitle
  • pushMessage
  • expiry - For how long is the request valid. Must be of the format JAVA instant/ISO-8601.