...
login_hint (the users mobile number)
scope (openid, profile, signature. Also possible to add “related party” info here (see example))
acr_values (“sim-sign-pkcs1”. This value is different between authentication/signing methods)
iss (the Client id)
aud (Should have “https://pfzww.audkenni.is:443/sso/oauth2/realms/root/realms/audkenni“)
exp (the lifetime of the token)
binding_message (the message to display at users mobile device)
binding_content (base64 string of a SHA256 hash)
...
The answer from this call should give you a PKCS7 PKCS1 Signature and a signing certificate. The same signature and certificate as is in the Id token from last step.
The signature contains a signing certificate. The REST API service answer is in JSON format.
...
Best practice is to verify the signature and the certificate. Verify the user’s info in the answer against the info in the certificatethe certificate. By decoding the signature using the certificate you should end up with the hash from the earlier step.
The response should include following
signature (PKCS7PKCS1)
documentNr (should be “na”)
certificate (should be “na”signing certificate)
nationalRegisterId (The social id number of the user)
name (The users name)
sub (A unique Id of the user in our system)
...
Code Block | ||
---|---|---|
| ||
{ "signature": "MIIINQYJKoZIhvcNAQcCoIIIJjCCCCICAQExDTALBglghkgBZQMEAgEwCwYJKoZIhvcNAQcBoIIF4zCCBd8wggTHoAMCAQICAx8BXjANBgkqhkiG9w0BAQsFADB+MQswCQYDVQQGEwJJUzETMBEGA1UEBRMKNTIxMDAwMjc5MDEVMBMGA1UEChMMQXVka2VubmkgaGYuMScwJQYDVQQLEx5VdGdlZmFuZGkgZnVsbGdpbGRyYSBza2lscmlramExGjAYBgNVBAMTEUZ1bGxnaWx0IGF1ZGtlbm5pMB4XDTIwMDcyNzEzNDMwMFoXDTI1MDcyNzEzNDI1OVowgZ4xETAPBgNVBAsTCEZ1bGxnaWx0MQswCQYDVQQGEwJJUzEWMBQGA1UECxMNZWlua2Fza2lscmlraTETMBEGA1UECxMKVW5kaXJyaXR1bjEXMBUGA1UECxMOMjAyMDA3MjcxMzQyMDcxEzARBgNVBAUTCjE1MDU3MTQ0ODkxITAfBgNVBAMMGEVpbmFyIMOBcnPDpmxsIEhyYWZuc3NvbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJdW2uBZyY6EROOcnmCcI3s+RM7kXbxepFylbfsDubmChXjVXzN+/KqQDZO/vxLf+h5OPjPaP6LNCO0IY3Uv9kp60OjvKzbFp5qoAYmWfv3lukRjgsR8I1DNklUjNQ8/PZvvbcku7Jr9YWBUWOI3gvgylTiPzX9FKeAxQdO4r06ACrY6uy+LKjAvnFcoN0EaWo5PbU56KVONf3BcQI6RWrQ7p1jBXh0FfyRlZs7fvGCT2P7TYSLKwxQ3cxvxV/cMTtCFrcUNo8o/e704c/F71yysk9G3hd3VR0DHYeWdd4MztqsN9gUk6uOFGblhX7DiMIaXL0vOXMIWLLqQJPjAW9cCAwEAAaOCAkMwggI/MAwGA1UdEwEB/wQCMAAwdwYIKwYBBQUHAQEEazBpMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5hdWRrZW5uaS5pczBCBggrBgEFBQcwAoY2aHR0cDovL2NkcC5pc2xhbmRzcm90LmlzL3NraWxyaWtpL2Z1bGxnaWx0YXVka2VubmkucDdiMIH8BgNVHSAEgfQwgfEwge4GCWCCYAECAQEBAjCB4DCBpgYIKwYBBQUHAgIwgZkagZZUaGlzIGNlcnRpZmljYXRlIGlzIGludGVuZGVkIGZvciBzaWduaW5nLiBUaGlzIGNlcnRpZmljYXRlIGlzIGlzc3VlZCBhcyBhIHF1YWxpZmllZCBjZXJ0aWZpY2F0ZSBpbiBhY2NvcmRhbmNlIHdpdGggYWN0IDI4LzIwMDEgYW5kIERpcmVjdGl2ZSA5OS85My9FQy4wNQYIKwYBBQUHAgEWKWh0dHA6Ly9jcC5hdWRrZW5uaS5pcy9mdWxsZ2lsdGF1ZGtlbm5pL2NwMCIGCCsGAQUFBwEDBBYwFDAIBgYEAI5GAQEwCAYGBACORgEEMA4GA1UdDwEB/wQEAwIGQDAfBgNVHSMEGDAWgBTCKT6G/4bE2jUfaaak/wGDPEozqTBDBgNVHR8EPDA6MDigNqA0hjJodHRwOi8vY3JsLmF1ZGtlbm5pLmlzL2Z1bGxnaWx0YXVka2VubmkvbGF0ZXN0LmNybDAdBgNVHQ4EFgQU7DZT11totrLGdrXZ0KSudQ2BBDwwDQYJKoZIhvcNAQELBQADggEBALf6M/B82tklXSRH0POeNaAwAl3MjN1uuiD/vPTC63vJWTz1Ux2uE1wQIsdj4+gg5ncj38mUv27ai2ZrgD74kRe6Wenv0SyrjpeVFIN8e5BLvqf96Sm/ifH3KXSMzk+5fjgsFfJt6z0nvfEzpL2WEet7dTZeyTjUP3FbEu5CQHsi9ivr5LfVwkbHuTZgtlDO+N5eLxmHj0A64sg4El2F5GwDym4bSLLkGPcU9BnQi6oPbCtBtOi7CitRUOC1Uv4h/E29mLr0XjupOplaMSvOAuwNIfcXlDHCVY1x2KUnjKFu8UT0x6Xsi1RfuKw9pstdNPZ2kzADD6FBMK/LNgp+tToxggIYMIICFAIBATCBhTB+MQswCQYDVQQGEwJJUzETMBEGA1UEBRMKNTIxMDAwMjc5MDEVMBMGA1UEChMMQXVka2VubmkgaGYuMScwJQYDVQQLEx5VdGdlZmFuZGkgZnVsbGdpbGRyYSBza2lscmlramExGjAYBgNVBAMTEUZ1bGxnaWx0IGF1ZGtlbm5pAgMfAV4wCwYJYIZIAWUDBAIBoGkwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMjEwMTIwMTEyNjQzWjAvBgkqhkiG9w0BCQQxIgQgPGTLf+dyKYSA/GKQ2rZqEQepf/rYHLggJrctYkLGbSwwCwYJKoZIhvcNAQEBBIIBAFbkZl74saEOMk2epUG3GT2i24sfcAqvtzmaTnnhbMKCYOvJXyffnAwNoPF8Un1NsYd5PA6FCuL3j7f6uXgRAO5RD/lj7E9x+4RV161H4nELaOsUuYYeGRluiDPazw20QvUo7+AvKhUkmfxgloDLffwkTNZYBwpdWk64+i3TL5L38Ptjr2NVWOQaXSyEfjqbgzXRQkzaN5ufRCghTwRRMM9bqzei5dhPHDPIMwt4/nn5gH63Gzl1YDNs9mPcouofAxrAuEsXhxGQ+LOZKTjpdYB4iSvlianFxRWCqfpvZYkcRXz4fOePFJhcVT0pmXF10FeJ0k2chf4j9CWfeZsxaA0=", GKW/CmGmNJ1/p7EMPxQuoE/WQ/nQfGfusIe3i8jgPpCwOphUS57SAH/nKevPP6to3+Mfr2WhZePd5NOf1E/SivFDn4dBSbe92n1HpUYhH7sXgyDR+IlWUmFw0CKKQ2hkYRMU7fW1TCKzQxs30m9vik6XkfcQisIIEdWUU5eP3oi+HF5HHZ8GzSGa23oA39t56+Gz+TIUH6G3OevIJv7xQgl8cJd+ZwlUtvQQQbRwZVdmC4ZFQ+rfW7h3TCmZqbBuO9CQnOWYAmx9vkynEyaVbkt89/cy2D5YRBjgiT87j7fJv89a5K05EMPgF/eeCNOSoCGFS0H01Y5FIRAL/nkpOI0EA==", "documentNr": "na", "certificate": "naMIIF3zCCBMegAwIBAgIDHwFeMA0GCSEWeioKus3DQEBCwUAMH4xCzAJBgNVBAYTAklTMRMwEQYDVQQFEwo1MjEwMDAyNzkwMRUwEwYDVQQKEwxBdWRrZW5uaSBoZi4xJzAlBgNVBAsTHlV0Z2VmYW5kaSBmdWxsZ2lsZHJhIHNraWxyaWtqYTEaMBgGA1UEAxMRRnVsbGdpbHQgYXVka2VubmkwHhcNMjAwNzI3MTM0MzAwWhcNMjUwNzI3MTM0MjU5WjCBnjERMA8GA1UECxMIRnVsbGdpbHQxCzAJBgNVBAYTAklTMRYwFAYDVQQLEw1laW5rYXNraWxyaWtpMRMwEQYDVQQLEwpVbmRpcnJpdHVuMRcwFQYDVQQLEw4yMDIwMDcyNzEzNDIwNzETMBEGA1UEBRMKMTUwNTcxNDQ4OTEhMB8GA1UEAwwYRWluYXIgw4Fyc8OmbGwgSHJhZm5zc29uMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl1ba4FnJjoRE45yeYJwjez5EzuRdvF6kXKVt+wO5uYKFeNVfM378qpANk7+/Et/6Hk4+M9o/os0I7QhjdS/2SnrQ6O8rNsWnmqgBiZZ+/eW6RGOCxHwjUM2SVSM1Dz89m+9tyS7smv1hYFRY4jeC+DKVOI/Nf0Up4DFB07ivToAKtjq7L4sqMC+cVyg3QRpajk9tTnopU41/cFxAjpFatDunWMFeHQV/JGVmzt+8YJPY/tNhIsrDFDdzG/FX9wxO0IWtxQ2jyj97vThz8XvXLKyT0beF3dVHQMdh5Z13gzO2qw32BSTq44UZuWFfsOIwhpcvS85cwhYsupAk+MBb1wIDAQABo4ICQzCCAj8wDAYDVR0TAQH/BAIwADB3BggrBgEFBQcBAQRrMGkwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmF1ZGtlbm5pLmlzMEIGCCsGAQUFBzAChjZodHRwOi8vY2RwLmlzbGFuZHNyb3QuaXMvc2tpbHJpa2kvZnVsbGdpbHRhdWRrZW5uaS5wN2IwgfwGA1UdIASB9DCB8TCB7gYJYIJgAQIBAQECMIHgMIGmBggrBgEFBQcCAjCBmRqBllRoaXMgY2VydGlmaWNhdGUgaXMgaW50ZW5kZWQgZm9yIHNpZ25pbmcuIFRoaXMgY2VydGlmaWNhdGUgaXMgaXNzdWVkIGFzIGEgcXVhbGlmaWVkIGNlcnRpZmljYXRlIGluIGFjY29yZGFuY2Ugd2l0aCBhY3QgMjgvMjAwMSBhbmQgRGlyZWN0aXZlIDk5LzkzL0VDLjA1BggrBgEFBQcCARYpaHR0cDovL2NwLmF1ZGtlbm5pLmlzL2Z1bGxnaWx0YXVka2VubmkvY3AwIgYIKwYBBQUHAQMEFjAUMAgGBgQAjkYBATAIBgYEAI5GAQQwDgYDVR0PAQH/BAQDAgZAMB8GA1UdIwQYMBaAFMIpPob/hsTaNR9ppqT/AYM8SjOpMEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly9jcmwuYXVka2VubmkuaXMvZnVsbGdpbHRhdWRrZW5uaS9sYXRlc3QuY3JsMB0GA1UdDgQWBBTsNlPXW2i2ssZ2tdnQpK51DYEEPDANBgkqhkiG9w0BAQsFAAOCAQEAt/oz8Hza2SVdJEfQ8541oDACXcyM3W66IP+89MLre8lZPPVTHa4TXBAix2Pj6CDmdyPfyZS/btqLZmuAPviRF7pZ6e/RLKuOl5UUg3x7kEu+p/3pKb+J8fcpdIzOT7l+OCwV8m3rPSe98TOkvZYR63t1Nl7JONQ/cVsS7kJAeyL2K+vkt9XCRse5NmC2UM743l4vGYePQDriyDgSXYXkbAPKbhtIsuQY9xT0GdCLqg9sK0G06LsKK1FQ4LVS/iH8Tb2YuvReO6k6mVoxK84C7A0h9xeUMcJVjXHYpSeMoW7xRPTHpeyLVF+4rD2my1009naTMAMPoUEwr8s2Cn61Og==", "nationalRegisterId": "1406714889", "name": "Einar Helgi Hrafnsson", "sub": "10935f1e-2638-4f9c-80d2-3fb45241522c" } |
...