Step by step instructions for service providers on how to Signing using CIBA and SIM certificate.
Table of Contents
| Table of Contents |
|---|
Requirements
For all steps to be successful the following must be at hand.
During setup
Client Id (received from Auðkenni)
Client secret (received from Auðkenni)
Related party (not necessary)
Base URI (received from Auðkenni)
Private Key (to sign a JSON Web Token)
Public Key (to give to Auðkenni for configuration)
Information needed at runtime
User’s mobile number
Message text for user (Including any verification messages: number, text etc.)
Setup requirements used in the examples
Client id: myCibaClientId
Client secret: MyApiClientP4$sW
Base URI: pfzww.audkenni.is
Private Key: Not shown here for security reasons
Public Key: Not shown
All code examples are generated using Postman. They are therefore only for demo.
Step 1
Step 1: (Creating JSON Web Token)
The first step is to create a signed JWT to use for CIBA communication.
What the JWT need to include
login_hint (the users mobile number)
scope (openid, profile, signature. Also possible to add “related party” info here (see example))
acr_values (“sim-sign”. This value is different between authentication/signing methods)
iss (the Client id)
aud (Should have “https://pfzww.audkenni.is:443/sso/oauth2/realms/root/realms/audkenni“)
exp (the lifetime of the token)
binding_message (the message to display at users mobile device)
binding_content (base64 string of a SHA256 hash)
Also needed to create the JWT
Private key (to sign the JWT)
Alg info (Should be “RS256”)
Example of JWT
| Code Block |
|---|
eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJsb2dpbl9oaW50IjoiOTg3NjU0MyIsInNjb3BlIjoib3BlbmlkIHByb2ZpbGUgc2lnbmF0dXJlIFJFTEFURURQQVJUWTpNeU93bkNsaWVudCIsImFjcl92YWx1ZXMiOiJzaW0tc2lnbiIsImlzcyI6Im15Q2liYUNsaWVudElkIiwiYXVkIjoiaHR0cHM6Ly9wZnp3dy5hdWRrZW5uaS5pczo0NDMvc3NvL29hdXRoMi9yZWFsbXMvcm9vdC9yZWFsbXMvYXVka2VubmkiLCJleHAiOjE2MTExNDE4MDMuOTgxLCJiaW5kaW5nX21lc3NhZ2UiOiJBdcOwa2VubmkgU0lNIFNpZ25pbmciLCJiaW5kaW5nX2NvbnRlbnQiOiJQR1RMZitkeUtZU0EvR0tRMnJacUVRZXBmL3JZSExnZ0pyY3RZa0xHYlN3PSJ9.NzjNby1ENFpQgSy0GukuH29SyPThjv0TNJ-eQGihJh_xl9QkRnFztDIydEuUYqgaEe3S6g1u0-xr5_Qd4ua76m05TJZzdSzFChFsZyAfVqkWWlPfTZX-IEDqlugD6bFM3lNsgzjvR7hTYVnmoOMu8d3tt1He-VpOi_cgIi4aPV6HaTq8izNVYB-shXLKGQ8cQdRXYHVrKQJPmsu72FOdfWAulg5Mlegjaon-GkHPHNVEaBksGPm0LQ4DsVsr1QNJutIFIOO_TlJEgFk51pP_dEB6WdvGJAhhWAPeA7vhxLi6qJ9zLKUkJKxhzsnRvh388NwkzOUbhVyQDFq7bzKyOA |
Example of JWT Payload
| Code Block | ||
|---|---|---|
| ||
{
"login_hint": "9876543",
"scope": "openid profile signature RELATEDPARTY:MyOwnClient",
"acr_values": "sim-sign",
"iss": "myCibaClientId",
"aud": "https://pfzww.audkenni.is:443/sso/oauth2/realms/root/realms/audkenni",
"exp": 1611141803.981,
"binding_message": "Auðkenni SIM Signing",
"binding_content": "PGTLf+dyKYSA/GKQ2rZqEQepf/rYHLggJrctYkLGbSw="
} |
Step 2
Step 2: (
...
Sign)
To authorize sign using mobile (SIM) we send a POST call to following URI:
https://pfzww.audkenni.is:443/sso/oauth2/realms/root/realms/audkenni/bc-authorize
Parameters needed in call
We need to add following header parameter
...
request (the value should be the JWT from step 1)
CURL example of the call
| Code Block |
|---|
curl --location --request POST 'https://pfzww.audkenni.is:443/sso/oauth2/realms/root/realms/audkenni/bc-authorize' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --header 'Authorization: Basic bXlDaWJhQ2xpZW50SWQ6TXlBcGlDbGllbnRQNCRzVw==' \ --data-urlencode 'request=eyJ0eXAiOiJKV1QuLCJhbGciOiJSUzI1NiJ9eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJeb2dpbl9oaW58IjoiNjE3ODg4OCIsInNjb3BlIjoib3BlbmlkIHByb2ZpbGUgc2lnbmF0dXJlIFJFTEFURURQQVJUWTpNeU93bkNsaWVudCIsImFjcl92YWx1ZXMiOiJzaW0tYXV0aCIsImlzcyI6Im15Q2liYUNsaWVudElkIiwiYXVkIjoiaHR0cHM6Ly9wZnp3dy5hdWRrZW5uaS5pczo0NDMvc3NvL29hdXRoMi9yZWFsbXMvcm9vdC9yZWFsbXMvYXVka2VubmkiLCJleHAiOjE2MTEwNzIxODQuOTkyLCJiaW5kaW5nX21lc3NhZ2UiOiJBdXRoZW50aWNhdGlvbiB0byBBdcOwa2VubmkiLCJiaW5kaW5nX2NvbnRlbnQiOiIifQ.a0NM11W2PNyfzki-gHTrQZqVhuNgL6Uh4sjQQy96lHsfD1NkVe7h-41JT9to-c710GpSvF1ExAcb7b7Bjmy6Ep0M3BVuz066fzv0YfiIHbXd6pQIEXVqUxHQ6mteW1MmaI-xsYDgG_ahXS7ZD8VrN2y1hOGUt1P4kMnVkWVpSQBjolxsZdV1HYn7n9Iy1z0gNaZb_3EIiNGLAHzI2zaDG4x0SFl-vkslf0eqfBMyEquKNFeoBqLLW7WT-PXpIaCQuJ_7ohqbx-pO_JI9Hm2Fv-VH9HoXUhsXWxig3YcQVqYBzq5aEdrE_mulCJMGeCWM02HTxpHennN5GdttlGVksgeyJsb2dpbl9oaW50IjoiNjE3ODg4OCIsInNjb3BlIjoib3BlbmlkIHByb2ZpbGUgc2lnbmF0dXJlIFJFTEFURURQQVJUWTpNeU93bkNsaWVudCIsImFjcl92YWx1ZXMiOiJzaW0tc2lnbiIsImlzcyI6Im15Q2liYUNsaWVudElkIiwiYXVkIjoiaHR0cHM6Ly9wZnp3dy5hdWRrZW5uaS5pczo0NDMvc3NvL29hdXRoMi9yZWFsbXMvcm9vdC9yZWFsbXMvYXVka2VubmkiLCJleHAiOjE2MTExNDIzMDAuMSwiYmluZGluZ19tZXNzYWdlIjoiQXXDsGtlbm5pIFNJTSBTaWduaW5nIiwiYmluZGluZ19jb250ZW50IjoiUEdUTGYrZHlLWVNBL0dLUTJyWnFFUWVwZi9yWUhMZ2dKcmN0WWtMR2JTdz0ifQ.TpDlBSbcmY11lD-725snq_Hn-vAN1T5SA_-9FT8l7k2Wwax6MtD1qF_2kPFUvV6-xsK1mK-lMqpmqUlwctkE8zIUkMtc-vrmunfaHin9EvkNGPCfjV7FfCZdzSZMrz1YombfC6Vte3dC33AMxTimMZkD3lRwnlX-lHap00ERbZReEngt10ZvEJgrjOY3Z6jROgMCLSBDkPs3mAEZSfcimYpXjiNUUa5Pras-kD7HgisAtVP-9eTBQeCwoM_rsYEXSsrkhNBYj_JTLt3Q5z3zqTj2km-Rwl4ITn9yAn055fC2FnPOTbHQ2sHahqVdDlLBMSUOhkdn3N9syx1-NOUjsw' |
C# - RestSharp example of the call
| Code Block | ||
|---|---|---|
| ||
var client = new RestClient("https://pfzww.audkenni.is:443/sso/oauth2/realms/root/realms/audkenni/bc-authorize");
client.Timeout = -1;
var request = new RestRequest(Method.POST);
request.AddHeader("Content-Type", "application/x-www-form-urlencoded");
request.AddHeader("Authorization", "Basic bXlDaWJhQ2xpZW50SWQ6TXlBcGlDbGllbnRQNCRzVw==");
request.AddParameter("request", "eyJ0eXAiOiJKV1QuLCJhbGciOiJSUzI1NiJ9eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJeb2dpbl9oaW58IjoiNjE3ODg4OCIsInNjb3BlIjoib3BlbmlkIHByb2ZpbGUgc2lnbmF0dXJlIFJFTEFURURQQVJUWTpNeU93bkNsaWVudCIsImFjcl92YWx1ZXMiOiJzaW0tYXV0aCIsImlzcyI6Im15Q2liYUNsaWVudElkIiwiYXVkIjoiaHR0cHM6Ly9wZnp3dy5hdWRrZW5uaS5pczo0NDMvc3NvL29hdXRoMi9yZWFsbXMvcm9vdC9yZWFsbXMvYXVka2VubmkiLCJleHAiOjE2MTEwNzIxODQuOTkyLCJiaW5kaW5nX21lc3NhZ2UiOiJBdXRoZW50aWNhdGlvbiB0byBBdcOwa2VubmkiLCJiaW5kaW5nX2NvbnRlbnQiOiIifQ.a0NM11W2PNyfzki-gHTrQZqVhuNgL6Uh4sjQQy96lHsfD1NkVe7h-41JT9to-c710GpSvF1ExAcb7b7Bjmy6Ep0M3BVuz066fzv0YfiIHbXd6pQIEXVqUxHQ6mteW1MmaI-xsYDgG_ahXS7ZD8VrN2y1hOGUt1P4kMnVkWVpSQBjolxsZdV1HYn7n9Iy1z0gNaZb_3EIiNGLAHzI2zaDG4x0SFl-vkslf0eqfBMyEquKNFeoBqLLW7WT-PXpIaCQuJ_7ohqbx-pO_JI9Hm2Fv-VH9HoXUhsXWxig3YcQVqYBzq5aEdrE_mulCJMGeCWM02HTxpHennN5GdttlGVksgeyJsb2dpbl9oaW50IjoiNjE3ODg4OCIsInNjb3BlIjoib3BlbmlkIHByb2ZpbGUgc2lnbmF0dXJlIFJFTEFURURQQVJUWTpNeU93bkNsaWVudCIsImFjcl92YWx1ZXMiOiJzaW0tc2lnbiIsImlzcyI6Im15Q2liYUNsaWVudElkIiwiYXVkIjoiaHR0cHM6Ly9wZnp3dy5hdWRrZW5uaS5pczo0NDMvc3NvL29hdXRoMi9yZWFsbXMvcm9vdC9yZWFsbXMvYXVka2VubmkiLCJleHAiOjE2MTExNDIzMDAuMSwiYmluZGluZ19tZXNzYWdlIjoiQXXDsGtlbm5pIFNJTSBTaWduaW5nIiwiYmluZGluZ19jb250ZW50IjoiUEdUTGYrZHlLWVNBL0dLUTJyWnFFUWVwZi9yWUhMZ2dKcmN0WWtMR2JTdz0ifQ.TpDlBSbcmY11lD-725snq_Hn-vAN1T5SA_-9FT8l7k2Wwax6MtD1qF_2kPFUvV6-xsK1mK-lMqpmqUlwctkE8zIUkMtc-vrmunfaHin9EvkNGPCfjV7FfCZdzSZMrz1YombfC6Vte3dC33AMxTimMZkD3lRwnlX-lHap00ERbZReEngt10ZvEJgrjOY3Z6jROgMCLSBDkPs3mAEZSfcimYpXjiNUUa5Pras-kD7HgisAtVP-9eTBQeCwoM_rsYEXSsrkhNBYj_JTLt3Q5z3zqTj2km-Rwl4ITn9yAn055fC2FnPOTbHQ2sHahqVdDlLBMSUOhkdn3N9syx1-NOUjsw");
IRestResponse response = client.Execute(request);
Console.WriteLine(response.Content); |
Step 2: Expected response
The CIBA service answer is in JSON format.
When Step 2 is executed the authentication signing process at the users device starts.
The response should include following
auth_req_id (to use in next step)
expires_in (the lifetime of th id)
interval
Example of answer from Step 2
| Code Block | ||
|---|---|---|
| ||
{
"auth_req_id": "8ag4NXa4ctFJuv1h9EtUnfNeFww",
"expires_in": 600,
"interval": 2
} |
Step 3
Step 3: (Poll for token)
After executing Step 2 the authentication signing process at the users device starts. It depends on the user, the device and the network how long time this process takes.
In this step we poll for results from the authentication signing process. When authentication signing process is finished successfully you will receive answer with Access and Id token of the user authenticated.
To poll for tokens we send another POST call to following URI:
https://pfzww.audkenni.is:443/sso/oauth2/realms/root/realms/audkenni/access_token
Parameters needed in call
We need to add following header parameter
...
grant_type (the value should be: “urn:openid:params:grant-type:ciba”)
auth_req_id (the value should be the auth_req_id from last step answer)
CURL example of the call
| Code Block |
|---|
curl --location --request POST 'https://pfzww.audkenni.is:443/sso/oauth2/realms/root/realms/audkenni/access_token' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --header 'Authorization: Basic bXlDaWJhQ2xpZW50SWQ6TXlBcGlDbGllbnRQNCRzVw==' \ --data-urlencode 'grant_type=urn:openid:params:grant-type:ciba' \ --data-urlencode 'auth_req_id=byMGRumm7nantLLD7e4viiJP8ZFeExVCVs0oFfbGDpG4CUv_ZTUD4' |
C# - RestSharp example of the call
| Code Block | ||
|---|---|---|
| ||
var client = new RestClient("https://pfzww.audkenni.is:443/sso/oauth2/realms/root/realms/audkenni/access_token");
client.Timeout = -1;
var request = new RestRequest(Method.POST);
request.AddHeader("Content-Type", "application/x-www-form-urlencoded");
request.AddHeader("Authorization", "Basic bXlDaWJhQ2xpZW50SWQ6TXlBcGlDbGllbnRQNCRzVw==");
request.AddParameter("grant_type", "urn:openid:params:grant-type:ciba");
request.AddParameter("auth_req_id", "byMGRumm7nantLLD7e4viiJP8ZFeExVCVs0oFfbGDpG4CUv_ZTUD4");
IRestResponse response = client.Execute(request);
Console.WriteLine(response.Content); |
Step 3: Expected response (
...
Signing still in process)
If you run the poll call before the user authentication signing process is finished you will receive a answer notifying the process isn’t finished.
...
If you get answer like this you need to wait for short time and run Step 3 call again.
The response should include following
error_description
error
Example of answer from Step 3
| Code Block | ||
|---|---|---|
| ||
{
"error_description": "End user has not yet been authenticated",
"error": "authorization_pending"
} |
Step 3: Expected response (
...
Signing is finished)
The answer from this call should give you the Access and Id tokens along type and lifetime info.
The Id token contains a PKCS7 signature. The signature contains a authentication signing certificate.
The REST API service answer is in JSON format.
Best practice
Best practice is to verify the signature and the certificate. Verify the user’s info in the Id token against the certificate in the signature.
The response should include following
access_token
scope
id_token
token_type
expires_in (lifetime of the tokens)
Example of answer from step
...
3
| Code Block | ||
|---|---|---|
| ||
{
"access_token": "eyJ0eXAiOiJKV1QiLCJ6aXAiOiJOT05FIiwiYWxnIjoiSFMyNTYifQ.eyJzdWIiOiIxMDkwNWYxZS0yNjA4LTRmOWMtODBkMi0zZmI0NTI0MTUyMmMiLCJjdHMiOiJPQVVUSDJfU1RBVEVMRVNTX0dSQU5UIiwiYXV0aF9sZXZlbCI6MCwiYXVkaXRUcmFja2luZ0lkIjoiZWQ5NzcwMTgtOWMxYy00MDM3LWFkNTgtYzYxZGMyMjQ4MGE4LTkzNDAwMSIsImlzcyI6Imh0dHBzOi8vcGZ6d3cuYXVka2VubmkuaXM6NDQzL3Nzby9vYXV0aDIvcmVhbG1zL3Jvb3QvcmVhbG1zL2F1ZGtlbm5pIiwidG9rZW5OYW1lIjoiYWNjZXNzX3Rva2VuIiwidG9rZW5fdHlwZSI6IkJlYXJlciIsImF1dGhHcmFudElkIjoiT09GUW16a0JyVnp0cGhLcUhSb0ZBUHdwb184IiwiYXVkIjoibXlDaWJhQ2xpZW50SWQiLCJuYmYiOjE2MTEwNzM2NjIsImdyYW50X3R5cGUiOiJ1cm46b3BlbmlkOnBhcmFtczpncmFudC10eXBlOmNpYmEiLCJzY29wZSI6WyJSRUxBVEVEUEFSVFk6TXlPd25DbGllbnQiLCJzaWduYXR1cmUiLCJvcGVuaWQiLCJwcm9maWxlIl0sImF1dGhfdGltZSI6MTYxMTA3MzY2MiwicmVhbG0iOiIvYXVka2VubmkiLCJleHAiOjE2MTEwNzcyNjIsImlhdCI6MTYxMTA3MzY2MiwiZXhwaXJlc19pbiI6MzYwMCwianRpIjoiTzhabkVUaGVvc2ZVcFZ3c2pvNWZ2OXNGd3lnIn0eyJzdWIiOiIxMDkwNWYxZS0yNjA4LTRmOWMtODBkMi0zZmI0NTI0MTUyMmMiLCJjdHMiOiJPQVVUSDJfU1RBVEVMRVNTX0dSQU5UIiwiYXV0aF9sZXZlbCI6MCwiYXVkaXRUcmFja2luZ0lkIjoiZWQ5NzcwMTgtOWMxYy00MDM3LWFkNTgtYzYxZGMyMjQ4MGE4LTExNDQyOTgiLCJpc3MiOiJodHRwczovL3Bmend3LmF1ZGtlbm5pLmlzOjQ0My9zc28vb2F1dGgyL3JlYWxtcy9yb290L3JlYWxtcy9hdWRrZW5uaSIsInRva2VuTmFtZSI6ImFjY2Vzc190b2tlbiIsInRva2VuX3R5cGUiOiJCZWFyZXIiLCJhdXRoR3JhbnRJZCI6IkpKLTZKYmIySGFucjZ1UXVuNndVOXd3Wkc2ZyIsImF1ZCI6Im15Q2liYUNsaWVudElkIiwibmJmIjoxNjExMTQyMDI0LCJncmFudF90eXBlIjoidXJuOm9wZW5pZDpwYXJhbXM6Z3JhbnQtdHlwZTpjaWJhIiwic2NvcGUiOlsiUkVMQVRFRFBBUlRZOk15T3duQ2xpZW50Iiwic2lnbmF0dXJlIiwib3BlbmlkIiwicHJvZmlsZSJdLCJhdXRoX3RpbWUiOjE2MTExNDIwMjQsInJlYWxtIjoiL2F1ZGtlbm5pIiwiZXhwIjoxNjExMTQ1NjI0LCJpYXQiOjE2MTExNDIwMjQsImV4cGlyZXNfaW4iOjM2MDAsImp0aSI6IjRVT2dTN3VVRjQybXJLQnhtejg5UzhJemZKVSJ9.8fh4xRbYFX0E5_077d4hThqGHa7R17x-sdiaQQoRhzg9BUXbIeDiEMvWQoHeoorpJS9WOp0jvCaZX_oCoV_B6k",
"scope": "openid profile signature RELATEDPARTY:MyOwnClient",
"id_token": "eyJ0eXAiOiJKV1QiLCJraWQiOiJ3VTNpZklJYUxPVUFSZVJCL0ZHNmVNMVAxUU09IiwiYWxnIjoiUlMyNTYifQ.eyJhdF9oYXNoIjoiLWViZEs5c25XSElHMmdTbkYzYzFYZyIsInN1YiI6IjEwOTA1ZjFlLTI2MDgtNGY5Yy04MGQyLTNmYjQ1MjQxNTIyYyIsInNpZ25hdHVyZSI6Ik1JSUlYQVlKS29aSWh2Y05BUWNDb0lJSVRUQ0NDRWtDQVFFeERUQUxCZ2xnaGtnQlpRTUVBZ0V3UXdZSktvWklodmNOQVFjQm9EWUVOQUJCQUhVQWRBQm9BR1VBYmdCMEFHa0FZd0JoQUhRQWFRQnZBRzRBSUFCMEFHOEFJQUJCQUhVQThBQnJBR1VBYmdCdUFHbWdnZ1hXTUlJRjBqQ0NCTHFnQXdJQkFnSURId0ZnTUEwR0NTcUdTSWIzRFFFQkN3VUFNSDR4Q3pBSkJnTlZCQVlUQWtsVE1STXdFUVlEVlFRRkV3bzFNakV3TURBeU56a3dNUlV3RXdZRFZRUUtFd3hCZFdSclpXNXVhU0JvWmk0eEp6QWxCZ05WQkFzVEhsVjBaMlZtWVc1a2FTQm1kV3hzWjJsc1pISmhJSE5yYVd4eWFXdHFZVEVhTUJnR0ExVUVBeE1SUm5Wc2JHZHBiSFFnWVhWa2EyVnVibWt3SGhjTk1qQXdOekkzTVRNME16QXpXaGNOTWpVd056STNNVE0wTXpBeFdqQ0JqREVMTUFrR0ExVUVCaE1DU1ZNeEZqQVVCZ05WQkFzVERXVnBibXRoYzJ0cGJISnBhMmt4RkRBU0JnTlZCQXNNQzBGMXc3QnJaVzV1YVc1bk1SY3dGUVlEVlFRTEV3NHlNREl3TURjeU56RXpOREl3TnpFVE1CRUdBMVVFQlJNS01UVXdOVGN4TkRRNE9URWhNQjhHQTFVRUF3d1lSV2x1WVhJZ3c0RnljOE9tYkd3Z1NISmhabTV6YzI5dU1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBdVJIZHlIY3JabVhNSW4wYlhnYyszQWx2N0pJYUNtc1VEcjJ2VEN0cklZclVINDZKV1FzclZJaldrTENPL21KZ0RhaWNyM0txcUhHUW9DN3VqM0xLR3d0Qy9uYTZaaFhSN01Va2QydUlYNHN6Q2MvNlQxK0ROZis4VVFlbHpZNGVEUmZ5MGZsak9SNmRRZHMvSHNrN0JOcVYwanFGdXovQUJjaExqMm94RG9QWmM5YzRMVm1ZYkdtUG42eDNUbnZpaDg0VEVIVFJkZCtJd0h4V1RTMWZ0dHY3cCt2QWpNME5wRE9PZUdjVWxHTkhZcys3OGpLV0lsRlRPQVJid2xRcW5xYnNGeG9UaWp4d3JTMzVDTTBVUlA0OS9xSGRybDdERlBKdFFBcEY2RFdpWW01U1U1ZDRkU0t5TjYxeENPb0k5aTVZY1VQTFRMeGN3MERHVUJuYmR3SURBUUFCbzRJQ1NEQ0NBa1F3REFZRFZSMFRBUUgvQkFJd0FEQjNCZ2dyQmdFRkJRY0JBUVJyTUdrd0l3WUlLd1lCQlFVSE1BR0dGMmgwZEhBNkx5OXZZM053TG1GMVpHdGxibTVwTG1sek1FSUdDQ3NHQVFVRkJ6QUNoalpvZEhSd09pOHZZMlJ3TG1semJHRnVaSE55YjNRdWFYTXZjMnRwYkhKcGEya3ZablZzYkdkcGJIUmhkV1JyWlc1dWFTNXdOMkl3Z2dFUEJnTlZIU0FFZ2dFR01JSUJBakNCL3dZSllJSmdBUUlCQVFFQ01JSHhNSUczQmdnckJnRUZCUWNDQWpDQnFocUJwMVJvYVhNZ1kyVnlkR2xtYVdOaGRHVWdhWE1nYVc1MFpXNWtaV1FnWm05eUlHRjFkR2hsYm5ScFkyRjBhVzl1TGlCVWFHbHpJR05sY25SbWFXTmhkR1VnWm5Wc1ptbHNjeUIwYUdVZ2NtVnhkV2x5WlcxbGJuUnpJR1p2Y2lCaElIRjFZV3hwWm1sbFpDQmpaWEowYVdacFkyRjBaU0JoY3lCa1pXWnBibVZrSUdsdUlHRmpkQ0F5T0M4eU1EQXhJR0Z1WkNCRWFYSmxZM1JwZG1VZ09Ua3ZPVE12UlVNdU1EVUdDQ3NHQVFVRkJ3SUJGaWxvZEhSd09pOHZZM0F1WVhWa2EyVnVibWt1YVhNdlpuVnNiR2RwYkhSaGRXUnJaVzV1YVM5amNEQU9CZ05WSFE4QkFmOEVCQU1DQmFBd0V3WURWUjBsQkF3d0NnWUlLd1lCQlFVSEF3SXdId1lEVlIwakJCZ3dGb0FVd2lrK2h2K0d4Tm8xSDJtbXBQOEJnenhLTTZrd1F3WURWUjBmQkR3d09qQTRvRGFnTklZeWFIUjBjRG92TDJOeWJDNWhkV1JyWlc1dWFTNXBjeTltZFd4c1oybHNkR0YxWkd0bGJtNXBMMnhoZEdWemRDNWpjbXd3SFFZRFZSME9CQllFRkh5VlBxVnR1WWhsK1l3MHhNME5tZk9FVFFCWE1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQ3ErMjNwQ3BVRlBmeDNXUmZYdGRNWE52OFBWaG5Oa3V3VFJaK3ZvZkdHemZhZFFGMG01SytjS2QxblJUUjFBUW9ObFZKWW4wRTFsSmlxcWIwRlNaZ0xETGFoV0VPY0VaRWdyNStUQWY3S0paUkJTUjJRbGw1bjNITEJ3amxuY2dSaDlQOE9sb0NGVGlUbUd2UGJOYUVHYUE2OXBOeTV5K244V2JrWEMxMVBGalFJSEh6MEo1TlV6VHIyM3JoWmxvNFFNcWxRdHRra1hKb0QvNW9PcXZnMUZrL2dGS3NlQjBwQ0dhemtqVXBNc1FMZm9OOWRzZC9zbXdhVmtZZXdoUmpBVUJ1TUpQWnNWWWUra3NLS0hibUJjMlR2TTRpR3RMVElacDBDaEZIR256NlphRWRqbEdMVTZpTDJqZjl3eEZGenRwNi9sZGJDblZPNVZCbGN3dEVWTVlJQ0ZEQ0NBaEFDQVFFd2dZVXdmakVMTUFrR0ExVUVCaE1DU1ZNeEV6QVJCZ05WQkFVVENqVXlNVEF3TURJM09UQXhGVEFUQmdOVkJBb1RERUYxWkd0bGJtNXBJR2htTGpFbk1DVUdBMVVFQ3hNZVZYUm5aV1poYm1ScElHWjFiR3huYVd4a2NtRWdjMnRwYkhKcGEycGhNUm93R0FZRFZRUURFeEZHZFd4c1oybHNkQ0JoZFdSclpXNXVhUUlESHdGZ01Bc0dDV0NHU0FGbEF3UUNBYUJsTUJnR0NTcUdTSWIzRFFFSkF6RUxCZ2txaGtpRzl3MEJCd0V3R0FZS0tvWklodmNOQVFrWkF6RUtCQWlNVHd6WDBiMDRqekF2QmdrcWhraUc5dzBCQ1FReElnUWdWNWpLZmh0L2RSSnZnQTZnVXUxTFJWRUVWNUYvbGY4WENtdFpGVFlqRldZd0N3WUpLb1pJaHZjTkFRRUJCSUlCQUVFazBWTHZPNWZHWXVIRk92YzVnMGU0dUE5UXpoTWpKbE45NG43MHJxOWw5MVFreGVpSGQ0RTZucGovWWUrZVVsUFc1UEFuRGxSOXk0TityQVp1cUw4ZjRaOUYvQzF1N0xaNjR1VkdGVG5zbDlyaHNUV0tkUGZIU0dCQkJ5VTFhS1U0ZitENjlkUzk3VkRJRk5pZC8vN0ZlYnMwVW1RbHYzYzZ4UEczSlJ3VWhFdXdkSWZLTkdTODZ3RUF3bWIyU2Job1FHNzlqMkh1N2FvelMzaDY1a0FXTHhuOE05L0JVU3FtYzN5c3lBdTVZWTRhdkx1RStmZm4zaGxkelp5L1ZER2UzbzIrWDdHNTI1VlN4RkF1RnNEdklVL2E1WUM5MjhoTVNsVjFDT3R2RGlwME5IODVhcmpIaFEvMFdIdmVHTW01S25JcGF3QmVVU3FxSlRhcE1VST0iLCJhdWRpdFRyYWNraW5nSWQiOiJlZDk3NzAxOC05YzFjLTQwMzctYWQ1OC1jNjFkYzIyNDgwYTgtOTM0MDAzIiwiY2VydGlmaWNhdGUiOiJuYSIsImlzcyI6Imh0dHBzOi8vcGZ6d3cuYXVka2VubmkuaXM6NDQzL3Nzby9vYXV0aDIvcmVhbG1zL3Jvb3QvcmVhbG1zL2F1ZGtlbm5pIiwidG9rZW5OYW1lIjoiaWRfdG9rZW4iLCJhdWQiOiJteUNpYmFDbGllbnRJZCIsImRvY3VtZW50TnIiOiJuYSIsIm5hdGlvbmFsUmVnaXN0ZXJJZCI6IjE1MDU3MTQ0ODkiLCJhenAiOiJteUNpYmFDbGllbnRJZCIsImF1dGhfdGltZSI6MTYxMTA3MzY2MiwibmFtZSI6IkVpbmFyIMOBcnPDpmxsIEhyYWZuc3NvbiIsInJlYWxtIjoiL2F1ZGtlbm5pIiwiZXhwIjoxNjExMDc3MjYyLCJ0b2tlblR5cGUiOiJKV1RUb2tlbiIsImlhdCI6MTYxMTA3MzY2Mn0.BJZ6Dm-NM_WWTtnNjUuL4m4R_dyjlCgCIXGdnrg0GdBIlznfuuyFKOK2Uo0dt-HjNtJJ8MbQcRNHAC2myUKf_PYDKOv_4OXFk3mS9z7_ECQIUXGKndg7250Uau46sjYj_Aigbqk08YbxoWaaKaQDZUp58WmuwIYATaYi2yJMllkKWeA1fJzrzX_cwXksXO1ulyYQiZ28nr92s-8piZpxs-6Tmo7hRg3AkNApvAYpwbGth1JrFxv_tN9SX4YaVhUFnS5D3Kn9BEcKGq6gGtmdKVexPcAudOCwVSvhIQBj2PbU5oJcKVbMClO03oTeiY_aWFeTEu8-qqc5P5wlgjCudgeyJhdF9oYXNoIjoiemNuWHpkbWFtTDJzdnYwYjJSMEpWdyIsInN1YiI6IjEwOTA1ZjFlLTI2MDgtNGY5Yy04MGQyLTNmYjQ1MjQxNTIyYyIsInNpZ25hdHVyZSI6Ik1JSUlOUVlKS29aSWh2Y05BUWNDb0lJSUpqQ0NDQ0lDQVFFeERUQUxCZ2xnaGtnQlpRTUVBZ0V3Q3dZSktvWklodmNOQVFjQm9JSUY0ekNDQmQ4d2dnVEhvQU1DQVFJQ0F4OEJYakFOQmdrcWhraUc5dzBCQVFzRkFEQitNUXN3Q1FZRFZRUUdFd0pKVXpFVE1CRUdBMVVFQlJNS05USXhNREF3TWpjNU1ERVZNQk1HQTFVRUNoTU1RWFZrYTJWdWJta2dhR1l1TVNjd0pRWURWUVFMRXg1VmRHZGxabUZ1WkdrZ1puVnNiR2RwYkdSeVlTQnphMmxzY21scmFtRXhHakFZQmdOVkJBTVRFVVoxYkd4bmFXeDBJR0YxWkd0bGJtNXBNQjRYRFRJd01EY3lOekV6TkRNd01Gb1hEVEkxTURjeU56RXpOREkxT1Zvd2daNHhFVEFQQmdOVkJBc1RDRVoxYkd4bmFXeDBNUXN3Q1FZRFZRUUdFd0pKVXpFV01CUUdBMVVFQ3hNTlpXbHVhMkZ6YTJsc2NtbHJhVEVUTUJFR0ExVUVDeE1LVlc1a2FYSnlhWFIxYmpFWE1CVUdBMVVFQ3hNT01qQXlNREEzTWpjeE16UXlNRGN4RXpBUkJnTlZCQVVUQ2pFMU1EVTNNVFEwT0RreElUQWZCZ05WQkFNTUdFVnBibUZ5SU1PQmNuUERwbXhzSUVoeVlXWnVjM052YmpDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBSmRXMnVCWnlZNkVST09jbm1DY0kzcytSTTdrWGJ4ZXBGeWxiZnNEdWJtQ2hYalZYek4rL0txUURaTy92eExmK2g1T1BqUGFQNkxOQ08wSVkzVXY5a3A2ME9qdkt6YkZwNXFvQVltV2Z2M2x1a1JqZ3NSOEkxRE5rbFVqTlE4L1BadnZiY2t1N0pyOVlXQlVXT0kzZ3ZneWxUaVB6WDlGS2VBeFFkTzRyMDZBQ3JZNnV5K0xLakF2bkZjb04wRWFXbzVQYlU1NktWT05mM0JjUUk2UldyUTdwMWpCWGgwRmZ5UmxaczdmdkdDVDJQN1RZU0xLd3hRM2N4dnhWL2NNVHRDRnJjVU5vOG8vZTcwNGMvRjcxeXlzazlHM2hkM1ZSMERIWWVXZGQ0TXp0cXNOOWdVazZ1T0ZHYmxoWDdEaU1JYVhMMHZPWE1JV0xMcVFKUGpBVzljQ0F3RUFBYU9DQWtNd2dnSS9NQXdHQTFVZEV3RUIvd1FDTUFBd2R3WUlLd1lCQlFVSEFRRUVhekJwTUNNR0NDc0dBUVVGQnpBQmhoZG9kSFJ3T2k4dmIyTnpjQzVoZFdSclpXNXVhUzVwY3pCQ0JnZ3JCZ0VGQlFjd0FvWTJhSFIwY0RvdkwyTmtjQzVwYzJ4aGJtUnpjbTkwTG1sekwzTnJhV3h5YVd0cEwyWjFiR3huYVd4MFlYVmthMlZ1Ym1rdWNEZGlNSUg4QmdOVkhTQUVnZlF3Z2ZFd2dlNEdDV0NDWUFFQ0FRRUJBakNCNERDQnBnWUlLd1lCQlFVSEFnSXdnWmthZ1paVWFHbHpJR05sY25ScFptbGpZWFJsSUdseklHbHVkR1Z1WkdWa0lHWnZjaUJ6YVdkdWFXNW5MaUJVYUdseklHTmxjblJwWm1sallYUmxJR2x6SUdsemMzVmxaQ0JoY3lCaElIRjFZV3hwWm1sbFpDQmpaWEowYVdacFkyRjBaU0JwYmlCaFkyTnZjbVJoYm1ObElIZHBkR2dnWVdOMElESTRMekl3TURFZ1lXNWtJRVJwY21WamRHbDJaU0E1T1M4NU15OUZReTR3TlFZSUt3WUJCUVVIQWdFV0tXaDBkSEE2THk5amNDNWhkV1JyWlc1dWFTNXBjeTltZFd4c1oybHNkR0YxWkd0bGJtNXBMMk53TUNJR0NDc0dBUVVGQndFREJCWXdGREFJQmdZRUFJNUdBUUV3Q0FZR0JBQ09SZ0VFTUE0R0ExVWREd0VCL3dRRUF3SUdRREFmQmdOVkhTTUVHREFXZ0JUQ0tUNkcvNGJFMmpVZmFhYWsvd0dEUEVvenFUQkRCZ05WSFI4RVBEQTZNRGlnTnFBMGhqSm9kSFJ3T2k4dlkzSnNMbUYxWkd0bGJtNXBMbWx6TDJaMWJHeG5hV3gwWVhWa2EyVnVibWt2YkdGMFpYTjBMbU55YkRBZEJnTlZIUTRFRmdRVTdEWlQxMXRvdHJMR2RyWFowS1N1ZFEyQkJEd3dEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBTGY2TS9CODJ0a2xYU1JIMFBPZU5hQXdBbDNNak4xdXVpRC92UFRDNjN2SldUejFVeDJ1RTF3UUlzZGo0K2dnNW5jajM4bVV2MjdhaTJacmdENzRrUmU2V2VudjBTeXJqcGVWRklOOGU1Qkx2cWY5NlNtL2lmSDNLWFNNemsrNWZqZ3NGZkp0NnowbnZmRXpwTDJXRWV0N2RUWmV5VGpVUDNGYkV1NUNRSHNpOWl2cjVMZlZ3a2JIdVRaZ3RsRE8rTjVlTHhtSGowQTY0c2c0RWwyRjVHd0R5bTRiU0xMa0dQY1U5Qm5RaTZvUGJDdEJ0T2k3Q2l0UlVPQzFVdjRoL0UyOW1McjBYanVwT3BsYU1Tdk9BdXdOSWZjWGxESENWWTF4MktVbmpLRnU4VVQweDZYc2kxUmZ1S3c5cHN0ZE5QWjJrekFERDZGQk1LL0xOZ3ArdFRveGdnSVlNSUlDRkFJQkFUQ0JoVEIrTVFzd0NRWURWUVFHRXdKSlV6RVRNQkVHQTFVRUJSTUtOVEl4TURBd01qYzVNREVWTUJNR0ExVUVDaE1NUVhWa2EyVnVibWtnYUdZdU1TY3dKUVlEVlFRTEV4NVZkR2RsWm1GdVpHa2dablZzYkdkcGJHUnlZU0J6YTJsc2NtbHJhbUV4R2pBWUJnTlZCQU1URVVaMWJHeG5hV3gwSUdGMVpHdGxibTVwQWdNZkFWNHdDd1lKWUlaSUFXVURCQUlCb0drd0dBWUpLb1pJaHZjTkFRa0RNUXNHQ1NxR1NJYjNEUUVIQVRBY0Jna3Foa2lHOXcwQkNRVXhEeGNOTWpFd01USXdNVEV5TmpReldqQXZCZ2txaGtpRzl3MEJDUVF4SWdRZ1BHVExmK2R5S1lTQS9HS1EyclpxRVFlcGYvcllITGdnSnJjdFlrTEdiU3d3Q3dZSktvWklodmNOQVFFQkJJSUJBRmJrWmw3NHNhRU9NazJlcFVHM0dUMmkyNHNmY0FxdnR6bWFUbm5oYk1LQ1lPdkpYeWZmbkF3Tm9QRjhVbjFOc1lkNVBBNkZDdUwzajdmNnVYZ1JBTzVSRC9sajdFOXgrNFJWMTYxSDRuRUxhT3NVdVlZZUdSbHVpRFBhencyMFF2VW83K0F2S2hVa21meGdsb0RMZmZ3a1ROWllCd3BkV2s2NCtpM1RMNUwzOFB0anIyTlZXT1FhWFN5RWZqcWJnelhSUWt6YU41dWZSQ2doVHdSUk1NOWJxemVpNWRoUEhEUElNd3Q0L25uNWdINjNHemwxWUROczltUGNvdW9mQXhyQXVFc1hoeEdRK0xPWktUanBkWUI0aVN2bGlhbkZ4UldDcWZwdlpZa2NSWHo0Zk9lUEZKaGNWVDBwbVhGMTBGZUowazJjaGY0ajlDV2ZlWnN4YUEwPSIsImF1ZGl0VHJhY2tpbmdJZCI6ImVkOTc3MDE4LTljMWMtNDAzNy1hZDU4LWM2MWRjMjI0ODBhOC0xMTQ0MzAxIiwiY2VydGlmaWNhdGUiOiJuYSIsImlzcyI6Imh0dHBzOi8vcGZ6d3cuYXVka2VubmkuaXM6NDQzL3Nzby9vYXV0aDIvcmVhbG1zL3Jvb3QvcmVhbG1zL2F1ZGtlbm5pIiwidG9rZW5OYW1lIjoiaWRfdG9rZW4iLCJhdWQiOiJteUNpYmFDbGllbnRJZCIsImRvY3VtZW50TnIiOiJuYSIsIm5hdGlvbmFsUmVnaXN0ZXJJZCI6IjE1MDU3MTQ0ODkiLCJhenAiOiJteUNpYmFDbGllbnRJZCIsImF1dGhfdGltZSI6MTYxMTE0MjAyNCwibmFtZSI6IkVpbmFyIMOBcnPDpmxsIEhyYWZuc3NvbiIsInJlYWxtIjoiL2F1ZGtlbm5pIiwiZXhwIjoxNjExMTQ1NjI0LCJ0b2tlblR5cGUiOiJKV1RUb2tlbiIsImlhdCI6MTYxMTE0MjAyNH0.FjTQFPiwwN3H2xYTJG9LQletWV_JjTIwq1Sk3lKmE9KT18xgX_j5ylbAV17_JvtSkBb-mox34GsHsNHbY9TbGibuOQOZGQVUY7BeEywe25vvg7baEb2zOcBoTe7242LQmbGWthfrfJpbqLgYz4IZuda4i0qNE7vbBcal-kzScE4o7xk6wBq-FX-vTpHKFOM1RFom37_nB7falpWhdS6mbcxjZnNY335s4oXjU0B8pPHojwAaY6HvvxIHOZ_kv0AL_4U6WxjkpAxa53CwKInsoz8UqCerjm8libCd2bPunIKxnk3JJJ0Ke77Rmw36gT5bj6Jrqe1jB3aScDzQBnm0Jw",
"token_type": "Bearer",
"expires_in": 3599
} |
Example of the payload in Access token
| Code Block | ||
|---|---|---|
| ||
{
"sub": "10935f1e-26382688-4f9c-80d2-3fb45241522c",
"cts": "OAUTH2_STATELESS_GRANT",
"auth_level": 0,
"auditTrackingId": "ed977018-9c1c-4037-ad58-c61dc22480a8-9340011144298",
"isssubname": "https://pfzww.audkenni.10935f1e-2688-4f9c-80d2-3fb45241522c",
"iss": "https://pfzww.audkenni.is:443/sso/oauth2/realms/root/realms/audkenni",
"tokenName": "access_token",
"token_type": "Bearer",
"authGrantId": "OOFQmzkBrVztphKqHRoFAPwpo_8JJ-6Jbb2Hanr6uQun6wU9wwZG6g",
"aud": "myCibaClientId",
"nbf": 16110736621611142024,
"grant_type": "urn:openid:params:grant-type:ciba",
"scope": [
"RELATEDPARTY:MyOwnClient",
"signature",
"openid",
"profile"
],
"auth_time": 16110736621611142024,
"realm": "/audkenni",
"exp": 16110772621611145624,
"iat": 16110736621611142024,
"expires_in": 3600,
"jti": "O8ZnETheosfUpVwsjo5fv9sFwyg4UOgS7uUF42mrKBxmz89S8IzfJU"
} |
Example of the payload in Id token
| Code Block | ||
|---|---|---|
| ||
{
"at_hash": "-ebdK9snWHIG2gSnF3c1XgzcnXzdmamL2svv0b2R0JVw",
"sub": "10935f1e-26382688-4f9c-80d2-3fb45241522c",
"signature": "MIIIXAYJKmZIhvcNAQcCoIIITTCCCEkCAQExDTALBglghkgBZKMEAgEwQwYJKoZIhvcNAQcBoDYENABBAHUAdABoAGUAbgB0AGkAYwBhAHQAaQBvAG4AIAB0AG8AIABBAHUA8ABrAGUAbgBuAGmgggXWMIIF0jCCBLqgAwIBAgIDHwFgMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAklTMRMwEQYDVQQFEwo1MjEwMDAyNzkwMRUwEwYDVQQKEwxBdWRrZW5uaSBoZi4xJzAlBgNVBAsTHlV0Z2VmYW5kaSBmdWxsZ2lsZHJhIHNraWxyaWtqYTEaMBgGA1UEAxMRRnVsbGdpbHQgYXVka2VubmkwHhcNMjAwNzI3MTM0MzAzWhcNMjUwNzI3MTM0MzAxWjCBjDELMAkGA1UEBhMCSVMxFjAUBgNVBAsTDWVpbmthc2tpbHJpa2kxFDASBgNVBAsMC0F1w7BrZW5uaW5nMRcwFQYDVQQLEw4yMDIwMDcyNzEzNDIwNzETMBEGA1UEBRMKMTUwNTcxNDQ4OTEhMB8GA1UEAwwYRWluYXIgw4Fyc8OmbGwgSHJhZm5zc29uMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuRHdyHcrZmXMIn0bXgc+3Alv7JIaCmsUDr2vTCtrIYrUH46JWQsrVIjWkLCO/mJgDaicr3KqqHGQoC7uj3LKGwtC/na6ZhXR7MUkd2uIX4szCc/6T1+DNf+8UQelzY4eDRfy0fljOR6dQds/Hsk7BNqV0jqFuz/ABchLj2oxDoPZc9c4LVmYbGmPn6x3Tnvih84TEHTRdd+IwHxWTS1fttv7p+vAjM0NpDOOeGcUlGNHYs+78jKWIlFTOARbwlQqnqbsFxoTijxwrS35CM0URP49/qHdrl7DFPJtQApF6DWiYm5SU5d4dSKyN61xCOoI9i5YcUPLTLxcw0DGUBnbdwIDAQABo4ICSDCCAkQwDAYDVR0TAQH/BAIwADB3BggrBgEFBQcBAQRrMGkwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmF1ZGtlbm5pLmlzMEIGCCsGAQUFBzAChjZodHRwOi8vY2RwLmlzbGFuZHNyb3QuaXMvc2tpbHJpa2kvZnVsbGdpbHRhdWRrZW5uaS5wN2IwggEPBgNVHSAEggEGMIIBAjCB/wYJYIJgAQIBAQECMIHxMIG3BggrBgEFBQcCAjCBqhqBp1RoaXMgY2VydGlmaWNhdGUgaXMgaW50ZW5kZWQgZm9yIGF1dGhlbnRpY2F0aW9uLiBUaGlzIGNlcnRmaWNhdGUgZnVsZmlscyB0aGUgcmVxdWlyZW1lbnRzIGZvciBhIHF1YWxpZmllZCBjZXJ0aWZpY2F0ZSBhcyBkZWZpbmVkIGluIGFjdCAyOC8yMDAxIGFuZCBEaXJlY3RpdmUgOTkvOTMvRUMuMDUGCCsGAQUFBwIBFilodHRwOi8vY3AuYXVka2VubmkuaXMvZnVsbGdpbHRhdWRrZW5uaS9jcDAOBgNVHQ8BAf8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwHwYDVR0jBBgwFoAUwik+hv+GxNo1H2mmpP8BgzxKM6kwQwYDVR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC5hdWRrZW5uaS5pcy9mdWxsZ2lsdGF1ZGtlbm5pL2xhdGVzdC5jcmwwHQYDVR0OBBYEFHyVPqVtuYhl+Yw0xM0NmfOETQBXMA0GCSqGSIb3DQEBCwUAA4IBAQCq+23pCpUFPfx3WRfXtdMXNv8PVhnNkuwTRZ+vofGGzfadQF0m5K+cKd1nRTR1AQoNlVJYn0E1lJiqqb0FSZgLDLahWEOcEZEgr5+TAf7KJZRBSR2Qll5n3HLBwjlncgRh9P8OloCFTiTmGvPbNaEGaA69pNy5y+n8WbkXC11PFjQIHHz0J5NUzTr23rhZlo4QMqlQttkkXJoD/5oOqvg1Fk/gFKseB0pCGazkjUpMsQLfoN9dsd/smwaVkYewhRjAUBuMJPZsVYe+ksKKHbmBc2TvM4iGtLTIZp0ChFHGnz6ZaEdjlGLU6iL2jf9wxFFztp6/ldbCnVO5VBlcwtEVMYICFDCCAhACAQEwgYUwfjELMAkGA1UEBhMCSVMxEzARBgNVBAUTCjUyMTAwMDI3OTAxFTATBgNVBAoTDEF1ZGtlbm5pIGhmLjEnMCUGA1UECxMeVXRnZWZhbmRpIGZ1bGxnaWxkcmEgc2tpbHJpa2phMRowGAYDVQQDExFGdWxsZ2lsdCBhdWRrZW5uaQIDHwFgMAsGCWCGSAFlAwQCAaBlMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwGAYKKoZIhvcNAQkZAzEKBAiMTwzX0b04jzAvBgkqhkiG9w0BCQQxIgQgV5jKfht/dRJvgA6gUu1LRVEEV5F/lf8XCmtZFTYjFWYwCwYJKoZIhvcNAQEBBIIBAEEk0VLvO5fGYuHFOvc5g0e4uA9QzhMjJlN94n70rq9l91QkxeiHd4E6npj/Ye+eUlPW5PAnDlR9y4N+rAZuqL8f4Z9F/C1u7LZ64uVGFTnsl9rhsTWKdPfHSGBBByU1aKU4f+D69dS97VDIFNid//7Febs0UmQlv3c6xPG3JRwUhEuwdIfKNGS86wEAwmb2SbhoQG79j2Hu7aozS3h65kAWLxn8M9/BUSqmc3ysyAu5YY4avLuE+ffn3hldzZy/VDGe3o2+X7G525VSxFAuFsDvIU/a5YC928hMSlV1COtvDip0NH85arjHhQ/0WHveGMm5KnIpawBeUSqqJTapMUIMIIINQYJKoZIhvcNAQcCoIIIJjCCCCICAQExDTALBglghkgBZQMEAgEwCwYJKoZIhvcNAQcBoIIF4zCCBd8wggTHoAMCAQICAx8BXjANBgkqhkiG9w0BAQsFADB+MQswCQYDVQQGEwJJUzETMBEGA1UEBRMKNTIxMDAwMjc5MDEVMBMGA1UEChMMQXVka2VubmkgaGYuMScwJQYDVQQLEx5VdGdlZmFuZGkgZnVsbGdpbGRyYSBza2lscmlramExGjAYBgNVBAMTEUZ1bGxnaWx0IGF1ZGtlbm5pMB4XDTIwMDcyNzEzNDMwMFoXDTI1MDcyNzEzNDI1OVowgZ4xETAPBgNVBAsTCEZ1bGxnaWx0MQswCQYDVQQGEwJJUzEWMBQGA1UECxMNZWlua2Fza2lscmlraTETMBEGA1UECxMKVW5kaXJyaXR1bjEXMBUGA1UECxMOMjAyMDA3MjcxMzQyMDcxEzARBgNVBAUTCjE1MDU3MTQ0ODkxITAfBgNVBAMMGEVpbmFyIMOBcnPDpmxsIEhyYWZuc3NvbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJdW2uBZyY6EROOcnmCcI3s+RM7kXbxepFylbfsDubmChXjVXzN+/KqQDZO/vxLf+h5OPjPaP6LNCO0IY3Uv9kp60OjvKzbFp5qoAYmWfv3lukRjgsR8I1DNklUjNQ8/PZvvbcku7Jr9YWBUWOI3gvgylTiPzX9FKeAxQdO4r06ACrY6uy+LKjAvnFcoN0EaWo5PbU56KVONf3BcQI6RWrQ7p1jBXh0FfyRlZs7fvGCT2P7TYSLKwxQ3cxvxV/cMTtCFrcUNo8o/e704c/F71yysk9G3hd3VR0DHYeWdd4MztqsN9gUk6uOFGblhX7DiMIaXL0vOXMIWLLqQJPjAW9cCAwEAAaOCAkMwggI/MAwGA1UdEwEB/wQCMAAwdwYIKwYBBQUHAQEEazBpMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5hdWRrZW5uaS5pczBCBggrBgEFBQcwAoY2aHR0cDovL2NkcC5pc2xhbmRzcm90LmlzL3NraWxyaWtpL2Z1bGxnaWx0YXVka2VubmkucDdiMIH8BgNVHSAEgfQwgfEwge4GCWCCYAECAQEBAjCB4DCBpgYIKwYBBQUHAgIwgZkagZZUaGlzIGNlcnRpZmljYXRlIGlzIGludGVuZGVkIGZvciBzaWduaW5nLiBUaGlzIGNlcnRpZmljYXRlIGlzIGlzc3VlZCBhcyBhIHF1YWxpZmllZCBjZXJ0aWZpY2F0ZSBpbiBhY2NvcmRhbmNlIHdpdGggYWN0IDI4LzIwMDEgYW5kIERpcmVjdGl2ZSA5OS85My9FQy4wNQYIKwYBBQUHAgEWKWh0dHA6Ly9jcC5hdWRrZW5uaS5pcy9mdWxsZ2lsdGF1ZGtlbm5pL2NwMCIGCCsGAQUFBwEDBBYwFDAIBgYEAI5GAQEwCAYGBACORgEEMA4GA1UdDwEB/wQEAwIGQDAfBgNVHSMEGDAWgBTCKT6G/4bE2jUfaaak/wGDPEozqTBDBgNVHR8EPDA6MDigNqA0hjJodHRwOi8vY3JsLmF1ZGtlbm5pLmlzL2Z1bGxnaWx0YXVka2VubmkvbGF0ZXN0LmNybDAdBgNVHQ4EFgQU7DZT11totrLGdrXZ0KSudQ2BBDwwDQYJKoZIhvcNAQELBQADggEBALf6M/B82tklXSRH0POeNaAwAl3MjN1uuiD/vPTC63vJWTz1Ux2uE1wQIsdj4+gg5ncj38mUv27ai2ZrgD74kRe6Wenv0SyrjpeVFIN8e5BLvqf96Sm/ifH3KXSMzk+5fjgsFfJt6z0nvfEzpL2WEet7dTZeyTjUP3FbEu5CQHsi9ivr5LfVwkbHuTZgtlDO+N5eLxmHj0A64sg4El2F5GwDym4bSLLkGPcU9BnQi6oPbCtBtOi7CitRUOC1Uv4h/E29mLr0XjupOplaMSvOAuwNIfcXlDHCVY1x2KUnjKFu8UT0x6Xsi1RfuKw9pstdNPZ2kzADD6FBMK/LNgp+tToxggIYMIICFAIBATCBhTB+MQswCQYDVQQGEwJJUzETMBEGA1UEBRMKNTIxMDAwMjc5MDEVMBMGA1UEChMMQXVka2VubmkgaGYuMScwJQYDVQQLEx5VdGdlZmFuZGkgZnVsbGdpbGRyYSBza2lscmlramExGjAYBgNVBAMTEUZ1bGxnaWx0IGF1ZGtlbm5pAgMfAV4wCwYJYIZIAWUDBAIBoGkwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMjEwMTIwMTEyNjQzWjAvBgkqhkiG9w0BCQQxIgQgPGTLf+dyKYSA/GKQ2rZqEQepf/rYHLggJrctYkLGbSwwCwYJKoZIhvcNAQEBBIIBAFbkZl74saEOMk2epUG3GT2i24sfcAqvtzmaTnnhbMKCYOvJXyffnAwNoPF8Un1NsYd5PA6FCuL3j7f6uXgRAO5RD/lj7E9x+4RV161H4nELaOsUuYYeGRluiDPazw20QvUo7+AvKhUkmfxgloDLffwkTNZYBwpdWk64+i3TL5L38Ptjr2NVWOQaXSyEfjqbgzXRQkzaN5ufRCghTwRRMM9bqzei5dhPHDPI4wt4/nn5gH63Gzl1YDNs9mPcouofAxrAuEsXixGQ+LOZKTjpdYB4iSvlianFxRWCqfpvKUYkcRXz4fOePFJhcVT0pmXF10FeJ0k2chf4j9CWfeZsxaA0=",
"auditTrackingId": "ed977018-9c1c-4037-ad58-c61dc22480a8-9340039c1c-4037-ad58-c61dc22480a8-1144301",
"subname": "10935f1e-2688-4f9c-80d2-3fb45241522c",
"certificate": "na",
"iss": "https://pfzww.audkenni.is:443/sso/oauth2/realms/root/realms/audkenni",
"tokenName": "id_token",
"aud": "myCibaClientId",
"documentNr": "na",
"nationalRegisterId": "1406714889",
"azp": "myCibaClientId",
"auth_time": 16110736621611142024,
"name": "Einar Helgi Hrafnsson",
"realm": "/audkenni",
"exp": 16110772621611145624,
"tokenType": "JWTToken",
"iat": 16110736621611142024
} |
Step 4
Step 4: (Userinfo)
Here we ask for the users info using the Access token as Authorization header parameter.
To get the Userinfo we send a POST call to following URI:
https://pfzww.audkenni.is:443/sso/oauth2/realms/root/realms/audkenni/userinfo
Parameters needed in call
We need to add following header parameter
Token (Bearer, using the Access token from last call as value)
CURL example of the call
| Code Block |
|---|
curl --location --request POST 'https://pfzww.audkenni.is:443/sso/oauth2/realms/root/realms/audkenni/userinfo' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJ6aXAiOiJOT25FIiwiYWxnIjoiSFMyNTYifQeyJ0eXAiOiJKV1QiLCJ6aXAiOiJOT05FIiwiYWxnIjoiSFMyNTYifQ.eyJzdWIIOiIxMDkwNWYxZS0yNjA4LTRmOWMtODBkMi0zZmI0NTI0MTUyMmMiLCJjdHMiOiJPQVVUSDJfU1RBVEVMRVNTX0dSQU5UIiwiYXV0aF9sZXZlbCI6MCwiYXVkaXRUcmFja2luZ0lkIjoiZWQ5NzcwMTgtOWMxYy00MDM3LWFkNTgtYzYxZGMyMjQ4MGE4LTkzNzUyMCIsImlzcyI6Imh0dHBzOi8vcGZ6d3cuYXVka2VubmkuaXM6NDQzL3Nzby9vYXV0aDIvcmVhbG1zL3Jvb3QvcmVhbG1zL2F1ZGtlbm5pIiwidG9rZW5OYW1lIjoiYWNjZXNzX3Rva2VuIiwidG9rZW5fdHlwZSI6IkJlYXJlciIsImF1dGhHcmFudElkIjoiWHY1Yl9odXNGdklGeXJlOU1yZHRsTXVVM3djIiwiYXVkIjoibXlDaWJhQ2xpZW50SWQiLCJuYmYiOjE2MTEwNzQ3ODUsImdyYW50X3R5cGUiOiJ1cm46b3BlbmlkOnBhcmFtczpncmFudC10eXBlOmNpYmEiLCJzY29wZSI6WyJSRUxBVEVEUEFSVFk6TXlPd25DbGllbnQiLCJzaWduYXR1cmUiLCJvcGVuaWQiLCJwcm9maWxlIl0sImF1dGhfdGltZSI6MTYxMTA3NDc4NSwicmVhbG0iOiIvYXVka2VubmkiLCJleHAiOjE2MTEwNzgzODUsImlhdCI6MTYxMTA3NDc4NSwiZXhwaXJlc19pbiI6MzYwMCwianRpIjoiV2dBX3B0RzJoYmcyN3hoeXYyMktYTmNFeEVrIn0eyJzdWIiOiIxMDkwNWYxZS0yNjA4LTRmOWMtODBkMi0zZmI0NTI0MTUyMmMiLCJjdHMiOiJPQVVUSDJfU1RBVEVMRVNTX0dSQU5UIiwiYXV0aF9sZXZlbCI6MCwiYXVkaXRUcmFja2luZ0lkIjoiZWQ5NzcwMTgtOWMxYy00MDM3LWFkNTgtYzYxZGMyMjQ4MGE4LTExNDk2NjUiLCJpc3MiOiJodHRwczovL3Bmend3LmF1ZGtlbm5pLmlzOjQ0My9zc28vb2F1dGgyL3JlYWxtcy9yb290L3JlYWxtcy9hdWRrZW5uaSIsInRva2VuTmFtZSI6ImFjY2Vzc190b2tlbiIsInRva2VuX3R5cGUiOiJCZWFyZXIiLCJhdXRoR3JhbnRJZCI6Inc5eUpXem1fMU04TGJqenplUnJQOUp3anZzSSIsImF1ZCI6Im15Q2liYUNsaWVudElkIiwibmJmIjoxNjExMTQzNDYzLCJncmFudF90eXBlIjoidXJuOm9wZW5pZDpwYXJhbXM6Z3JhbnQtdHlwZTpjaWJhIiwic2NvcGUiOlsiUkVMQVRFRFBBUlRZOk15T3duQ2xpZW50Iiwic2lnbmF0dXJlIiwib3BlbmlkIiwicHJvZmlsZSJdLCJhdXRoX3RpbWUiOjE2MTExNDM0NjMsInJlYWxtIjoiL2F1ZGtlbm5pIiwiZXhwIjoxNjExMTQ3MDYzLCJpYXQiOjE2MTExNDM0NjMsImV4cGlyZXNfaW4iOjM2MDAsImp0aSI6ImFqNzJuR0Y4ZElyclU2TFlZSlNhSjJ0bDNXNCJ9.k9AGl4MVncfmmq9USabdxlaIYlYC03tGtHPYYN-ImdiPDj8JIQYFwqR_lrQhJFClZgRtM2VrjARo4FDWshbZ8' |
C# - RestSharp example of the call
| Code Block | ||
|---|---|---|
| ||
var client = new RestClient("https://pfzww.audkenni.is:443/sso/oauth2/realms/root/realms/audkenni/userinfo");
client.Timeout = -1;
var request = new RestRequest(Method.POST);
request.AddHeader("Content-Type", "application/x-www-form-urlencoded");
request.AddHeader("Authorization", "Bearer eyJ0eXAiOiJKV1QiLCJ6aXAiOiJOT25FIiwiYWxnIjoiSFMyNTYifQeyJ0eXAiOiJKV1QiLCJ6aXAiOiJOT05FIiwiYWxnIjoiSFMyNTYifQ.eyJzdWIIOiIxMDkwNWYxZS0yNjA4LTRmOWMtODBkMi0zZmI0NTI0MTUyMmMiLCJjdHMiOiJPQVVUSDJfU1RBVEVMRVNTX0dSQU5UIiwiYXV0aF9sZXZlbCI6MCwiYXVkaXRUcmFja2luZ0lkIjoiZWQ5NzcwMTgtOWMxYy00MDM3LWFkNTgtYzYxZGMyMjQ4MGE4LTkzNzUyMCIsImlzcyI6Imh0dHBzOi8vcGZ6d3cuYXVka2VubmkuaXM6NDQzL3Nzby9vYXV0aDIvcmVhbG1zL3Jvb3QvcmVhbG1zL2F1ZGtlbm5pIiwidG9rZW5OYW1lIjoiYWNjZXNzX3Rva2VuIiwidG9rZW5fdHlwZSI6IkJlYXJlciIsImF1dGhHcmFudElkIjoiWHY1Yl9odXNGdklGeXJlOU1yZHRsTXVVM3djIiwiYXVkIjoibXlDaWJhQ2xpZW50SWQiLCJuYmYiOjE2MTEwNzQ3ODUsImdyYW50X3R5cGUiOiJ1cm46b3BlbmlkOnBhcmFtczpncmFudC10eXBlOmNpYmEiLCJzY29wZSI6WyJSRUxBVEVEUEFSVFk6TXlPd25DbGllbnQiLCJzaWduYXR1cmUiLCJvcGVuaWQiLCJwcm9maWxlIl0sImF1dGhfdGltZSI6MTYxMTA3NDc4NSwicmVhbG0iOiIvYXVka2VubmkiLCJleHAiOjE2MTEwNzgzODUsImlhdCI6MTYxMTA3NDc4NSwiZXhwaXJlc19pbiI6MzYwMCwianRpIjoiV2dBX3B0RzJoYmcyN3hoeXYyMktYTmNFeEVrIn0eyJzdWIiOiIxMDkwNWYxZS0yNjA4LTRmOWMtODBkMi0zZmI0NTI0MTUyMmMiLCJjdHMiOiJPQVVUSDJfU1RBVEVMRVNTX0dSQU5UIiwiYXV0aF9sZXZlbCI6MCwiYXVkaXRUcmFja2luZ0lkIjoiZWQ5NzcwMTgtOWMxYy00MDM3LWFkNTgtYzYxZGMyMjQ4MGE4LTExNDk2NjUiLCJpc3MiOiJodHRwczovL3Bmend3LmF1ZGtlbm5pLmlzOjQ0My9zc28vb2F1dGgyL3JlYWxtcy9yb290L3JlYWxtcy9hdWRrZW5uaSIsInRva2VuTmFtZSI6ImFjY2Vzc190b2tlbiIsInRva2VuX3R5cGUiOiJCZWFyZXIiLCJhdXRoR3JhbnRJZCI6Inc5eUpXem1fMU04TGJqenplUnJQOUp3anZzSSIsImF1ZCI6Im15Q2liYUNsaWVudElkIiwibmJmIjoxNjExMTQzNDYzLCJncmFudF90eXBlIjoidXJuOm9wZW5pZDpwYXJhbXM6Z3JhbnQtdHlwZTpjaWJhIiwic2NvcGUiOlsiUkVMQVRFRFBBUlRZOk15T3duQ2xpZW50Iiwic2lnbmF0dXJlIiwib3BlbmlkIiwicHJvZmlsZSJdLCJhdXRoX3RpbWUiOjE2MTExNDM0NjMsInJlYWxtIjoiL2F1ZGtlbm5pIiwiZXhwIjoxNjExMTQ3MDYzLCJpYXQiOjE2MTExNDM0NjMsImV4cGlyZXNfaW4iOjM2MDAsImp0aSI6ImFqNzJuR0Y4ZElyclU2TFlZSlNhSjJ0bDNXNCJ9.k9AGl4MVncfmmq9USabdxlaIYlYC03tGtHPYYN-ImdiPDj8JIQYFwqR_lrQhJFClZgRtM2VrjARo4FDWshbZ8");
IRestResponse response = client.Execute(request);
Console.WriteLine(response.Content); |
Step 4: Expected response
The answer from this call should give you a PKCS7 Signature. The same signature as is in the Id token from last step.
The signature contains a authentication signing certificate.
The REST API service answer is in JSON format.
Best practice
Best practice is to verify the signature and the certificate. Verify the user’s info in the answer against the info in the certificate.
The response should include following
signature (PKCS7)
documentNr (should be “na”)
certificate (should be “na”)
nationalRegisterId (The social id number of the user)
name (The users name)
sub (A unique Id of the user in our system)
subname (A unique Id of the user in our system)
Example of answer from step
...
4
| Code Block | ||
|---|---|---|
| ||
{
"signature": "MIIIdgYJKoZIhvcNAQcCoIIUZzCCCGMBAQExDTALBclghkgBZQMEAgEwXQYJMoZIhvcNAQcBoFAETgBBAHUAdABoAGUAbgB0AGkAYwBhAHQAaQBvAG4AIAB0AG8AIABBAHUA8ABrAGUAbgBuAGkAIAAtACAAQwBvAGQAZQA6ACAAMQAyADMANKCCBdYwggXSMIIEuqADAgECAgMfAWAwDQYJKoZIhvcNAQELBQAwfjELMAkGA1UEBhMCSVMxEzARBgNVBAUTCjUyMTAwMDI3OTAxFTATBgNVBAoTDEF1ZGtlbm5pIGhmLjEnMCUGA1UECxMeVXRnZWZhbmRpIGZ1bGxnaWxkcmEgc2tpbHJpa2phMRowGAYDVQQDExFGdWxsZ2lsdCBhdWRrZW5uaTAeFw0yMDA3MjcxMzQzMDNaFw0yNTA3MjcxMzQzMDFaMIGMMQswCQYDVQQGEwJJUzEWMBQGA1UECxMNZWlua2Fza2lscmlraTEUMBIGA1UECwwLQXXDsGtlbm5pbmcxFzAVBgNVBAsTDjIwMjAwNzI3MTM0MjA3MRMwEQYDVQQFEwoxNTA1NzE0NDg5MSEwHwYDVQQDDBhFaW5hciDDgXJzw6ZsbCBIcmFmbnNzb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5Ed3IdytmZcwifRteBz7cCW/skhoKaxQOva9MK2shitQfjolZCytUiNaQsI7+YmANqJyvcqqocZCgLu6PcsobC0L+drpmFdHsxSR3a4hfizMJz/pPX4M1/7xRB6XNjh4NF/LR+WM5Hp1B2z8eyTsE2pXSOoW7P8AFyEuPajEOg9lz1zgtWZhsaY+frHdOe+KHzhMQdNF134jAfFZNLV+22/un68CMzQ2kM454ZxSUY0diz7vyMpYiUVM4BFvCVCqepuwXGhOKPHCtLfkIzRRE/j3+od2uXsMU8m1ACkXoNaJiblJTl3h1IrI3rXEI6gj2LlhxQ8tMvFzDQMZQGdt3AgMBAAGjggJIMIICRDAMBgNVHRMBAf8EAjAAMHcGCCsGAQUFBwEBBGswaTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuYXVka2VubmkuaXMwQgYIKwYBBQUHMAKGNmh0dHA6Ly9jZHAuaXNsYW5kc3JvdC5pcy9za2lscmlraS9mdWxsZ2lsdGF1ZGtlbm5pLnA3YjCCAQ8GA1UdIASCAQYwggECMIH/BglggmABAgEBAQIwgfEwgbcGCCsGAQUFBwICMIGqGoGnVGhpcyBjZXJ0aWZpY2F0ZSBpcyBpbnRlbmRlZCBmb3IgYXV0aGVudGljYXRpb24uIFRoaXMgY2VydGZpY2F0ZSBmdWxmaWxzIHRoZSByZXF1aXJlbWVudHMgZm9yIGEgcXVhbGlmaWVkIGNlcnRpZmljYXRlIGFzIGRlZmluZWQgaW4gYWN0IDI4LzIwMDEgYW5kIERpcmVjdGl2ZSA5OS85My9FQy4wNQYIKwYBBQUHAgEWKWh0dHA6Ly9jcC5hdWRrZW5uaS5pcy9mdWxsZ2lsdGF1ZGtlbm5pL2NwMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDAjAfBgNVHSMEGDAWgBTCKT6G/4bE2jUfaaak/wGDPEozqTBDBgNVHR8EPDA6MDigNqA0hjJodHRwOi8vY3JsLmF1ZGtlbm5pLmlzL2Z1bGxnaWx0YXVka2VubmkvbGF0ZXN0LmNybDAdBgNVHQ4EFgQUfJU+pW25iGX5jDTEzQ2Z84RNAFcwDQYJKoZIhvcNAQELBQADggEBAKr7bekKlQU9/HdZF9e10xc2/w9WGc2S7BNFn6+h8YbN9p1AXSbkr5wp3WdFNHUBCg2VUlifQTWUmKqpvQVJmAsMtqFYQ5wRkSCvn5MB/sollEFJHZCWXmfccsHCOWdyBGH0/w6WgIVOJOYa89s1oQZoDr2k3LnL6fxZuRcLXU8WNAgcfPQnk1TNOvbeuFmWjhAyqVC22SRcmgP/mg6q+DUWT+AUqx4HSkIZrOSNSkyxAt+g312x3+ybBpWRh7CFGMBQG4wk9mxVh76SwooduYFzZO8ziIa0tMhmnQKEUcafPploR2OUYtTqIvaN/3DEUXO2nr+V1sKdU7lUGVzC0RUxggIUMIICEAIBATCBhTB+MQswCQYDVQQGEwJJUzETMBEGA1UEBRMKNTIxMDAwMjc5MDEVMBMGA1UEChMMQXVka2VubmkgaGYuMScwJQYDVQQLEx5VdGdlZmFuZGkgZnVsbGdpbGRyYSBza2lscmlramExGjAYBgNVBAMTEUZ1bGxnaWx0IGF1ZGtlbm5pAgMfAWAwCwYJYIZIAWUDBAIBoGUwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAYBgoqhkiG9w0BCRkDMQoECIxPDNfRvTiPMC8GCSqGSIb3DQEJBDEiBCBconuOcWdR375x6x9Rc1rzRnb5YwbDUwSDiPWin8tY8jALBgkqhkiG9w0BAQEEggEAU76bsrH+g8KSayst7lEbV0aBvd0l2CNtUaOpitNs+7xVL9+1wlnQ6MgqU2VUSstZ2x+oyynDt097+QNvvBfVA+8T7MgMqkK726agdWnposwY/K5d1zfxDoFQoV4RmWuQ5ETaTYO0mmVTLwy9uskPBdQuUMNpwmRv7jXeMjkUimMECZVaeRZb34FTkcGYTAQhIO+XVqPCFqSaxi0aNNOX9rPYHuxLhTGfr8FBg2BZPICDH4uJdlBrimeZU0vdBxWytOtSN5bpeoKePCbtKJXYlvN2siWxxbwaitJ6YyTHcieLbuc2BhNtv9OpMCvKqZdV4T972nnls7pOcXY4QvTRWQ=MIIINQYJKoZIhvcNAQcCoIIIJjCCCCICAQExDTALBglghkgBZQMEAgEwCwYJKoZIhvcNAQcBoIIF4zCCBd8wggTHoAMCAQICAx8BXjANBgkqhkiG9w0BAQsFADB+MQswCQYDVQQGEwJJUzETMBEGA1UEBRMKNTIxMDAwMjc5MDEVMBMGA1UEChMMQXVka2VubmkgaGYuMScwJQYDVQQLEx5VdGdlZmFuZGkgZnVsbGdpbGRyYSBza2lscmlramExGjAYBgNVBAMTEUZ1bGxnaWx0IGF1ZGtlbm5pMB4XDTIwMDcyNzEzNDMwMFoXDTI1MDcyNzEzNDI1OVowgZ4xETAPBgNVBAsTCEZ1bGxnaWx0MQswCQYDVQQGEwJJUzEWMBQGA1UECxMNZWlua2Fza2lscmlraTETMBEGA1UECxMKVW5kaXJyaXR1bjEXMBUGA1UECxMOMjAyMDA3MjcxMzQyMDcxEzARBgNVBAUTCjE1MDU3MTQ0ODkxITAfBgNVBAMMGEVpbmFyIMOBcnPDpmxsIEhyYWZuc3NvbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJdW2uBZyY6EROOcnmCcI3s+RM7kXbxepFylbfsDubmChXjVXzN+/KqQDZO/vxLf+h5OPjPaP6LNCO0IY3Uv9kp60OjvKzbFp5qoAYmWfv3lukRjgsR8I1DNklUjNQ8/PZvvbcku7Jr9YWBUWOI3gvgylTiPzX9FKeAxQdO4r06ACrY6uy+LKjAvnFcoN0EaWo5PbU56KVONf3BcQI6RWrQ7p1jBXh0FfyRlZs7fvGCT2P7TYSLKwxQ3cxvxV/cMTtCFrcUNo8o/e704c/F71yysk9G3hd3VR0DHYeWdd4MztqsN9gUk6uOFGblhX7DiMIaXL0vOXMIWLLqQJPjAW9cCAwEAAaOCAkMwggI/MAwGA1UdEwEB/wQCMAAwdwYIKwYBBQUHAQEEazBpMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5hdWRrZW5uaS5pczBCBggrBgEFBQcwAoY2aHR0cDovL2NkcC5pc2xhbmRzcm90LmlzL3NraWxyaWtpL2Z1bGxnaWx0YXVka2VubmkucDdiMIH8BgNVHSAEgfQwgfEwge4GCWCCYAECAQEBAjCB4DCBpgYIKwYBBQUHAgIwgZkagZZUaGlzIGNlcnRpZmljYXRlIGlzIGludGVuZGVkIGZvciBzaWduaW5nLiBUaGlzIGNlcnRpZmljYXRlIGlzIGlzc3VlZCBhcyBhIHF1YWxpZmllZCBjZXJ0aWZpY2F0ZSBpbiBhY2NvcmRhbmNlIHdpdGggYWN0IDI4LzIwMDEgYW5kIERpcmVjdGl2ZSA5OS85My9FQy4wNQYIKwYBBQUHAgEWKWh0dHA6Ly9jcC5hdWRrZW5uaS5pcy9mdWxsZ2lsdGF1ZGtlbm5pL2NwMCIGCCsGAQUFBwEDBBYwFDAIBgYEAI5GAQEwCAYGBACORgEEMA4GA1UdDwEB/wQEAwIGQDAfBgNVHSMEGDAWgBTCKT6G/4bE2jUfaaak/wGDPEozqTBDBgNVHR8EPDA6MDigNqA0hjJodHRwOi8vY3JsLmF1ZGtlbm5pLmlzL2Z1bGxnaWx0YXVka2VubmkvbGF0ZXN0LmNybDAdBgNVHQ4EFgQU7DZT11totrLGdrXZ0KSudQ2BBDwwDQYJKoZIhvcNAQELBQADggEBALf6M/B82tklXSRH0POeNaAwAl3MjN1uuiD/vPTC63vJWTz1Ux2uE1wQIsdj4+gg5ncj38mUv27ai2ZrgD74kRe6Wenv0SyrjpeVFIN8e5BLvqf96Sm/ifH3KXSMzk+5fjgsFfJt6z0nvfEzpL2WEet7dTZeyTjUP3FbEu5CQHsi9ivr5LfVwkbHuTZgtlDO+N5eLxmHj0A64sg4El2F5GwDym4bSLLkGPcU9BnQi6oPbCtBtOi7CitRUOC1Uv4h/E29mLr0XjupOplaMSvOAuwNIfcXlDHCVY1x2KUnjKFu8UT0x6Xsi1RfuKw9pstdNPZ2kzADD6FBMK/LNgp+tToxggIYMIICFAIBATCBhTB+MQswCQYDVQQGEwJJUzETMBEGA1UEBRMKNTIxMDAwMjc5MDEVMBMGA1UEChMMQXVka2VubmkgaGYuMScwJQYDVQQLEx5VdGdlZmFuZGkgZnVsbGdpbGRyYSBza2lscmlramExGjAYBgNVBAMTEUZ1bGxnaWx0IGF1ZGtlbm5pAgMfAV4wCwYJYIZIAWUDBAIBoGkwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMjEwMTIwMTEyNjQzWjAvBgkqhkiG9w0BCQQxIgQgPGTLf+dyKYSA/GKQ2rZqEQepf/rYHLggJrctYkLGbSwwCwYJKoZIhvcNAQEBBIIBAFbkZl74saEOMk2epUG3GT2i24sfcAqvtzmaTnnhbMKCYOvJXyffnAwNoPF8Un1NsYd5PA6FCuL3j7f6uXgRAO5RD/lj7E9x+4RV161H4nELaOsUuYYeGRluiDPazw20QvUo7+AvKhUkmfxgloDLffwkTNZYBwpdWk64+i3TL5L38Ptjr2NVWOQaXSyEfjqbgzXRQkzaN5ufRCghTwRRMM9bqzei5dhPHDPIMwt4/nn5gH63Gzl1YDNs9mPcouofAxrAuEsXhxGQ+LOZKTjpdYB4iSvlianFxRWCqfpvZYkcRXz4fOePFJhcVT0pmXF10FeJ0k2chf4j9CWfeZsxaA0=",
"documentNr": "na",
"certificate": "na",
"nationalRegisterId": "1406714889",
"name": "Einar Helgi Hrafnsson",
"sub": "10905f2e-2618-4f8c10935f1e-2638-4f9c-80d2-3fb45241522c",
"subname": "10935f1e-2638-4f9c-80d2-3fb45241522c"
} |