Step by step instructions for service providers on how to communicate with our REST API for authentication using SIM certificate.
Table of Contents
| Table of Contents |
|---|
Requirements
For all steps to be successful the following must be at hand.
During setup
Client Id (received from Auðkenni)
Client secret (received from Auðkenni)
Related party (not necessary)
Base URI (received from Auðkenni)
Redirect URI (Auðkenni receives from Service provider)
Information needed at runtime
User’s mobile number
Message text for user (Including any verification messages: number, text etc.)
Code challenge
Code verifier
Setup requirements used in the examples
Client id: myApiClientId
Client secret: MyApiClientP4$sW
Base URI: pfzww.audkenni.is
Redirect URI: http://localhost:3000/callback
All code examples are generated using Postman. They are therefore only for demo.
Step 1
Step 1: (Starting the authenticating process)
To start the authentication process an empty POST call is sent to following URI:
https://pfzww.audkenni.is:443/sso/json/realms/root/realms/audkenni/authenticate?authIndexType=service&authIndexValue=api_v100
Notice the Query parameter “authIndexValue”. It’s value is to select the REST API version to use.
CURL example of the call
| Code Block |
|---|
curl --location --request POST 'https://pfzww.audkenni.is:443/sso/json/realms/root/realms/audkenni/authenticate?authIndexType=service&authIndexValue=api_v100' \
--header 'Content-Type: application/json' \
--header 'Accept-API-Version: resource=2.0,protocol=1.0' \
--data-raw '{}' |
C# - RestSharp example of the call
| Code Block | ||
|---|---|---|
| ||
var client = new RestClient("https://pfzww.audkenni.is:443/sso/json/realms/root/realms/audkenni/authenticate?authIndexType=service&authIndexValue=api_v100");
client.Timeout = -1;
var request = new RestRequest(Method.POST);
request.AddHeader("Content-Type", "application/json");
request.AddHeader("Accept-API-Version", "resource=2.0,protocol=1.0");
request.AddParameter("application/json", "{}", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);
Console.WriteLine(response.Content); |
Step 1: Expected response
The REST API service answer is in JSON format.
The response should include following
authId (to use in next step)
callbacks (they need to be “answered” in nest step)
Example of answer from Step 1
| Code Block | ||
|---|---|---|
| ||
{
"authId": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhdXRoSW5kZXhWYWx1ZSI6ImFwaV92MTAwIiwib3RrIjoiNTY0djRwZnRrODFvM2RucmM2MnQ0bDVyNWoiLCJhdXRoSW5kZXhUeXBlIjoic2VydmljZSIsInJlYWxtIjoiL2F1ZGtlbm5pIiwic2Vzc2lvbklkIjoiKkFBSlRTUUFDTURJQUJIUjVjR1VBQ0VwWFZGOUJWVlJJQUFKVE1RQUNNRE0uKmV5SjBlWEFpT2lKS1YxUWlMQ0pqZEhraU9pSktWMVFpTENKaGJHY2lPaUpJVXpJMU5pSjkuWlhsS01HVllRV2xQYVVwTFZqRlJhVXhEU2paaFdFRnBUMmxLVDFRd05VWkphWGRwV2xjMWFrbHFiMmxSVkVWNVQwVk9RMUY1TVVsVmVra3hUbWxKYzBsdFJuTmFlVWsyU1cxU2NHTnBTamt1TG5Calh6ZHdTWGg2TWpaemJVUmxNVTFXTFhvNGVsRXViSEo2WjBSNE5uZEtUbU00WW01M1pWWkJaSFF4ZUZBdE4zRnNWbGs0Um5GamExOXJNMnRRYWtJNFdXSjBkV3REVkdaa1F6QnNMVFV0TjBwVmVITkRUM1ZYTjNwTlEweFFVMDVGVEd4QlVWZEVPRGhCU2tjNE5sUkxkVWhWTW14VGFHdFlURGxPUlVaeVIwWmpVbVp1VkZCU1NuUjFka2hwVUhnMmEzSmpiMkpYUzB0MVluRllZa1l4ZUdGNE0yaHljekEzZGtrNGMycE5UVnBJTlZSclNqTmlXakJoTTNKRVgxWm1hWGd3UTNZd1pVaFFVbGxXZVU5WU0xbEhZVFJ3WmtOcFRXMXVibVZOVUdoMFYxTXpOSGsxVUcxRlpXNVNUbTVHYTBaR05rOVNXR1l0UVd0WFEwaE5OVUpGV2xsUVduTlBZVkZ1TVdjNVNGbFVXWFZ3TURGZmJYcDZhMkZWVlhWdFdVVjZlRmhMYWxvMk56TldUWEJJYmxsTVpHOHRNRVE1VGt0QlJ6VnlTV3BHT1hOVVJVZEljUzFtY0V0aVQweHpZVVZPYWxORldISjJXV2xoU2tsRGFtNDRWRGh5ZFVKM1RWaFhUekJ0UkdsamFHMVdTbXB3VFRKT1NYRk9lVEpPVEZVdGJXVTBlRFpXTlRCNk5EWkdXVlZXY3pGaFpIWnVXR1Y1V0dGa2NqSnJabUZZUjJKTlYxbHNkSFJ1VGtSNWJtNHdURXhKTlRWVmVrOUpiWHByU2tkSFJUZDJWbUZQVTBaVlltNWZWSGRxY0hoVVFsVlNiVVYwYW1WWmQyTTFWRlZGYjFGNVZURnJXSEZTVGxGdk4wWmtSMUpIVkU1UlJHMVVUM2xvWm5GUGFGUmpVMTk0WlVkUWRYSTVWR0ZpYlhnMVV6QkJXRTlpT0RWb2FrcDZUM1pMU3kxa2NEbHlNV1ZKVjJRd2VrMVVURjg1YUcxTVJHbzJXRFF3U1hSQk1qWnRjVEJOVEdreFJtOHlZalpSYVdSNVNGbG1lRWR6TVhSbmNWWnhPVmRZU2xKbFZHUXpZbDlzUVRZNVRtcDVObGxNWmxwdmNFdG1TRGRaUlc5VllVUlhhMmQ1V2kxemMyZG5lbGQ2YUdSdWVFczFUbUkxZW1SWlVGaGhaMmQzVkRKalUyZ3hOV3hrU1VSTVVqTkdSMDkzYkhaM1FsYzBTbGgzV0RoR09EbHZTMEZxVkhaWE9VMVBWRmhmUW1kU1NXNHRWbGhFY25GR1oydFFRMkZZUlVabVdrWkVkMFU0WW1aQkxtRlNhRWh2TW1SNFJHOXZVR3BIYW5wRFpHWm5SM2MuZnl3eFVnQWhnQjJVNVA1UjVjNnduOVdORVB2Nm13akNNMzJmalhNc3d6SSIsImV4cCI6MTYxMDk2NjU1MywiaWF0IjoxNjEwOTY2MjUzfQ.OIuisFJ3LDA4WpKzDlfJMcu8tUgltFuyUCnto1WQzHo",
"callbacks": [
{
"type": "NameCallback",
"output": [
{
"name": "prompt",
"value": "Sláðu inn clientId"
}
],
"input": [
{
"name": "IDToken1",
"value": ""
}
],
"_id": 0
},
{
"type": "NameCallback",
"output": [
{
"name": "prompt",
"value": "Sláðu inn Related Party"
}
],
"input": [
{
"name": "IDToken2",
"value": ""
}
],
"_id": 1
},
{
"type": "NameCallback",
"output": [
{
"name": "prompt",
"value": "Sláðu inn símanúmer eða kennitölu"
}
],
"input": [
{
"name": "IDToken3",
"value": ""
}
],
"_id": 2
},
{
"type": "NameCallback",
"output": [
{
"name": "prompt",
"value": "Sláðu inn skilaboð til notanda"
}
],
"input": [
{
"name": "IDToken4",
"value": ""
}
],
"_id": 3
},
{
"type": "NameCallback",
"output": [
{
"name": "prompt",
"value": "Nota vchoice (true eða false)"
}
],
"input": [
{
"name": "IDToken5",
"value": ""
}
],
"_id": 4
},
{
"type": "NameCallback",
"output": [
{
"name": "prompt",
"value": "Sláðu inn Hash gildi"
}
],
"input": [
{
"name": "IDToken6",
"value": ""
}
],
"_id": 5
},
{
"type": "ChoiceCallback",
"output": [
{
"name": "prompt",
"value": "Veldu auðkenningarleið"
},
{
"name": "choices",
"value": [
"sim",
"card",
"app"
]
},
{
"name": "defaultChoice",
"value": 0
}
],
"input": [
{
"name": "IDToken7",
"value": 0
}
],
"_id": 6
}
]
} |
Step 2
Step 2: (Authenticate using mobile (SIM))
To authenticate using mobile (SIM) another POST call is sent to following URI:
https://pfzww.audkenni.is:443/sso/json/realms/root/realms/audkenni/authenticate?authIndexType=service&authIndexValue=api_v100
Callbacks
There are 7 callbacks that needs to be answered in this call.
IDToken1 (_id: 0)
This callback need your Client Id as an input value (myApiClientId in this example)
Example of callback answer to send in call
| Code Block | ||
|---|---|---|
| ||
{
"type": "NameCallback",
"output": [
{
"name": "prompt",
"value": "Sláðu inn clientId"
}
],
"input": [
{
"name": "IDToken1",
"value": "myApiClientId"
}
],
"_id": 0
}, |
IDToken2 (_id: 1)
This callback is for a “related party” information. To use if you have a client of your own you are authenticating for (you are acting as Identity provider for your customer).
...
In this example we set the value as “MyOwnClient”.
Example of callback answer to send in call
| Code Block | ||
|---|---|---|
| ||
{
"type": "NameCallback",
"output": [
{
"name": "prompt",
"value": "Sláðu inn Related Party"
}
],
"input": [
{
"name": "IDToken2",
"value": "MyOwnClient"
}
],
"_id": 1
}, |
IDToken3 (_id: 2)
This callback is for the mobile number you are using to authenticate. Here you put the mobile number of the person that is authenticating into the input value.
In this example we use the number “9876543”.
Example of callback answer to send in call
| Code Block | ||
|---|---|---|
| ||
{
"type": "NameCallback",
"output": [
{
"name": "prompt",
"value": "Sláðu inn símanúmer eða kennitölu"
}
],
"input": [
{
"name": "IDToken3",
"value": "9876543"
}
],
"_id": 2
}, |
IDToken4 (_id: 3)
This callback is for the message sent to the user authenticating. A text message that is displayed on the users mobile.
...
In this example we use the message: “Authentication to Auðkenni - Code: 1234”
Example of callback answer to send in call
| Code Block | ||
|---|---|---|
| ||
{
"type": "NameCallback",
"output": [
{
"name": "prompt",
"value": "Sláðu inn skilaboð til notanda"
}
],
"input": [
{
"name": "IDToken4",
"value": "Authentication to Auðkenni - Code: 1234"
}
],
"_id": 3
}, |
IDToken5 (_id: 4)
This callback is only for use when authenticating using APP. When authenticating using mobile (SIM) please set the input value to “false”.
Example of callback answer to send in call
| Code Block | ||
|---|---|---|
| ||
{
"type": "NameCallback",
"output": [
{
"name": "prompt",
"value": "Nota vchoice (true eða false)"
}
],
"input": [
{
"name": "IDToken5",
"value": "false"
}
],
"_id": 4
}, |
IDToken6 (_id: 5)
This callback is only for use when authenticating using APP. When authenticating using mobile (SIM) please set the input value to an empty string ““.
Example of callback answer to send in call
| Code Block | ||
|---|---|---|
| ||
{
"type": "NameCallback",
"output": [
{
"name": "prompt",
"value": "Sláðu inn Hash gildi"
}
],
"input": [
{
"name": "IDToken6",
"value": ""
}
],
"_id": 5
}, |
IDToken7 (_id: 6)
This callback is for selecting authentication method. There are three options to select from: sim (0), card (1) and app (2).
Since we are authenticating using mobile (SIM) in this example, we set the input value to 0.
Example of callback answer to send in call
| Code Block | ||
|---|---|---|
| ||
{
"type": "ChoiceCallback",
"output": [
{
"name": "prompt",
"value": "Veldu auðkenningarleið"
},
{
"name": "choices",
"value": [
"sim",
"card",
"app"
]
},
{
"name": "defaultChoice",
"value": 0
}
],
"input": [
{
"name": "IDToken7",
"value": 0
}
],
"_id": 6
} |
Example of the whole body in a call
| Code Block | ||
|---|---|---|
| ||
{
"authId": "{{authId from last call answer}}",
"callbacks": [
{
"type": "NameCallback",
"output": [
{
"name": "prompt",
"value": "Sláðu inn clientId"
}
],
"input": [
{
"name": "IDToken1",
"value": "{{client_id}}"
}
],
"_id": 0
},
{
"type": "NameCallback",
"output": [
{
"name": "prompt",
"value": "Sláðu inn Related Party"
}
],
"input": [
{
"name": "IDToken2",
"value": "MyOwnClient"
}
],
"_id": 1
},
{
"type": "NameCallback",
"output": [
{
"name": "prompt",
"value": "Sláðu inn símanúmer eða kennitölu"
}
],
"input": [
{
"name": "IDToken3",
"value": "9876543"
}
],
"_id": 2
},
{
"type": "NameCallback",
"output": [
{
"name": "prompt",
"value": "Sláðu inn skilaboð til notanda"
}
],
"input": [
{
"name": "IDToken4",
"value": "Authentication to Auðkenni - Code: 1234"
}
],
"_id": 3
},
{
"type": "NameCallback",
"output": [
{
"name": "prompt",
"value": "Nota vchoice (true eða false)"
}
],
"input": [
{
"name": "IDToken5",
"value": "false"
}
],
"_id": 4
},
{
"type": "NameCallback",
"output": [
{
"name": "prompt",
"value": "Sláðu inn Hash gildi"
}
],
"input": [
{
"name": "IDToken6",
"value": ""
}
],
"_id": 5
},
{
"type": "ChoiceCallback",
"output": [
{
"name": "prompt",
"value": "Veldu auðkenningarleið"
},
{
"name": "choices",
"value": [
"sim",
"card",
"app"
]
},
{
"name": "defaultChoice",
"value": 0
}
],
"input": [
{
"name": "IDToken7",
"value": 0
}
],
"_id": 6
}
]
} |
CURL example of the call
| Code Block |
|---|
curl --location --request POST 'https://pfzww.audkenni.is:443/sso/json/realms/root/realms/audkenni/authenticate?authIndexType=service&authIndexValue=api_v100' \
--header 'Content-Type: application/json' \
--header 'Accept-API-Version: resource=2.0,protocol=1.0' \
--header 'Cookie: audssossolb=03; audsso=UgT8UelNnFKc-Wm0GvQzDpwu0Ag.*AAJTSQACMDIAAlNLABwxQ1M5QVVlTFFxaXVCZWFTMkxXajhHV2JMWTg9AAR0eXBlAANDVFMAAlMxAAIwMw..*' \
--data-raw '{
"authId": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhdXRoSW5kZXhWYWx1ZSI6ImFwaV92MTAwIiwib3RrIjoiNGIxM2R2aDZyZTN0bjluOXU3Z2ptam82ZnUiLCJhdXRoSW5kZXhUeXBlIjoic2VydmljZSIsInJlYWxtIjoiL2F1ZGtlbm5pIiwic2Vzc2lvbklkIjoiKkFBSlRTUUFDTURJQUJIUjVjR1VBQ0VwWFZGOUJWVlJJQUFKVE1RQUNNRE0uKmV5SjBlWEFpT2lKS1YxUWlMQ0pqZEhraU9pSktWMVFpTENKaGJHY2lPaUpJVXpJMU5pSjkuWlhsS01HVllRV2xQYVVwTFZqRlJhVXhEU2paaFdFRnBUMmxLVDFRd05VWkphWGRwV2xjMWFrbHFiMmxSVkVWNVQwVk9RMUY1TVVsVmVra3hUbWxKYzBsdFJuTmFlVWsyU1cxU2NHTnBTamt1TGpkRWNWVnRlV3hXYVZwdlJXNTVPSGhSYTBOeFMyY3VjWFphTlY5eldrcDFkMU51YzFKSk9HNXBOMFE0WkVWeU5FaDZNMWROU2kxc1lVVnZkV2RKYVVaSGNWbGZhbnBQTTFaMGRFMW1OVEkzUzFCT1QyaHRVMTlCWmpjNGNGUmtWRmQwTlVad2VUSnZPVVJ4V21kc2VtVjJSa0ZWU1c1YU5sbzRhMjlaYTI5blkwRlpTbm8zUjBkUlNGRXhYMTlWZWsxVFZYRldhRUZTYUdOQ2FWUnNYMTlhTW14bFpWZHpVRGgxTTNsU2VtUk5ZVTlQTkZWU1l6UlVTVlJXYkZoa1lURnljamxyUlZOVWNtdEJaMloyTUVjek1tWm9SakowWjNKNk9FMDBjMjAxUkhCNlZVVXhNMUpVZG1keFpHWXhRVmRsT1VSTlFVZDRlR2xpTFdSbVVFdFJhMXA0U21KNlRrSm5WWFZqUW5sdVYyOTNkblZwT1hsb01UTndaMmxSWVZwNGFrRmpVbWQzUjI5U2QxcHFVRzgxUzJKVmF6QkdTVkJXVlRsMlNrNVFjSEZVTUd0Q1JtaDVWRXRKWld4elZIQkNORkpOZDJaMmNXZzRZbGxMZDBjeVFqQnViSFJZWTNoU2JHZGlNMko1UnpGZlFrNU9RMkpaZEVaalJtRXpVM1pQVFdVM1JuVTJlbmRpVERSQlRXaHpOMUZ2TmpkalEydzFWRk56WTB0WVNqaHBNRFI2YTJrNFIxRmlNSHBIVldWUk1YWkJTVkJGVVd4T1dsTmxVVkZYZFd4Qk4yd3hTMlpvUjNFMFVrZGFUR2h6U1d0UFIzazFkVE5JYjJSUlkxOVZlSEJ3VFRCR1NWcDJiR2hZZVZOc1NDMU9jbkJzZGpJMmJUVkxPRkZZUW0wdFprVnVhRkJzWlZKMVdGWmhVVGgyY1hOek9WcEVjVGxUYVhKVE9GWkJOMlJQZG5sRlYwVTFZMWxyTWxsd1FsaHJRVjlIYVV4dlN6ZDFkMlpRV1VnNVJ6bFBVRjl1YkdKdk5qbFZlblpuT1hNeVZ6Y3lWM2RFUlhGcWQxQmllblZPT1hKNmVHdDFibE5VZG5WalZsOVpZME14VDNNd2VUQndOV0Z6VkhWS1ptRkxVbDlpVVhKdVRVeEtVMDgyTUVSRllYRnpTMTk2VDA1alVsUjJNMWhuYUVaalJWbEVNak5uY25kTU9ETmFOWEJFZVRjNE5rTmtjVTlKVkZObmRXUmpTVWMwUkVWMFVqZHpibFZQZGtGMGJVTkJhV1Z3ZEV4c1VITlhPV2swYUV4Nk1YY3hZVkV6U1dOQkxqVk5WRzFpV2xaTFlqUlFVM1JsVFRoa2FEQlBRVUUuSjcxMVcweXRiVnVKZUpJMXFRNl9keTlUM0hvcTFST2RnNERVcUlXdUI0YyIsImV4cCI6MTYxMTA1NjA2OSwiaWF0IjoxNjExMDU1NzY5fQ.u2__M6JpolKkkNCEmclYfzmrIzD9NQV93YF6Se-q7xs",
"callbacks": [
{
"type": "NameCallback",
"output": [
{
"name": "prompt",
"value": "Sláðu inn clientId"
}
],
"input": [
{
"name": "IDToken1",
"value": "myApiClientId"
}
],
"_id": 0
},
{
"type": "NameCallback",
"output": [
{
"name": "prompt",
"value": "Sláðu inn Related Party"
}
],
"input": [
{
"name": "IDToken2",
"value": "MyOwnClient"
}
],
"_id": 1
},
{
"type": "NameCallback",
"output": [
{
"name": "prompt",
"value": "Sláðu inn símanúmer eða kennitölu"
}
],
"input": [
{
"name": "IDToken3",
"value": "9876543"
}
],
"_id": 2
},
{
"type": "NameCallback",
"output": [
{
"name": "prompt",
"value": "Sláðu inn skilaboð til notanda"
}
],
"input": [
{
"name": "IDToken4",
"value": "Authentication to Auðkenni - Code: 1234"
}
],
"_id": 3
},
{
"type": "NameCallback",
"output": [
{
"name": "prompt",
"value": "Nota vchoice (true eða false)"
}
],
"input": [
{
"name": "IDToken5",
"value": "false"
}
],
"_id": 4
},
{
"type": "NameCallback",
"output": [
{
"name": "prompt",
"value": "Sláðu inn Hash gildi"
}
],
"input": [
{
"name": "IDToken6",
"value": ""
}
],
"_id": 5
},
{
"type": "ChoiceCallback",
"output": [
{
"name": "prompt",
"value": "Veldu auðkenningarleið"
},
{
"name": "choices",
"value": [
"sim",
"card",
"app"
]
},
{
"name": "defaultChoice",
"value": 0
}
],
"input": [
{
"name": "IDToken7",
"value": 0
}
],
"_id": 6
}
]
}' |
C# - RestSharp example of the call
| Code Block | ||
|---|---|---|
| ||
var client = new RestClient("https://pfzww.audkenni.is:443/sso/json/realms/root/realms/audkenni/authenticate?authIndexType=service&authIndexValue=api_v100");
client.Timeout = -1;
var request = new RestRequest(Method.POST);
request.AddHeader("Content-Type", "application/json");
request.AddHeader("Accept-API-Version", "resource=2.0,protocol=1.0");
request.AddHeader("Cookie", "audssossolb=03; audsso=UgT8UelNnFKc-Wm0GvQzDpwu0Ag.*AAJTSQACMDIAAlNLABwxQ1M5QVVlTFFxaXVCZWFTMkxXajhHV2JMWTg9AAR0eXBlAANDVFMAAlMxAAIwMw..*");
request.AddParameter("application/json", "{\n \"authId\": \"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhdXRoSW5kZXhWYWx1ZSI6ImFwaV92MTAwIiwib3RrIjoiNGIxM2R2aDZyZTN0bjluOXU3Z2ptam82ZnUiLCJhdXRoSW5kZXhUeXBlIjoic2VydmljZSIsInJlYWxtIjoiL2F1ZGtlbm5pIiwic2Vzc2lvbklkIjoiKkFBSlRTUUFDTURJQUJIUjVjR1VBQ0VwWFZGOUJWVlJJQUFKVE1RQUNNRE0uKmV5SjBlWEFpT2lKS1YxUWlMQ0pqZEhraU9pSktWMVFpTENKaGJHY2lPaUpJVXpJMU5pSjkuWlhsS01HVllRV2xQYVVwTFZqRlJhVXhEU2paaFdFRnBUMmxLVDFRd05VWkphWGRwV2xjMWFrbHFiMmxSVkVWNVQwVk9RMUY1TVVsVmVra3hUbWxKYzBsdFJuTmFlVWsyU1cxU2NHTnBTamt1TGpkRWNWVnRlV3hXYVZwdlJXNTVPSGhSYTBOeFMyY3VjWFphTlY5eldrcDFkMU51YzFKSk9HNXBOMFE0WkVWeU5FaDZNMWROU2kxc1lVVnZkV2RKYVVaSGNWbGZhbnBQTTFaMGRFMW1OVEkzUzFCT1QyaHRVMTlCWmpjNGNGUmtWRmQwTlVad2VUSnZPVVJ4V21kc2VtVjJSa0ZWU1c1YU5sbzRhMjlaYTI5blkwRlpTbm8zUjBkUlNGRXhYMTlWZWsxVFZYRldhRUZTYUdOQ2FWUnNYMTlhTW14bFpWZHpVRGgxTTNsU2VtUk5ZVTlQTkZWU1l6UlVTVlJXYkZoa1lURnljamxyUlZOVWNtdEJaMloyTUVjek1tWm9SakowWjNKNk9FMDBjMjAxUkhCNlZVVXhNMUpVZG1keFpHWXhRVmRsT1VSTlFVZDRlR2xpTFdSbVVFdFJhMXA0U21KNlRrSm5WWFZqUW5sdVYyOTNkblZwT1hsb01UTndaMmxSWVZwNGFrRmpVbWQzUjI5U2QxcHFVRzgxUzJKVmF6QkdTVkJXVlRsMlNrNVFjSEZVTUd0Q1JtaDVWRXRKWld4elZIQkNORkpOZDJaMmNXZzRZbGxMZDBjeVFqQnViSFJZWTNoU2JHZGlNMko1UnpGZlFrNU9RMkpaZEVaalJtRXpVM1pQVFdVM1JuVTJlbmRpVERSQlRXaHpOMUZ2TmpkalEydzFWRk56WTB0WVNqaHBNRFI2YTJrNFIxRmlNSHBIVldWUk1YWkJTVkJGVVd4T1dsTmxVVkZYZFd4Qk4yd3hTMlpvUjNFMFVrZGFUR2h6U1d0UFIzazFkVE5JYjJSUlkxOVZlSEJ3VFRCR1NWcDJiR2hZZVZOc1NDMU9jbkJzZGpJMmJUVkxPRkZZUW0wdFprVnVhRkJzWlZKMVdGWmhVVGgyY1hOek9WcEVjVGxUYVhKVE9GWkJOMlJQZG5sRlYwVTFZMWxyTWxsd1FsaHJRVjlIYVV4dlN6ZDFkMlpRV1VnNVJ6bFBVRjl1YkdKdk5qbFZlblpuT1hNeVZ6Y3lWM2RFUlhGcWQxQmllblZPT1hKNmVHdDFibE5VZG5WalZsOVpZME14VDNNd2VUQndOV0Z6VkhWS1ptRkxVbDlpVVhKdVRVeEtVMDgyTUVSRllYRnpTMTk2VDA1alVsUjJNMWhuYUVaalJWbEVNak5uY25kTU9ETmFOWEJFZVRjNE5rTmtjVTlKVkZObmRXUmpTVWMwUkVWMFVqZHpibFZQZGtGMGJVTkJhV1Z3ZEV4c1VITlhPV2swYUV4Nk1YY3hZVkV6U1dOQkxqVk5WRzFpV2xaTFlqUlFVM1JsVFRoa2FEQlBRVUUuSjcxMVcweXRiVnVKZUpJMXFRNl9keTlUM0hvcTFST2RnNERVcUlXdUI0YyIsImV4cCI6MTYxMTA1NjA2OSwiaWF0IjoxNjExMDU1NzY5fQ.u2__M6JpolKkkNCEmclYfzmrIzD9NQV93YF6Se-q7xs\",\n \"callbacks\": [\n {\n \"type\": \"NameCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"Sláðu inn clientId\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken1\",\n \"value\": \"myApiClientId\"\n }\n ],\n \"_id\": 0\n },\n {\n \"type\": \"NameCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"Sláðu inn Related Party\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken2\",\n \"value\": \"MyOwnClient\"\n }\n ],\n \"_id\": 1\n }, \n {\n \"type\": \"NameCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"Sláðu inn símanúmer eða kennitölu\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken3\",\n \"value\": \"9876543\"\n }\n ],\n \"_id\": 2\n },\n {\n \"type\": \"NameCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"Sláðu inn skilaboð til notanda\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken4\",\n \"value\": \"Authentication to Auðkenni - Code: 1234\"\n }\n ],\n \"_id\": 3\n },\n {\n \"type\": \"NameCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"Nota vchoice (true eða false)\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken5\",\n \"value\": \"false\"\n }\n ],\n \"_id\": 4\n },\n {\n \"type\": \"NameCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"Sláðu inn Hash gildi\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken6\",\n \"value\": \"\"\n }\n ],\n \"_id\": 5\n }, \n {\n \"type\": \"ChoiceCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"Veldu auðkenningarleið\"\n },\n {\n \"name\": \"choices\",\n \"value\": [\n \"sim\",\n \"card\",\n \"app\"\n ]\n },\n {\n \"name\": \"defaultChoice\",\n \"value\": 0\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken7\",\n \"value\": 0\n }\n ],\n \"_id\": 6\n }\n ]\n}", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);
Console.WriteLine(response.Content); |
Step 2: Expected response
The REST API service answer is in JSON format.
When Step 2 is executed the authentication process at the users mobile starts.
The response should include following
authId (to use in next step)
callbacks (with waitTime and message)
Example of answer from Step 2
| Code Block | ||
|---|---|---|
| ||
{
"authId": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhdXRoSW5kZXhWYWx1ZSI6ImFwaV92MTAwIiwib3RrIjoianVuYm1qbGV2dG1lNWg3YjFnZ2tlN3ViNTciLCJhdXRoSW5kZXhUeXBlIjoic2VydmljZSIsInJlYWxtIjoiL2F1ZGtlbm5pIiwic2Vzc2lvbklkIjoiKkFBSlRTUUFDTURJQUJIUjVjR1VBQ0VwWFZGOUJWVlJJQUFKVE1RQUNNRE0uKmV5SjBlWEFpT2lKS1YxUWlMQ0pqZEhraU9pSktWMVFpTENKaGJHY2lPaUpJVXpJMU5pSjkuWlhsS01HVllRV2xQYVVwTFZqRlJhVXhEU2paaFdFRnBUMmxLVDFRd05VWkphWGRwV2xjMWFrbHFiMmxSVkVWNVQwVk9RMUY1TVVsVmVra3hUbWxKYzBsdFJuTmFlVWsyU1cxU2NHTnBTamt1TGpsR1F6bExNM2h6UmpGMlpGWnRNRXg2YjBoTGQyY3VXRlV6YlhkWFRYb3lTeTFDYmpSelJtVmxVSEZ1UVROdVdIQk9jR2hhUTA5aFRETjFkbk5GVURZelREY3RaVzlIVVdodVVXOVRYMmxuTTFod04yaEVORlk0Y1VoSk5qVjNUbTlJUkZwNFpFNVlZMjFITTJoaFdEUlJkemRFWVRjM1lsTXpZVE0yUXpnM01rSldRbEpPV0Y5SU1HWkVPRVU0YUdoblZIVmpWVjlzUmxaRFQzWTNURWxWTldwdmVuUm9ia2Q0UkRsU2RteHBabWh1Wm5sMVVEY3lkVE4zTFZJMmFTMU9SbVJDVEdGc1lYQnhOV3BrVUhoTFNGUmpVMWhDYUc5bkxXVmFUMnhRUm5FMFdXNUVSbU5QVTFjemJFMUVTRkJCZFRodE1IQldibm95VEhCM2RuRmhhVTFRZFhocU0xUmxUbDh6UWxKMlNtMTZiM0EyY0c5Rk1uVkVhVmMxY25kRVprdGxhVWhuTFVGSFdsZFphVzk1U2xKeU5WOUdUWEJxUTNOaVVtWlRSSGR2VG14eWJsOXJNMHM0YkhSWk9XZGZaMUJhTkVsdWRHcE5PVUZ2VjFCUldUSkZkRUpqWWtsTU5TMDBUMDVNVjJsS2RWWXhjMk4wVW1nMGExTjRRbXMxZG5WRVRWTXhUR2xVYUdsU1NYaENjRmw0VGtwb1RGcFdka0V0ZVVKaVRVZE5RVVU0UkhWalIzQnpZelJsZVVsdk1UaHhUbXM1ZEhKMFRIaFZaa1o0VkdoR05GOWpTMFV0ZEZOVFRHZGliVVpTY0ZjeGFVUnpibHBpTWpKV1dFMXZUMmN6YlhWdmMyMXRhRE5WWm1JMk1FTnRkV3BpU1hVMWNYbFdSWGhuTW1OYVZYcGtVRzFUTW5oR1RUWlNhMDlFVTJ0ZlNrdzBkRk5pWVdOTVoyNXhVVlJGY2tsTVZVRjVPVEV4YXpseldXMWxXV3RuUkhoWlVIbzFZV2RRU0d0QlJYSlFlRVpYVDBzNFlqQXpMVUYxVW01aVJrRkNTbGQ0VjNCV1RWSnVWVXQ1U0dacVpYWmlWRGsyYlRGTk9GUTNlSEZSTURSRGEzSmhjbmhRVFd0c2FVSmtjMFJ0YTNveE1GbGZRMGh4TjFwT1VXbFBTR2hEUTBadFIycHBlbGxNWWpWYVptVkJRM1JhVXpVM1JpMUVaRFJJVlRKWVdURlJObXRCY2tacU4ydDNVbGMwV2s0NFNHbE5Ua2hRY3pSUWRESXRTakZ3UmkxWWNtUnphbFJmWkhFNWFrSlVlbFJ2T0VGZmEyWlNkV0pVT0Zsc2NGRldlV2czTUhsNmMycHNVbk10TTJwVk5HOWtaRzlWZDB4NVEySXhlVzF0VTJKMVlqaEJObWN0TkU5aExYZ3hRbG95Y0ZoMVlsTnJYMUpXZUU1bWJGSjJOMU5MT1VsdlZFRTJhRzlTZVhVNGNHRXpjV1Z1UVhndE1YbEdiM3BYZW5scWNWRnFNMDlIU21OaE9HcERZazVIZDBrNVgxbHJSWGxaUWpkZlZXSnJkMmQyVUMxb2ExOTZhbWhuUlVjNFZsQnBUamgwT1V0ak4wTlVVbk5FZUdoVU9GRjVXRU4zVTFaRVYxaGtjbmd0V25sSFRtaHFZbW94WkRGQ0xYRjVlRFZDYTNBelN6QnFUVEZWV0hWVVR6VnlSMUkwU2kxVk1ua3RYMFp3WkZaVFZ6bFJZMDVHY0RGQ1VWaDJjVlI2TlZNM1JXVlVOVmxmUVVsRFJFUmlVbmx5VlZFeFJERlVkMmhWVVY5dk5VVkJaRFF0V1dkQmNUWTRaVlJRV1Vkd1luUnViak5WUlZWb055MVVhVTlTU1hZd2ExcFpWelF3Y0dWdVQzSlZNRGhGVDFCQ2RqZHlPSGhMY21obU5EUXdWbEk0U0ZCM1R6Uk5UM0JUVms5YU1HOXNjemxqYURkeVptVmpSVFpuY0VOb1Ftd3RiR3A1UVZOU1RWbEtSRXRQZVVsaWJUWjRkVVZ2YlU1NlIzTklSVUZJWmtoTE9IRjBZa2MzVGpCTGQyZERiR00xV0dFemQwczFaWEJQZFdwVFNUUnlRa1ZaZVdkaVgyNUZTVXN3Tm1RNFFqQlVXVEJRZHpSSFJuQnZaVXBVT0VoMUxVdEtjVVZGWlhwNFdYRkZaRE5YWjJkRVFscEtSbFZFWDFJdFNXNXdlRWd5ZGt4SVUya3liMlJNTFhZdFJITkRWR05QTkRoME4xZ3pRMmxsVm1OaFJIUmpPVWRxUkdGTVNrUnBPVEpZU1dWeE5XUlZNVWhYUmw5WmVHZHpNbHB5Vm01cmFtdElOMjVXVEhsU1YxZFNXVVZWTkdJdFgzSnVUM2ROWkhadGRVZDRZVXczUlRGaVduQmpYMDlzV2pCcVdqaFdjWFpoUkZkVlVFSnlWSFF6YUROVVpqZG5RVU5FZG5Zd2RrSXlVSGRtTW1oVmJFZHZXaTEzZGsxdlgwRkNZVFExVTJOdk5tZGpPSGxUYzNGQ1ZsaHJOakIxVERReVRuWTVhVjlGYzJsVE9VcFJOMlZNU3pKZmFISTJNbmxmYkU5RE9XMHlVbVprVDFOa2JqWmxWakJ0YkRoblIzUkxkbWN3ZEVOaVdFbHRTMVEwZUdobFoyMXpjVWszZG1WRU9UTk1YM00zWkhkeE16UlBUblZPUVU4NGVtOXlOR2wzWkUxUk56Sm5lRGRsVjBsMFNtaG5NMWhIVm1adFpsb3RlVEZQYUdsSVFYQnJXRlYxVmpSVFVEbFhSa1ZqVWpoeE9XNVJVWHBNV2xOYVIzQlZWRlpmWWpKR09WaDVaM0poTUZoRFJsaHRVRmxqTm1GV2VXUnlOMGhDVWpCNGVtMXpMWFpCY1hOUlVXbFFZMHR6VG0xemJFRmpNWGx6VUVseldtNUZSa1ZaVUZKTWJqSlJOWG96Y1c1ak0xQXdVakpoZFRGWGJ6SmtVa3Q1T1RkQ01sTkZVVEprTWxCMldqVnNUVXBOUWtGTmJXbHpSamR0UjA0NWNtMWtSbFZ3UWpCdkxscDJWMGhvT1VOQlZWWTFUbFUyZDBGck5Ia3RNMUUuRExXb2xEUTlZd0NCcHpUcWlnTGFUc2VmT1d1ZGRPVmhseEVzaGdUcFlwUSIsImV4cCI6MTYxMDk3MDI4NywiaWF0IjoxNjEwOTY5OTg3fQ.WU2_QuIHjjynobUuhC-gix6PMyWmOcuLulAdyIu7U2o",
"callbacks": [
{
"type": "PollingWaitCallback",
"output": [
{
"name": "waitTime",
"value": "5000"
},
{
"name": "message",
"value": "templates.user.LoginTemplate.pollingwaitmessage"
}
]
}
]
} |
Step 3
Step 3: (Polling)
After executing Step 2 the authentication process at the users mobile starts. It depends on the user, the mobile device and the mobile network how long time this process takes.
...
To poll for results we send yet another POST call to following URI:
https://pfzww.audkenni.is:443/sso/json/realms/root/realms/audkenni/authenticate
Body to send
This call need a JSON body sent with it, including two objects
authId (from last answer)
PollingWaitCallback (from last answer)
CURL example of the call
| Code Block |
|---|
curl --location --request POST 'https://pfzww.audkenni.is:443/sso/json/realms/root/realms/audkenni/authenticate' \
--header 'Content-Type: application/json' \
--header 'Accept-API-Version: resource=2.0,protocol=1.0' \
--header 'Cookie: audssossolb=03; audsso=UgT8UelNnFKc-Wm0GvQzDpwu0Ag.*AAJTSQACMDIAAlNLABwxQ1M5QVVlTFFxaXVCZWFTMkxXajhHV2JMWTg9AAR0eXBlAANDVFMAAlMxAAIwMw..*' \
--data-raw '{
"authId": "null",
"callbacks": [
{
"type": "PollingWaitCallback",
"output": [
{
"name": "waitTime",
"value": "5000"
},
{
"name": "message",
"value": "templates.user.LoginTemplate.pollingwaitmessage"
}
]
}
]
}' |
C# - RestSharp example of the call
| Code Block | ||
|---|---|---|
| ||
var client = new RestClient("https://pfzww.audkenni.is:443/sso/json/realms/root/realms/audkenni/authenticate");
client.Timeout = -1;
var request = new RestRequest(Method.POST);
request.AddHeader("Content-Type", "application/json");
request.AddHeader("Accept-API-Version", "resource=2.0,protocol=1.0");
request.AddHeader("Cookie", "audssossolb=03; audsso=UgT8UelNnFKc-Wm0GvQzDpwu0Ag.*AAJTSQACMDIAAlNLABwxQ1M5QVVlTFFxaXVCZWFTMkxXajhHV2JMWTg9AAR0eXBlAANDVFMAAlMxAAIwMw..*");
request.AddParameter("application/json", "{\n \"authId\": \"null\",\n \"callbacks\": [\n {\n \"type\": \"PollingWaitCallback\",\n \"output\": [\n {\n \"name\": \"waitTime\",\n \"value\": \"5000\"\n },\n {\n \"name\": \"message\",\n \"value\": \"templates.user.LoginTemplate.pollingwaitmessage\"\n }\n ]\n }\n ]\n}", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);
Console.WriteLine(response.Content); |
Step 3: Expected response (Authentication still in process)
If you run the poll call before the user authentication process is finished you will receive a similar answer as in Step 2.
...
If you get answer like this you need to wait for short time and run Step 3 call again, using the authId from the last response. Each time you receive a new “waiting” answer you also receive a new authId to use next time.
The response should include following
authId (to use in next step)
callbacks (with waitTime and message)
Example of answer from Step 3
| Code Block | ||
|---|---|---|
| ||
{
"authId": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhdXRoSW5kZXhWYWx1ZSI6ImFwaV92MTAwIiwib3RrIjoianVuYm1qbGV2dG1lNWg3YjFnZ2tlN3ViNTciLCJhdXRoSW5kZXhUeXBlIjoic2VydmljZSIsInJlYWxtIjoiL2F1ZGtlbm5pIiwic2Vzc2lvbklkIjoiKkFBSlRTUUFDTURJQUJIUjVjR1VBQ0VwWFZGOUJWVlJJQUFKVE1RQUNNRE0uKmV5SjBlWEFpT2lKS1YxUWlMQ0pqZEhraU9pSktWMVFpTENKaGJHY2lPaUpJVXpJMU5pSjkuWlhsS01HVllRV2xQYVVwTFZqRlJhVXhEU2paaFdFRnBUMmxLVDFRd05VWkphWGRwV2xjMWFrbHFiMmxSVkVWNVQwVk9RMUY1TVVsVmVra3hUbWxKYzBsdFJuTmFlVWsyU1cxU2NHTnBTamt1TGpsR1F6bExNM2h6UmpGMlpGWnRNRXg2YjBoTGQyY3VXRlV6YlhkWFRYb3lTeTFDYmpSelJtVmxVSEZ1UVROdVdIQk9jR2hhUTA5aFRETjFkbk5GVURZelREY3RaVzlIVVdodVVXOVRYMmxuTTFod04yaEVORlk0Y1VoSk5qVjNUbTlJUkZwNFpFNVlZMjFITTJoaFdEUlJkemRFWVRjM1lsTXpZVE0yUXpnM01rSldRbEpPV0Y5SU1HWkVPRVU0YUdoblZIVmpWVjlzUmxaRFQzWTNURWxWTldwdmVuUm9ia2Q0UkRsU2RteHBabWh1Wm5sMVVEY3lkVE4zTFZJMmFTMU9SbVJDVEdGc1lYQnhOV3BrVUhoTFNGUmpVMWhDYUc5bkxXVmFUMnhRUm5FMFdXNUVSbU5QVTFjemJFMUVTRkJCZFRodE1IQldibm95VEhCM2RuRmhhVTFRZFhocU0xUmxUbDh6UWxKMlNtMTZiM0EyY0c5Rk1uVkVhVmMxY25kRVprdGxhVWhuTFVGSFdsZFphVzk1U2xKeU5WOUdUWEJxUTNOaVVtWlRSSGR2VG14eWJsOXJNMHM0YkhSWk9XZGZaMUJhTkVsdWRHcE5PVUZ2VjFCUldUSkZkRUpqWWtsTU5TMDBUMDVNVjJsS2RWWXhjMk4wVW1nMGExTjRRbXMxZG5WRVRWTXhUR2xVYUdsU1NYaENjRmw0VGtwb1RGcFdka0V0ZVVKaVRVZE5RVVU0UkhWalIzQnpZelJsZVVsdk1UaHhUbXM1ZEhKMFRIaFZaa1o0VkdoR05GOWpTMFV0ZEZOVFRHZGliVVpTY0ZjeGFVUnpibHBpTWpKV1dFMXZUMmN6YlhWdmMyMXRhRE5WWm1JMk1FTnRkV3BpU1hVMWNYbFdSWGhuTW1OYVZYcGtVRzFUTW5oR1RUWlNhMDlFVTJ0ZlNrdzBkRk5pWVdOTVoyNXhVVlJGY2tsTVZVRjVPVEV4YXpseldXMWxXV3RuUkhoWlVIbzFZV2RRU0d0QlJYSlFlRVpYVDBzNFlqQXpMVUYxVW01aVJrRkNTbGQ0VjNCV1RWSnVWVXQ1U0dacVpYWmlWRGsyYlRGTk9GUTNlSEZSTURSRGEzSmhjbmhRVFd0c2FVSmtjMFJ0YTNveE1GbGZRMGh4TjFwT1VXbFBTR2hEUTBadFIycHBlbGxNWWpWYVptVkJRM1JhVXpVM1JpMUVaRFJJVlRKWVdURlJObXRCY2tacU4ydDNVbGMwV2s0NFNHbE5Ua2hRY3pSUWRESXRTakZ3UmkxWWNtUnphbFJmWkhFNWFrSlVlbFJ2T0VGZmEyWlNkV0pVT0Zsc2NGRldlV2czTUhsNmMycHNVbk10TTJwVk5HOWtaRzlWZDB4NVEySXhlVzF0VTJKMVlqaEJObWN0TkU5aExYZ3hRbG95Y0ZoMVlsTnJYMUpXZUU1bWJGSjJOMU5MT1VsdlZFRTJhRzlTZVhVNGNHRXpjV1Z1UVhndE1YbEdiM3BYZW5scWNWRnFNMDlIU21OaE9HcERZazVIZDBrNVgxbHJSWGxaUWpkZlZXSnJkMmQyVUMxb2ExOTZhbWhuUlVjNFZsQnBUamgwT1V0ak4wTlVVbk5FZUdoVU9GRjVXRU4zVTFaRVYxaGtjbmd0V25sSFRtaHFZbW94WkRGQ0xYRjVlRFZDYTNBelN6QnFUVEZWV0hWVVR6VnlSMUkwU2kxVk1ua3RYMFp3WkZaVFZ6bFJZMDVHY0RGQ1VWaDJjVlI2TlZNM1JXVlVOVmxmUVVsRFJFUmlVbmx5VlZFeFJERlVkMmhWVVY5dk5VVkJaRFF0V1dkQmNUWTRaVlJRV1Vkd1luUnViak5WUlZWb055MVVhVTlTU1hZd2ExcFpWelF3Y0dWdVQzSlZNRGhGVDFCQ2RqZHlPSGhMY21obU5EUXdWbEk0U0ZCM1R6Uk5UM0JUVms5YU1HOXNjemxqYURkeVptVmpSVFpuY0VOb1Ftd3RiR3A1UVZOU1RWbEtSRXRQZVVsaWJUWjRkVVZ2YlU1NlIzTklSVUZJWmtoTE9IRjBZa2MzVGpCTGQyZERiR00xV0dFemQwczFaWEJQZFdwVFNUUnlRa1ZaZVdkaVgyNUZTVXN3Tm1RNFFqQlVXVEJRZHpSSFJuQnZaVXBVT0VoMUxVdEtjVVZGWlhwNFdYRkZaRE5YWjJkRVFscEtSbFZFWDFJdFNXNXdlRWd5ZGt4SVUya3liMlJNTFhZdFJITkRWR05QTkRoME4xZ3pRMmxsVm1OaFJIUmpPVWRxUkdGTVNrUnBPVEpZU1dWeE5XUlZNVWhYUmw5WmVHZHpNbHB5Vm01cmFtdElOMjVXVEhsU1YxZFNXVVZWTkdJdFgzSnVUM2ROWkhadGRVZDRZVXczUlRGaVduQmpYMDlzV2pCcVdqaFdjWFpoUkZkVlVFSnlWSFF6YUROVVpqZG5RVU5FZG5Zd2RrSXlVSGRtTW1oVmJFZHZXaTEzZGsxdlgwRkNZVFExVTJOdk5tZGpPSGxUYzNGQ1ZsaHJOakIxVERReVRuWTVhVjlGYzJsVE9VcFJOMlZNU3pKZmFISTJNbmxmYkU5RE9XMHlVbVprVDFOa2JqWmxWakJ0YkRoblIzUkxkbWN3ZEVOaVdFbHRTMVEwZUdobFoyMXpjVWszZG1WRU9UTk1YM00zWkhkeE16UlBUblZPUVU4NGVtOXlOR2wzWkUxUk56Sm5lRGRsVjBsMFNtaG5NMWhIVm1adFpsb3RlVEZQYUdsSVFYQnJXRlYxVmpSVFVEbFhSa1ZqVWpoeE9XNVJVWHBNV2xOYVIzQlZWRlpmWWpKR09WaDVaM0poTUZoRFJsaHRVRmxqTm1GV2VXUnlOMGhDVWpCNGVtMXpMWFpCY1hOUlVXbFFZMHR6VG0xemJFRmpNWGx6VUVseldtNUZSa1ZaVUZKTWJqSlJOWG96Y1c1ak0xQXdVakpoZFRGWGJ6SmtVa3Q1T1RkQ01sTkZVVEprTWxCMldqVnNUVXBOUWtGTmJXbHpSamR0UjA0NWNtMWtSbFZ3UWpCdkxscDJWMGhvT1VOQlZWWTFUbFUyZDBGck5Ia3RNMUUuRExXb2xEUTlZd0NCcHpUcWlnTGFUc2VmT1d1ZGRPVmhseEVzaGdUcFlwUSIsImV4cCI6MTYxMDk3MDI4NywiaWF0IjoxNjEwOTY5OTg3fQ.WU2_QuIHjjynobUuhC-gix6PMyWmOcuLulAdyIu7U2o",
"callbacks": [
{
"type": "PollingWaitCallback",
"output": [
{
"name": "waitTime",
"value": "5000"
},
{
"name": "message",
"value": "templates.user.LoginTemplate.pollingwaitmessage"
}
]
}
]
} |
Step 3: Expected response (Authentication is finished)
When authentication process is finished successfully you will receive answer with a tokenId which will in next step allow you get the Authentication Code. The tokenId is your login session token.
The REST API service answer is in JSON format.
The response should include following
tokenId (to use in next step)
successUrl
realm
Example of answer from Step 3
| Code Block | ||
|---|---|---|
| ||
{
"tokenId": "UgT8UelNnFKc-Wm0GvQzDpwu0Ag.*AAJTSQACMDIAAlNLABwxQ1M5QVVlTFFxaXVCZWFTMkxXajhHV2JMWTg9AAR0eXBlAANDVFMAAlMxAAIwMw..*",
"successUrl": "/sso/console",
"realm": "/audkenni"
} |
Step 4
Step 4: (Get Authentication Code)
Now, when we have our login session token we can continue to next step, which is to get our Authentication Code.
To get the Authentication Code we send a GET call to following URI:
https://pfzww.audkenni.is:443/sso/oauth2/realms/root/realms/audkenni/authorize?service=api_v100&client_id=myApiClientId&response_type=code&scope=openid profile signature&code_challenge=5WnuXW4ALVNtX9G6MydkrPs-F2suz0TQkoaKBsk8Hzk&code_challenge_method=S256&state=abc123&redirect_uri=http://localhost:3000/callback
Header needed in the call
For this call to work we need to add a header object. It should be Cookie with the value “audsso=the tokenId from last call”.
Query parameters needed in the call
client_id
scope (openid, profile, signature)
code_challenge (search for info about code_challenge and code verifier)
state (search for info about state)
redirect_uri
CURL example of the call
| Code Block |
|---|
curl --location --request GET 'https://pfzww.audkenni.is:443/sso/oauth2/realms/root/realms/audkenni/authorize?service=api_v100&client_id=myApiClientId&response_type=code&scope=openid%20profile%20signature&code_challenge=5WnuXW4ALVNtX9G6MydkrPs-F2suz0TQkoaKBsk8Hzk&code_challenge_method=S256&state=abc123&redirect_uri=http://localhost:3000/callback' \ --header 'Cookie: audsso=tnPGRz4kjKhRfL8B2jjxPCo0Wcc.*AAJTSQACMDIAAlNLABxPYmVUSDZPWlNrK2ptZWJ0NVJDWE9PUHhweXM9AAR0eXBlAANDVFMAAlMxAAIwMw..*; audssossolb=03; audsso=tnPGRz4kjKhRfL8B2jjxPCo0Wcc.*AAJTSQACMDIAAlNLABxPYmVUSDZPWlNrK2ptZWJ0NVJDWE9PUHhweXM9AAR0eXBlAANDVFMAAlMxAAIwMw..*' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --data-raw '' |
C# - RestSharp example of the call
| Code Block | ||
|---|---|---|
| ||
var client = new RestClient("https://pfzww.audkenni.is:443/sso/oauth2/realms/root/realms/audkenni/authorize?service=api_v100&client_id=myApiClientId&response_type=code&scope=openid profile signature&code_challenge=5WnuXW4ALVNtX9G6MydkrPs-F2suz0TQkoaKBsk8Hzk&code_challenge_method=S256&state=abc123&redirect_uri=http://localhost:3000/callback");
client.Timeout = -1;
var request = new RestRequest(Method.GET);
request.AddHeader("Cookie", "audsso=tnPGRz4kjKhRfL8B2jjxPCo0Wcc.*AAJTSQACMDIAAlNLABxPYmVUSDZPWlNrK2ptZWJ0NVJDWE9PUHhweXM9AAR0eXBlAANDVFMAAlMxAAIwMw..*; audssossolb=03; audsso=tnPGRz4kjKhRfL8B2jjxPCo0Wcc.*AAJTSQACMDIAAlNLABxPYmVUSDZPWlNrK2ptZWJ0NVJDWE9PUHhweXM9AAR0eXBlAANDVFMAAlMxAAIwMw..*");
request.AddHeader("Content-Type", "application/x-www-form-urlencoded");
request.AddParameter("application/x-www-form-urlencoded", "", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);
Console.WriteLine(response.Content); |
Step 4: Expected response
The JSON body of the answer should simply contain a “1”.
Header in response
You should receive following header object in the answer
...
This “code” parameter is the Authentication Code you will use for the exchange process in next step.
Example of “code” in response
...
Step 5
Step 5: (Exchange Authentication Code with Access and Id token)
Now that we have the Authentication code we can finally ask for the Access and Id token of the user authenticated.
To exchange the Authentication Code for Access and Id token we send a POST call to following URI:
https://pfzww.audkenni.is:443/sso/oauth2/realms/root/realms/audkenni/access_token
Parameters needed in call
We need to add following parameters
client_id
redirect_uri
code_verifier (search for info about code_challenge and code verifier)
code (the Authentication Code from last step)
client_secret
CURL example of the call
| Code Block |
|---|
curl --location --request POST 'https://pfzww.audkenni.is:443/sso/oauth2/realms/root/realms/audkenni/access_token' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --header 'Cookie: audssossolb=03; audsso=tnPGRz4kjKhRfL8B2jjxPCo0Wcc.*AAJTSQACMDIAAlNLABxPYmVUSDZPWlNrK2ptZWJ0NVJDWE9PUHhweXM9AAR0eXBlAANDVFMAAlMxAAIwMw..*' \ --data-urlencode 'grant_type=authorization_code' \ --data-urlencode 'client_id=myApiClientId' \ --data-urlencode 'redirect_uri=http://localhost:3000/callback' \ --data-urlencode 'code_verifier=nO1rQDGH1QXNTTCMBb5rUFqwasA1LOEMBxJN9dtxWFDD0AFVPqMVDOoPyIrkLqPe7YGn2Q45o7ZG20L7zIJaOe8v8L51wy178ayQSk2zcNrT1ZjI2Kn3LxH2GGIbPqUK' \ --data-urlencode 'code=764sXFIB2i9t5nJsY4zpIUbV51I' \ --data-urlencode 'client_secret=MyApiClientP4$sW' |
C# - RestSharp example of the call
| Code Block | ||
|---|---|---|
| ||
var client = new RestClient("https://pfzww.audkenni.is:443/sso/oauth2/realms/root/realms/audkenni/access_token");
client.Timeout = -1;
var request = new RestRequest(Method.POST);
request.AddHeader("Content-Type", "application/x-www-form-urlencoded");
request.AddHeader("Cookie", "audssossolb=03; audsso=tnPGRz4kjKhRfL8B2jjxPCo0Wcc.*AAJTSQACMDIAAlNLABxPYmVUSDZPWlNrK2ptZWJ0NVJDWE9PUHhweXM9AAR0eXBlAANDVFMAAlMxAAIwMw..*");
request.AddParameter("grant_type", "authorization_code");
request.AddParameter("client_id", "myApiClientId");
request.AddParameter("redirect_uri", "http://localhost:3000/callback");
request.AddParameter("code_verifier", "nO1rQDGH1QXNTTCMBb5rUFqwasA1LOEMBxJN9dtxWFDD0AFVPqMVDOoPyIrkLqPe7YGn2Q45o7ZG20L7zIJaOe8v8L51wy178ayQSk2zcNrT1ZjI2Kn3LxH2GGIbPqUK");
request.AddParameter("code", "764sXFIB2i9t5nJsY4zpIUbV51I");
request.AddParameter("client_secret", "MyApiClientP4$sW");
IRestResponse response = client.Execute(request);
Console.WriteLine(response.Content); |
Step 5: Expected response
The answer from this call should give you the Access and Id tokens along scope info, type and lifetime.
...
The REST API service answer is in JSON format.
Best practice
Best practice is to verify the signature and the certificate. Verify the user’s info in the Id token against the certificate in the signature.
The response should include following
access_token
id_token
scope
token_type
expires_in (lifetime of the tokens)
Example of answer from step 5
| Code Block | ||
|---|---|---|
| ||
{
"access_token": "eyJ0eXAiOiJKV1QiLCJ6aXAiOiJOT05FIiwiYWxnIjoiSFMyNTYifQ.eyJzdWIiOiIxMDkwNWYxZS0yNjA4LTRmOWMtODBkMi0zZmI0NTI0MTUyMmMiLCJjdHMiOiJPQVVUSDJfU1RBVEVMRVNTX0dSQU5UIiwiYXV0aF9sZXZlbCI6MCwiYXVkaXRUcmFja2luZ0lkIjoiNjE2ODE1NmEtNTFkOC00OTgwLTlkMTItZjllZWQ1ZDkzY2E3LTExMDE1NTgiLCJpc3MiOiJodHRwczovL3Bmend3LmF1ZGtlbm5pLmlzOjQ0My9zc28vb2F1dGgyL3JlYWxtcy9yb290L3JlYWxtcy9hdWRrZW5uaSIsInRva2VuTmFtZSI6ImFjY2Vzc190b2tlbiIsInRva2VuX3R5cGUiOiJCZWFyZXIiLCJhdXRoR3JhbnRJZCI6Ik15X3h1SDJRV3l6QnI3MjU0Mkhod251WHRXcyIsImF1ZCI6Im15QXBpQ2xpZW50SWQiLCJuYmYiOjE2MTEwNDU2MTMsImdyYW50X3R5cGUiOiJhdXRob3JpemF0aW9uX2NvZGUiLCJzY29wZSI6WyJzaWduYXR1cmUiLCJvcGVuaWQiLCJwcm9maWxlIl0sImF1dGhfdGltZSI6MTYxMTA0NTYwMywicmVhbG0iOiIvYXVka2VubmkiLCJleHAiOjE2MTEwNDkyMTMsImlhdCI6MTYxMTA0NTYxMywiZXhwaXJlc19pbiI6MzYwMCwianRpIjoiWXNXdVVCOWpRZ1Y4NWVnYXFpcmRCSmpfUV84In0.seN-_PTzuWj1JWDDBMJ1IMhJd5lWtO8DABU5gsjD3ag",
"scope": "signature openid profile",
"id_token": "eyJ0eXAiOiJKV1QiLCJraWQiOiJ3VTNpZklJYUxPVUFSZVJCL0ZHNmVNMVAxUU09IiwiYWxnIjoiUlMyNTYifQ.eyJhdF9oYXNoIjoia0J0ZmFGd1lSLWE5TXNETm9OalJNdyIsInN1YiI6IjEwOTA1ZjFlLTI2MDgtNGY5Yy04MGQyLTNmYjQ1MjQxNTIyYyIsInNpZ25hdHVyZSI6Ik1JSUlkZ1lKS29aSWh2Y05BUWNDb0lJSVp6Q0NDR01DQVFFeERUQUxCZ2xnaGtnQlpRTUVBZ0V3WFFZSktvWklodmNOQVFjQm9GQUVUZ0JCQUhVQWRBQm9BR1VBYmdCMEFHa0FZd0JoQUhRQWFRQnZBRzRBSUFCMEFHOEFJQUJCQUhVQThBQnJBR1VBYmdCdUFHa0FJQUF0QUNBQVF3QnZBR1FBWlFBNkFDQUFNUUF5QURNQU5LQ0NCZFl3Z2dYU01JSUV1cUFEQWdFQ0FnTWZBV0F3RFFZSktvWklodmNOQVFFTEJRQXdmakVMTUFrR0ExVUVCaE1DU1ZNeEV6QVJCZ05WQkFVVENqVXlNVEF3TURJM09UQXhGVEFUQmdOVkJBb1RERUYxWkd0bGJtNXBJR2htTGpFbk1DVUdBMVVFQ3hNZVZYUm5aV1poYm1ScElHWjFiR3huYVd4a2NtRWdjMnRwYkhKcGEycGhNUm93R0FZRFZRUURFeEZHZFd4c1oybHNkQ0JoZFdSclpXNXVhVEFlRncweU1EQTNNamN4TXpRek1ETmFGdzB5TlRBM01qY3hNelF6TURGYU1JR01NUXN3Q1FZRFZRUUdFd0pKVXpFV01CUUdBMVVFQ3hNTlpXbHVhMkZ6YTJsc2NtbHJhVEVVTUJJR0ExVUVDd3dMUVhYRHNHdGxibTVwYm1jeEZ6QVZCZ05WQkFzVERqSXdNakF3TnpJM01UTTBNakEzTVJNd0VRWURWUVFGRXdveE5UQTFOekUwTkRnNU1TRXdId1lEVlFRRERCaEZhVzVoY2lERGdYSnp3NlpzYkNCSWNtRm1ibk56YjI0d2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUUM1RWQzSWR5dG1aY3dpZlJ0ZUJ6N2NDVy9za2hvS2F4UU92YTlNSzJzaGl0UWZqb2xaQ3l0VWlOYVFzSTcrWW1BTnFKeXZjcXFvY1pDZ0x1NlBjc29iQzBMK2RycG1GZEhzeFNSM2E0aGZpek1Kei9wUFg0TTEvN3hSQjZYTmpoNE5GL0xSK1dNNUhwMUIyejhleVRzRTJwWFNPb1c3UDhBRnlFdVBhakVPZzlsejF6Z3RXWmhzYVkrZnJIZE9lK0tIemhNUWRORjEzNGpBZkZaTkxWKzIyL3VuNjhDTXpRMmtNNDU0WnhTVVkwZGl6N3Z5TXBZaVVWTTRCRnZDVkNxZXB1d1hHaE9LUEhDdExma0l6UlJFL2ozK29kMnVYc01VOG0xQUNrWG9OYUppYmxKVGwzaDFJckkzclhFSTZnajJMbGh4UTh0TXZGekRRTVpRR2R0M0FnTUJBQUdqZ2dKSU1JSUNSREFNQmdOVkhSTUJBZjhFQWpBQU1IY0dDQ3NHQVFVRkJ3RUJCR3N3YVRBakJnZ3JCZ0VGQlFjd0FZWVhhSFIwY0RvdkwyOWpjM0F1WVhWa2EyVnVibWt1YVhNd1FnWUlLd1lCQlFVSE1BS0dObWgwZEhBNkx5OWpaSEF1YVhOc1lXNWtjM0p2ZEM1cGN5OXphMmxzY21scmFTOW1kV3hzWjJsc2RHRjFaR3RsYm01cExuQTNZakNDQVE4R0ExVWRJQVNDQVFZd2dnRUNNSUgvQmdsZ2dtQUJBZ0VCQVFJd2dmRXdnYmNHQ0NzR0FRVUZCd0lDTUlHcUdvR25WR2hwY3lCalpYSjBhV1pwWTJGMFpTQnBjeUJwYm5SbGJtUmxaQ0JtYjNJZ1lYVjBhR1Z1ZEdsallYUnBiMjR1SUZSb2FYTWdZMlZ5ZEdacFkyRjBaU0JtZFd4bWFXeHpJSFJvWlNCeVpYRjFhWEpsYldWdWRITWdabTl5SUdFZ2NYVmhiR2xtYVdWa0lHTmxjblJwWm1sallYUmxJR0Z6SUdSbFptbHVaV1FnYVc0Z1lXTjBJREk0THpJd01ERWdZVzVrSUVScGNtVmpkR2wyWlNBNU9TODVNeTlGUXk0d05RWUlLd1lCQlFVSEFnRVdLV2gwZEhBNkx5OWpjQzVoZFdSclpXNXVhUzVwY3k5bWRXeHNaMmxzZEdGMVpHdGxibTVwTDJOd01BNEdBMVVkRHdFQi93UUVBd0lGb0RBVEJnTlZIU1VFRERBS0JnZ3JCZ0VGQlFjREFqQWZCZ05WSFNNRUdEQVdnQlRDS1Q2Ry80YkUyalVmYWFhay93R0RQRW96cVRCREJnTlZIUjhFUERBNk1EaWdOcUEwaGpKb2RIUndPaTh2WTNKc0xtRjFaR3RsYm01cExtbHpMMloxYkd4bmFXeDBZWFZrYTJWdWJta3ZiR0YwWlhOMExtTnliREFkQmdOVkhRNEVGZ1FVZkpVK3BXMjVpR1g1akRURXpRMlo4NFJOQUZjd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFLcjdiZWtLbFFVOS9IZFpGOWUxMHhjMi93OVdHYzJTN0JORm42K2g4WWJOOXAxQVhTYmtyNXdwM1dkRk5IVUJDZzJWVWxpZlFUV1VtS3FwdlFWSm1Bc010cUZZUTV3UmtTQ3ZuNU1CL3NvbGxFRkpIWkNXWG1mY2NzSENPV2R5QkdIMC93NldnSVZPSk9ZYTg5czFvUVpvRHIyazNMbkw2ZnhadVJjTFhVOFdOQWdjZlBRbmsxVE5PdmJldUZtV2poQXlxVkMyMlNSY21nUC9tZzZxK0RVV1QrQVVxeDRIU2tJWnJPU05Ta3l4QXQrZzMxMngzK3liQnBXUmg3Q0ZHTUJRRzR3azlteFZoNzZTd29vZHVZRnpaTzh6aUlhMHRNaG1uUUtFVWNhZlBwbG9SMk9VWXRUcUl2YU4vM0RFVVhPMm5yK1Yxc0tkVTdsVUdWekMwUlV4Z2dJVU1JSUNFQUlCQVRDQmhUQitNUXN3Q1FZRFZRUUdFd0pKVXpFVE1CRUdBMVVFQlJNS05USXhNREF3TWpjNU1ERVZNQk1HQTFVRUNoTU1RWFZrYTJWdWJta2dhR1l1TVNjd0pRWURWUVFMRXg1VmRHZGxabUZ1WkdrZ1puVnNiR2RwYkdSeVlTQnphMmxzY21scmFtRXhHakFZQmdOVkJBTVRFVVoxYkd4bmFXeDBJR0YxWkd0bGJtNXBBZ01mQVdBd0N3WUpZSVpJQVdVREJBSUJvR1V3R0FZSktvWklodmNOQVFrRE1Rc0dDU3FHU0liM0RRRUhBVEFZQmdvcWhraUc5dzBCQ1JrRE1Rb0VDSXhQRE5mUnZUaVBNQzhHQ1NxR1NJYjNEUUVKQkRFaUJDQmNvbnVPY1dkUjM3NXg2eDlSYzFyelJuYjVZd2JEVXdTRGlQV2luOHRZOGpBTEJna3Foa2lHOXcwQkFRRUVnZ0VBVTc2YnNySCtnOEtTYXlzdDdsRWJWMGFCdmQwbDJDTnRVYU9waXROcys3eFZMOSsxd2xuUTZNZ3FVMlZVU3N0WjJ4K295eW5EdDA5NytRTnZ2QmZWQSs4VDdNZ01xa0s3MjZhZ2RXbnBvc3dZL0s1ZDF6ZnhEb0ZRb1Y0Um1XdVE1RVRhVFlPMG1tVlRMd3k5dXNrUEJkUXVVTU5wd21SdjdqWGVNamtVaW1NRUNaVmFlUlpiMzRGVGtjR1lUQVFoSU8rWFZxUENGcVNheGkwYU5OT1g5clBZSHV4TGhUR2ZyOEZCZzJCWlBJQ0RINHVKZGxCcmltZVpVMHZkQnhXeXRPdFNONWJwZW9LZVBDYnRLSlhZbHZOMnNpV3h4YndhaXRKNll5VEhjaWVMYnVjMkJoTnR2OU9wTUN2S3FaZFY0VDk3Mm5ubHM3cE9jWFk0UXZUUldRPT0iLCJhdWRpdFRyYWNraW5nSWQiOiI2MTY4MTU2YS01MWQ4LTQ5ODAtOWQxMi1mOWVlZDVkOTNjYTctMTEwMTU1OSIsImNlcnRpZmljYXRlIjoibmEiLCJpc3MiOiJodHRwczovL3Bmend3LmF1ZGtlbm5pLmlzOjQ0My9zc28vb2F1dGgyL3JlYWxtcy9yb290L3JlYWxtcy9hdWRrZW5uaSIsInRva2VuTmFtZSI6ImlkX3Rva2VuIiwiYXVkIjoibXlBcGlDbGllbnRJZCIsImNfaGFzaCI6IlpSenhNb2xWelo0dlpqVlVEalFPM0EiLCJhY3IiOiIwIiwiZG9jdW1lbnROciI6Im5hIiwibmF0aW9uYWxSZWdpc3RlcklkIjoiMTUwNTcxNDQ4OSIsIm9yZy5mb3JnZXJvY2sub3BlbmlkY29ubmVjdC5vcHMiOiI0TFJXOU9qUmhORDVJektvd3NMN05lZHNsbnciLCJzX2hhc2giOiJiS0U5VXNwd3lJUGc4THNRSGtKYWlRIiwiYXpwIjoibXlBcGlDbGllbnRJZCIsImF1dGhfdGltZSI6MTYxMTA0NTYwMywibmFtZSI6IkVpbmFyIMOBcnPDpmxsIEhyYWZuc3NvbiIsInJlYWxtIjoiL2F1ZGtlbm5pIiwiZXhwIjoxNjExMDQ5MjEzLCJ0b2tlblR5cGUiOiJKV1RUb2tlbiIsImlhdCI6MTYxMTA0NTYxM30.1dvpVPUTOoMD6V7S7lKs7whXoroNtrSKjDZpAcbDJbtOb2Fq4FbGlJSZyobxUJN_QM7BOH8iUNC8p-3a7uvwXIs4V79mDG9lm682q8nk79js925FRYSfgKwVASi5f1ENRu-hnU6mT3WkTWD01H3-XJiLzwunnPbeyB8o_LOlikYVhNuu7ree0ExIapeMaIt34ild3rfQ_v7XVmsFIpbfKP4lEKURPnKbOboEjhnnz1tQeFHIbwVthAFKfocyUPiiFXuXyADATx32TZSezOCbroE7emoLruI7ctLTFb1deM6tabLqFT8h8UkDQF2NOi-AjcmYQM0LO_Co5ggOg3yeKQ",
"token_type": "Bearer",
"expires_in": 3599
} |
Example of the payload in Access token
| Code Block | ||
|---|---|---|
| ||
{
"sub": "10904f1e-2618-4f9c-80d2-3fb45241522c",
"cts": "OAUTH2_STATELESS_GRANT",
"auth_level": 0,
"auditTrackingId": "6168157a-51d8-4980-9d12-f9eed5d93ca7-1101558",
"subname": "10904f1e-2618-4f9c-80d2-3fb45241522c",
"iss": "https://pfzww.audkenni.is:443/sso/oauth2/realms/root/realms/audkenni",
"tokenName": "access_token",
"token_type": "Bearer",
"authGrantId": "My_xuH2QWyzBr72543HhnnuXtWs",
"aud": "myApiClientId",
"nbf": 1611045613,
"grant_type": "authorization_code",
"scope": [
"signature",
"openid",
"profile"
],
"auth_time": 1611045603,
"realm": "/audkenni",
"exp": 1611049213,
"iat": 1611045613,
"expires_in": 3600,
"jti": "YsWuUB9jQgV85egaqirdBJj_Q_8"
} |
Example of the payload in Id token
| Code Block | ||
|---|---|---|
| ||
{
"at_hash": "kBtfaFwYR-a9MsDNoNjRMw",
"sub": "10905f1e-2808-4f9c-81d2-3fb45241522c",
"signature": "MIIIdgYJKoZIhvcNAQcCoIIIZzCQEGMCAQExDTALBglghkgBZMMEAgEwXQYJKoZIhvcNNQcBoFAETgBBAHUAdABoAGUAbgB0AGkAYwBhAHQAaQBvAG4AIAB0AG8AIABBAHUA8ABrAGUAbgBuAGkAIAAtACAAQwBvAGQAZQA6ACAAMQAyADMANKCCBdYwggXSMIIEuqADAgECAgMfAWAwDQYJKoZIhvcNAQELBQAwfjELMAkGA1UEBhMCSVMxEzARBgNVBAUTCjUyMTAwMDI3OTAxFTATBgNVBAoTDEF1ZGtlbm5pIGhmLjEnMCUGA1UECxMeVXRnZWZhbmRpIGZ1bGxnaWxkcmEgc2tpbHJpa2phMRowGAYDVQQDExFGdWxsZ2lsdCBhdWRrZW5uaTAeFw0yMDA3MjcxMzQzMDNaFw0yNTA3MjcxMzQzMDFaMIGMMQswCQYDVQQGEwJJUzEWMBQGA1UECxMNZWlua2Fza2lscmlraTEUMBIGA1UECwwLQXXDsGtlbm5pbmcxFzAVBgNVBAsTDjIwMjAwNzI3MTM0MjA3MRMwEQYDVQQFEwoxNTA1NzE0NDg5MSEwHwYDVQQDDBhFaW5hciDDgXJzw6ZsbCBIcmFmbnNzb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5Ed3IdytmZcwifRteBz7cCW/skhoKaxQOva9MK2shitQfjolZCytUiNaQsI7+YmANqJyvcqqocZCgLu6PcsobC0L+drpmFdHsxSR3a4hfizMJz/pPX4M1/7xRB6XNjh4NF/LR+WM5Hp1B2z8eyTsE2pXSOoW7P8AFyEuPajEOg9lz1zgtWZhsaY+frHdOe+KHzhMQdNF134jAfFZNLV+22/un68CMzQ2kM454ZxSUY0diz7vyMpYiUVM4BFvCVCqepuwXGhOKPHCtLfkIzRRE/j3+od2uXsMU8m1ACkXoNaJiblJTl3h1IrI3rXEI6gj2LlhxQ8tMvFzDQMZQGdt3AgMBAAGjggJIMIICRDAMBgNVHRMBAf8EAjAAMHcGCCsGAQUFBwEBBGswaTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuYXVka2VubmkuaXMwQgYIKwYBBQUHMAKGNmh0dHA6Ly9jZHAuaXNsYW5kc3JvdC5pcy9za2lscmlraS9mdWxsZ2lsdGF1ZGtlbm5pLnA3YjCCAQ8GA1UdIASCAQYwggECMIH/BglggmABAgEBAQIwgfEwgbcGCCsGAQUFBwICMIGqGoGnVGhpcyBjZXJ0aWZpY2F0ZSBpcyBpbnRlbmRlZCBmb3IgYXV0aGVudGljYXRpb24uIFRoaXMgY2VydGZpY2F0ZSBmdWxmaWxzIHRoZSByZXF1aXJlbWVudHMgZm9yIGEgcXVhbGlmaWVkIGNlcnRpZmljYXRlIGFzIGRlZmluZWQgaW4gYWN0IDI4LzIwMDEgYW5kIERpcmVjdGl2ZSA5OS85My9FQy4wNQYIKwYBBQUHAgEWKWh0dHA6Ly9jcC5hdWRrZW5uaS5pcy9mdWxsZ2lsdGF1ZGtlbm5pL2NwMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDAjAfBgNVHSMEGDAWgBTCKT6G/4bE2jUfaaak/wGDPEozqTBDBgNVHR8EPDA6MDigNqA0hjJodHRwOi8vY3JsLmF1ZGtlbm5pLmlzL2Z1bGxnaWx0YXVka2VubmkvbGF0ZXN0LmNybDAdBgNVHQ4EFgQUfJU+pW25iGX5jDTEzQ2Z84RNAFcwDQYJKoZIhvcNAQELBQADggEBAKr7bekKlQU9/HdZF9e10xc2/w9WGc2S7BNFn6+h8YbN9p1AXSbkr5wp3WdFNHUBCg2VUlifQTWUmKqpvQVJmAsMtqFYQ5wRkSCvn5MB/sollEFJHZCWXmfccsHCOWdyBGH0/w6WgIVOJOYa89s1oQZoDr2k3LnL6fxZuRcLXU8WNAgcfPQnk1TNOvbeuFmWjhAyqVC22SRcmgP/mg6q+DUWT+AUqx4HSkIZrOSNSkyxAt+g312x3+ybBpWRh7CFGMBQG4wk9mxVh76SwooduYFzZO8ziIa0tMhmnQKEUcafPploR2OUYtTqIvaN/3DEUXO2nr+V1sKdU7lUGVzC0RUxggIUMIICEAIBATCBhTB+MQswCQYDVQQGEwJJUzETMBEGA1UEBRMKNTIxMDAwMjc5MDEVMBMGA1UEChMMQXVka2VubmkgaGYuMScwJQYDVQQLEx5VdGdlZmFuZGkgZnVsbGdpbGRyYSBza2lscmlramExGjAYBgNVBAMTEUZ1bGxnaWx0IGF1ZGtlbm5pAgMfAWAwCwYJYIZIAWUDBAIBoGUwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAYBgoqhkiG9w0BCRkDMQoECIxPDNfRvTiPMC8GCSqGSIb3DQEJBDEiBCBconuOcWdR375x6x9Rc1rzRnb5YwbDUwSDiPWin8tY8jALBgkqhkiG9w0BAQEEggEAU76bsrH+g8KSayst7lEbV0aBvd0l2CNtUaOpitNs+7xVL9+1wlnQ6MgqU2VUSstZ2x+oyynDt097+QNvvBfVA+8T7MgMqkK726agdWnposwY/K5d1zfxDoFQoV4RmWuQ5ETaTYO0mmVTLwy9uskPBdQuUMNpwmRv7jXeMjkUimMECZVaeRZb34FTkcGYTAQhIO+XVqPCFqSaxi0aNNOX9rPYHuxLhTGfr8FBg2BZPICDH4uJdlBrimeZU0vdBxWytOtSN5bpeoKePCbtKJXYlvN2siWxxbwaitJ6YyTHcieLbuc2BhNtv9OpMCvKqZdV4T972nnls7pOcXY4QvTRWQ==",
"auditTrackingId": "6168156a-51d8-4980-9d12-f9eed5d93ca7-1101559",
"subname": "10905f1e-2808-4f9c-81d2-3fb45241522c",
"certificate": "na",
"sid": "/BZgBugSLB1eLZK4LHsJhfP4dt9rbES24vgU2NGIFMg=",
"iss": "https://pfzww.audkenni.is:443/sso/oauth2/realms/root/realms/audkenni",
"tokenName": "id_token",
"aud": "myApiClientId",
"c_hash": "ZRzxMolVzZ4vZjVUDjQO3A",
"acr": "0",
"documentNr": "na",
"nationalRegisterId": "1406714889",
"org.forgerock.openidconnect.ops": "4LRW9OjRhND5IzKowsL7Nedslnw",
"s_hash": "bKE9UspwyIPg8LsQHkJaiQ",
"azp": "myApiClientId",
"auth_time": 1611045603,
"name": "Einar Helgi Hrafnsson",
"realm": "/audkenni",
"exp": 1611049213,
"tokenType": "JWTToken",
"iat": 1611045613
} |
Step 6
Step 6: (Userinfo)
Here we ask for the users info using the Access token as Authorization header parameter.
To get the Userinfo we send a POST call to following URI:
https://pfzww.audkenni.is:443/sso/oauth2/realms/root/realms/audkenni/userinfo
Parameters needed in call
We need to add following header parameters
Authorization (Bearer, using the Access token from last call as value)
CURL example of the call
| Code Block |
|---|
curl --location --request POST 'https://pfzww.audkenni.is:443/sso/oauth2/realms/root/realms/audkenni/userinfo' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJ6aXAiOiJOT05FIiwiYWxnIjoiSFMyNTYifQ.eyJzdWIiOiIxMDkwNWYxZS0yNjA4LTRmOWMtODBkMi0zZmI0NTI0MTUyMmMiLCJjdHMiOiJPQVVUSDJfU1RBVEVMRVNTX0dSQU5UIiwiYXV0aF9sZXZlbCI6MCwiYXVkaXRUcmFja2luZ0lkIjoiNjE2ODE1NmEtNTFkOC00OTgwLTlkMTItZjllZWQ1ZDkzY2E3LTExMDE1NTgiLCJpc3MiOiJodHRwczovL3Bmend3LmF1ZGtlbm5pLmlzOjQ0My9zc28vb2F1dGgyL3JlYWxtcy9yb290L3JlYWxtcy9hdWRrZW5uaSIsInRva2VuTmFtZSI6ImFjY2Vzc190b2tlbiIsInRva2VuX3R5cGUiOiJCZWFyZXIiLCJhdXRoR3JhbnRJZCI6Ik15X3h1SDJRV3l6QnI3MjU0Mkhod251WHRXcyIsImF1ZCI6Im15QXBpQ2xpZW50SWQiLCJuYmYiOjE2MTEwNDU2MTMsImdyYW50X3R5cGUiOiJhdXRob3JpemF0aW9uX2NvZGUiLCJzY29wZSI6WyJzaWduYXR1cmUiLCJvcGVuaWQiLCJwcm9maWxlIl0sImF1dGhfdGltZSI6MTYxMTA0NTYwMywicmVhbG0iOiIvYXVka2VubmkiLCJleHAiOjE2MTEwNDkyMTMsImlhdCI6MTYxMTA0NTYxMywiZXhwaXJlc19pbiI6MzYwMCwianRpIjoiWXNXdVVCOWpRZ1Y4NWVnYXFpcmRCSmpfUV84In0.seN-_PTzuWj1JWDDBMJ1IMhJd5lWtO8DABU5gsjD3ag' \ --header 'Cookie: audssossolb=03; audsso=tnPGRz4kjKhRfL8B2jjxPCo0Wcc.*AAJTSQACMDIAAlNLABxPYmVUSDZPWlNrK2ptZWJ0NVJDWE9PUHhweXM9AAR0eXBlAANDVFMAAlMxAAIwMw..*' |
C# - RestSharp example of the call
| Code Block | ||
|---|---|---|
| ||
var client = new RestClient("https://pfzww.audkenni.is:443/sso/oauth2/realms/root/realms/audkenni/userinfo");
client.Timeout = -1;
var request = new RestRequest(Method.POST);
request.AddHeader("Content-Type", "application/x-www-form-urlencoded");
request.AddHeader("Authorization", "Bearer eyJ0eXAiOiJKV1QiLCJ6aXAiOiJOT05FIiwiYWxnIjoiSFMyNTYifQ.eyJzdWIiOiIxMDkwNWYxZS0yNjA4LTRmOWMtODBkMi0zZmI0NTI0MTUyMmMiLCJjdHMiOiJPQVVUSDJfU1RBVEVMRVNTX0dSQU5UIiwiYXV0aF9sZXZlbCI6MCwiYXVkaXRUcmFja2luZ0lkIjoiNjE2ODE1NmEtNTFkOC00OTgwLTlkMTItZjllZWQ1ZDkzY2E3LTExMDE1NTgiLCJpc3MiOiJodHRwczovL3Bmend3LmF1ZGtlbm5pLmlzOjQ0My9zc28vb2F1dGgyL3JlYWxtcy9yb290L3JlYWxtcy9hdWRrZW5uaSIsInRva2VuTmFtZSI6ImFjY2Vzc190b2tlbiIsInRva2VuX3R5cGUiOiJCZWFyZXIiLCJhdXRoR3JhbnRJZCI6Ik15X3h1SDJRV3l6QnI3MjU0Mkhod251WHRXcyIsImF1ZCI6Im15QXBpQ2xpZW50SWQiLCJuYmYiOjE2MTEwNDU2MTMsImdyYW50X3R5cGUiOiJhdXRob3JpemF0aW9uX2NvZGUiLCJzY29wZSI6WyJzaWduYXR1cmUiLCJvcGVuaWQiLCJwcm9maWxlIl0sImF1dGhfdGltZSI6MTYxMTA0NTYwMywicmVhbG0iOiIvYXVka2VubmkiLCJleHAiOjE2MTEwNDkyMTMsImlhdCI6MTYxMTA0NTYxMywiZXhwaXJlc19pbiI6MzYwMCwianRpIjoiWXNXdVVCOWpRZ1Y4NWVnYXFpcmRCSmpfUV84In0.seN-_PTzuWj1JWDDBMJ1IMhJd5lWtO8DABU5gsjD3ag");
request.AddHeader("Cookie", "audssossolb=03; audsso=tnPGRz4kjKhRfL8B2jjxPCo0Wcc.*AAJTSQACMDIAAlNLABxPYmVUSDZPWlNrK2ptZWJ0NVJDWE9PUHhweXM9AAR0eXBlAANDVFMAAlMxAAIwMw..*");
IRestResponse response = client.Execute(request);
Console.WriteLine(response.Content); |
Step 6: Expected response
The answer from this call should give you a PKCS7 Signature. The same signature as is in the Id token from last step.
...
The REST API service answer is in JSON format.
Best practice
Best practice is to verify the signature and the certificate. Verify the user’s info in the answer against the info in the certificate.
The response should include following
signature (PKCS7)
documentNr (should be “na”)
certificate (should be “na”)
nationalRegisterId (The social id number of the user)
name (The users name)
sub (A unique Id of the user in our system)
subname (A unique Id of the user in our system)
Example of answer from step 6
| Code Block | ||
|---|---|---|
| ||
{
"signature": "MIIIdgYJKoZIhvcNAQcCoIIUZzCCCGMBAQExDTALBclghkgBZQMEAgEwXQYJMoZIhvcNAQcBoFAETgBBAHUAdABoAGUAbgB0AGkAYwBhAHQAaQBvAG4AIAB0AG8AIABBAHUA8ABrAGUAbgBuAGkAIAAtACAAQwBvAGQAZQA6ACAAMQAyADMANKCCBdYwggXSMIIEuqADAgECAgMfAWAwDQYJKoZIhvcNAQELBQAwfjELMAkGA1UEBhMCSVMxEzARBgNVBAUTCjUyMTAwMDI3OTAxFTATBgNVBAoTDEF1ZGtlbm5pIGhmLjEnMCUGA1UECxMeVXRnZWZhbmRpIGZ1bGxnaWxkcmEgc2tpbHJpa2phMRowGAYDVQQDExFGdWxsZ2lsdCBhdWRrZW5uaTAeFw0yMDA3MjcxMzQzMDNaFw0yNTA3MjcxMzQzMDFaMIGMMQswCQYDVQQGEwJJUzEWMBQGA1UECxMNZWlua2Fza2lscmlraTEUMBIGA1UECwwLQXXDsGtlbm5pbmcxFzAVBgNVBAsTDjIwMjAwNzI3MTM0MjA3MRMwEQYDVQQFEwoxNTA1NzE0NDg5MSEwHwYDVQQDDBhFaW5hciDDgXJzw6ZsbCBIcmFmbnNzb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5Ed3IdytmZcwifRteBz7cCW/skhoKaxQOva9MK2shitQfjolZCytUiNaQsI7+YmANqJyvcqqocZCgLu6PcsobC0L+drpmFdHsxSR3a4hfizMJz/pPX4M1/7xRB6XNjh4NF/LR+WM5Hp1B2z8eyTsE2pXSOoW7P8AFyEuPajEOg9lz1zgtWZhsaY+frHdOe+KHzhMQdNF134jAfFZNLV+22/un68CMzQ2kM454ZxSUY0diz7vyMpYiUVM4BFvCVCqepuwXGhOKPHCtLfkIzRRE/j3+od2uXsMU8m1ACkXoNaJiblJTl3h1IrI3rXEI6gj2LlhxQ8tMvFzDQMZQGdt3AgMBAAGjggJIMIICRDAMBgNVHRMBAf8EAjAAMHcGCCsGAQUFBwEBBGswaTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuYXVka2VubmkuaXMwQgYIKwYBBQUHMAKGNmh0dHA6Ly9jZHAuaXNsYW5kc3JvdC5pcy9za2lscmlraS9mdWxsZ2lsdGF1ZGtlbm5pLnA3YjCCAQ8GA1UdIASCAQYwggECMIH/BglggmABAgEBAQIwgfEwgbcGCCsGAQUFBwICMIGqGoGnVGhpcyBjZXJ0aWZpY2F0ZSBpcyBpbnRlbmRlZCBmb3IgYXV0aGVudGljYXRpb24uIFRoaXMgY2VydGZpY2F0ZSBmdWxmaWxzIHRoZSByZXF1aXJlbWVudHMgZm9yIGEgcXVhbGlmaWVkIGNlcnRpZmljYXRlIGFzIGRlZmluZWQgaW4gYWN0IDI4LzIwMDEgYW5kIERpcmVjdGl2ZSA5OS85My9FQy4wNQYIKwYBBQUHAgEWKWh0dHA6Ly9jcC5hdWRrZW5uaS5pcy9mdWxsZ2lsdGF1ZGtlbm5pL2NwMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDAjAfBgNVHSMEGDAWgBTCKT6G/4bE2jUfaaak/wGDPEozqTBDBgNVHR8EPDA6MDigNqA0hjJodHRwOi8vY3JsLmF1ZGtlbm5pLmlzL2Z1bGxnaWx0YXVka2VubmkvbGF0ZXN0LmNybDAdBgNVHQ4EFgQUfJU+pW25iGX5jDTEzQ2Z84RNAFcwDQYJKoZIhvcNAQELBQADggEBAKr7bekKlQU9/HdZF9e10xc2/w9WGc2S7BNFn6+h8YbN9p1AXSbkr5wp3WdFNHUBCg2VUlifQTWUmKqpvQVJmAsMtqFYQ5wRkSCvn5MB/sollEFJHZCWXmfccsHCOWdyBGH0/w6WgIVOJOYa89s1oQZoDr2k3LnL6fxZuRcLXU8WNAgcfPQnk1TNOvbeuFmWjhAyqVC22SRcmgP/mg6q+DUWT+AUqx4HSkIZrOSNSkyxAt+g312x3+ybBpWRh7CFGMBQG4wk9mxVh76SwooduYFzZO8ziIa0tMhmnQKEUcafPploR2OUYtTqIvaN/3DEUXO2nr+V1sKdU7lUGVzC0RUxggIUMIICEAIBATCBhTB+MQswCQYDVQQGEwJJUzETMBEGA1UEBRMKNTIxMDAwMjc5MDEVMBMGA1UEChMMQXVka2VubmkgaGYuMScwJQYDVQQLEx5VdGdlZmFuZGkgZnVsbGdpbGRyYSBza2lscmlramExGjAYBgNVBAMTEUZ1bGxnaWx0IGF1ZGtlbm5pAgMfAWAwCwYJYIZIAWUDBAIBoGUwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAYBgoqhkiG9w0BCRkDMQoECIxPDNfRvTiPMC8GCSqGSIb3DQEJBDEiBCBconuOcWdR375x6x9Rc1rzRnb5YwbDUwSDiPWin8tY8jALBgkqhkiG9w0BAQEEggEAU76bsrH+g8KSayst7lEbV0aBvd0l2CNtUaOpitNs+7xVL9+1wlnQ6MgqU2VUSstZ2x+oyynDt097+QNvvBfVA+8T7MgMqkK726agdWnposwY/K5d1zfxDoFQoV4RmWuQ5ETaTYO0mmVTLwy9uskPBdQuUMNpwmRv7jXeMjkUimMECZVaeRZb34FTkcGYTAQhIO+XVqPCFqSaxi0aNNOX9rPYHuxLhTGfr8FBg2BZPICDH4uJdlBrimeZU0vdBxWytOtSN5bpeoKePCbtKJXYlvN2siWxxbwaitJ6YyTHcieLbuc2BhNtv9OpMCvKqZdV4T972nnls7pOcXY4QvTRWQ==",
"documentNr": "na",
"certificate": "na",
"nationalRegisterId": "1406714889",
"name": "Einar Helgi Hrafnsson",
"sub": "10905f2e-2618-4f8c-80d2-3fb45241522c",
"subname": "10905f2e-2618-4f8c-80d2-3fb45241522c"
} |
...