Step by step instructions for service providers on how to communicate with our REST API for authentication using Auðkennis APP.
For all steps to be successful the following must be at hand.
Client Id (received from Auðkenni)
Client secret (received from Auðkenni)
Related party (not necessary)
Base URI (received from Auðkenni)
Redirect URI (Auðkenni receives from Service provider)
User’s Social Id number
Message text for user
Verification code
Code challenge
Code verifier
Client id: myApiClientId
Client secret: MyApiClientP4$sW
Base URI: pfzww.audkenni.is
Redirect URI: http://localhost:3000/callback
All code examples are generated using Postman. They are therefore only for demo.
To start the authentication process an empty POST call is sent to following URI:
https://pfzww.audkenni.is:443/sso/json/realms/root/realms/audkenni/authenticate?authIndexType=service&authIndexValue=api_v200
Notice the Query parameter “authIndexValue”. It’s value is to select the REST API version to use.
curl --location --request POST 'https://pfzww.audkenni.is:443/sso/json/realms/root/realms/audkenni/authenticate?authIndexType=service&authIndexValue=api_v200' \ --header 'Content-Type: application/json' \ --header 'Accept-API-Version: resource=2.0,protocol=1.0' \ --data-raw '{}' |
var client = new RestClient("https://pfzww.audkenni.is:443/sso/json/realms/root/realms/audkenni/authenticate?authIndexType=service&authIndexValue=api_v200"); client.Timeout = -1; var request = new RestRequest(Method.POST); request.AddHeader("Content-Type", "application/json"); request.AddHeader("Accept-API-Version", "resource=2.0,protocol=1.0"); request.AddParameter("application/json", "{}", ParameterType.RequestBody); IRestResponse response = client.Execute(request); Console.WriteLine(response.Content); |
The REST API service answer is in JSON format.
authId (to use in next step)
callbacks (they need to be “answered” in next step)
{ "authId": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhdXRoSW5kZXhWYWx1ZSI6ImFwaV92MTAwIiwib3RrIjoiNTY0djRwZnRrODFvM2RucmM2MnQ0bDVyNWoiLCJhdXRoSW5kZXhUeXBlIjoic2VydmljZSIsInJlYWxtIjoiL2F1ZGtlbm5pIiwic2Vzc2lvbklkIjoiKkFBSlRTUUFDTURJQUJIUjVjR1VBQ0VwWFZGOUJWVlJJQUFKVE1RQUNNRE0uKmV5SjBlWEFpT2lKS1YxUWlMQ0pqZEhraU9pSktWMVFpTENKaGJHY2lPaUpJVXpJMU5pSjkuWlhsS01HVllRV2xQYVVwTFZqRlJhVXhEU2paaFdFRnBUMmxLVDFRd05VWkphWGRwV2xjMWFrbHFiMmxSVkVWNVQwVk9RMUY1TVVsVmVra3hUbWxKYzBsdFJuTmFlVWsyU1cxU2NHTnBTamt1TG5Calh6ZHdTWGg2TWpaemJVUmxNVTFXTFhvNGVsRXViSEo2WjBSNE5uZEtUbU00WW01M1pWWkJaSFF4ZUZBdE4zRnNWbGs0Um5GamExOXJNMnRRYWtJNFdXSjBkV3REVkdaa1F6QnNMVFV0TjBwVmVITkRUM1ZYTjNwTlEweFFVMDVGVEd4QlVWZEVPRGhCU2tjNE5sUkxkVWhWTW14VGFHdFlURGxPUlVaeVIwWmpVbVp1VkZCU1NuUjFka2hwVUhnMmEzSmpiMkpYUzB0MVluRllZa1l4ZUdGNE0yaHljekEzZGtrNGMycE5UVnBJTlZSclNqTmlXakJoTTNKRVgxWm1hWGd3UTNZd1pVaFFVbGxXZVU5WU0xbEhZVFJ3WmtOcFRXMXVibVZOVUdoMFYxTXpOSGsxVUcxRlpXNVNUbTVHYTBaR05rOVNXR1l0UVd0WFEwaE5OVUpGV2xsUVduTlBZVkZ1TVdjNVNGbFVXWFZ3TURGZmJYcDZhMkZWVlhWdFdVVjZlRmhMYWxvMk56TldUWEJJYmxsTVpHOHRNRVE1VGt0QlJ6VnlTV3BHT1hOVVJVZEljUzFtY0V0aVQweHpZVVZPYWxORldISjJXV2xoU2tsRGFtNDRWRGh5ZFVKM1RWaFhUekJ0UkdsamFHMVdTbXB3VFRKT1NYRk9lVEpPVEZVdGJXVTBlRFpXTlRCNk5EWkdXVlZXY3pGaFpIWnVXR1Y1V0dGa2NqSnJabUZZUjJKTlYxbHNkSFJ1VGtSNWJtNHdURXhKTlRWVmVrOUpiWHByU2tkSFJUZDJWbUZQVTBaVlltNWZWSGRxY0hoVVFsVlNiVVYwYW1WWmQyTTFWRlZGYjFGNVZURnJXSEZTVGxGdk4wWmtSMUpIVkU1UlJHMVVUM2xvWm5GUGFGUmpVMTk0WlVkUWRYSTVWR0ZpYlhnMVV6QkJXRTlpT0RWb2FrcDZUM1pMU3kxa2NEbHlNV1ZKVjJRd2VrMVVURjg1YUcxTVJHbzJXRFF3U1hSQk1qWnRjVEJOVEdreFJtOHlZalpSYVdSNVNGbG1lRWR6TVhSbmNWWnhPVmRZU2xKbFZHUXpZbDlzUVRZNVRtcDVObGxNWmxwdmNFdG1TRGRaUlc5VllVUlhhMmQ1V2kxemMyZG5lbGQ2YUdSdWVFczFUbUkxZW1SWlVGaGhaMmQzVkRKalUyZ3hOV3hrU1VSTVVqTkdSMDkzYkhaM1FsYzBTbGgzV0RoR09EbHZTMEZxVkhaWE9VMVBWRmhmUW1kU1NXNHRWbGhFY25GR1oydFFRMkZZUlVabVdrWkVkMFU0WW1aQkxtRlNhRWh2TW1SNFJHOXZVR3BIYW5wRFpHWm5SM2MuZnl3eFVnQWhnQjJVNVA1UjVjNnduOVdORVB2Nm13akNNMzJmalhNc3d6SSIsImV4cCI6MTYxMDk2NjU1MywiaWF0IjoxNjEwOTY2MjUzfQ.OIuisFJ3LDA4WpKzDlfJMcu8tUgltFuyUCnto1WQzHo", "callbacks": [ { "type": "NameCallback", "output": [ { "name": "prompt", "value": "Sláðu inn clientId" } ], "input": [ { "name": "IDToken1", "value": "" } ], "_id": 0 }, { "type": "NameCallback", "output": [ { "name": "prompt", "value": "Sláðu inn Related Party" } ], "input": [ { "name": "IDToken2", "value": "" } ], "_id": 1 }, { "type": "NameCallback", "output": [ { "name": "prompt", "value": "Sláðu inn símanúmer eða kennitölu" } ], "input": [ { "name": "IDToken3", "value": "" } ], "_id": 2 }, { "type": "NameCallback", "output": [ { "name": "prompt", "value": "Sláðu inn skilaboð til notanda" } ], "input": [ { "name": "IDToken4", "value": "" } ], "_id": 3 }, { "type": "NameCallback", "output": [ { "name": "prompt", "value": "Nota vchoice (true eða false)" } ], "input": [ { "name": "IDToken5", "value": "" } ], "_id": 4 }, { "type": "NameCallback", "output": [ { "name": "prompt", "value": "Nota confirmMessage (true eða false)" } ], "input": [ { "name": "IDToken6", "value": "" } ], "_id": 5 }, { "type": "NameCallback", "output": [ { "name": "prompt", "value": "Sláðu inn Hash gildi" } ], "input": [ { "name": "IDToken7", "value": "" } ], "_id": 6 }, { "type": "ChoiceCallback", "output": [ { "name": "prompt", "value": "Veldu auðkenningarleið" }, { "name": "choices", "value": [ "sim", "card", "app" ] }, { "name": "defaultChoice", "value": 0 } ], "input": [ { "name": "IDToken8", "value": 0 } ], "_id": 7 } ] } |
To authenticate using Auðkennis APP another POST call is sent to following URI:
https://pfzww.audkenni.is:443/sso/json/realms/root/realms/audkenni/authenticate?authIndexType=service&authIndexValue=api_v200
There are 8 callbacks that needs to be answered in this call.
This callback need your Client Id as an input value (myApiClientId in this example)
{ "type": "NameCallback", "output": [ { "name": "prompt", "value": "Sláðu inn clientId" } ], "input": [ { "name": "IDToken1", "value": "myApiClientId" } ], "_id": 0 }, |
This callback is for a “related party” information. To use if you have a client of your own you are authenticating for (you are acting as Identity provider for your customer).
The input value of this callback may be left with empty string (““) as an answer.
In this example we set the value as “MyOwnClient”.
{ "type": "NameCallback", "output": [ { "name": "prompt", "value": "Sláðu inn Related Party" } ], "input": [ { "name": "IDToken2", "value": "MyOwnClient" } ], "_id": 1 }, |
This callback is for the Social Id number of the user authenticating. Here you put the Social Id number into the input value.
In this example we use the number “1234567890”.
{ "type": "NameCallback", "output": [ { "name": "prompt", "value": "Sláðu inn símanúmer eða kennitölu" } ], "input": [ { "name": "IDToken3", "value": "123456789" } ], "_id": 2 }, |
This callback is for the message sent to the user authenticating. A text message that is displayed in the users APP. Max length of this message string is 60 characters.
In this example we use the message: “Authentication to Auðkenni”
{ "type": "NameCallback", "output": [ { "name": "prompt", "value": "Sláðu inn skilaboð til notanda" } ], "input": [ { "name": "IDToken4", "value": "Authentication to Auðkenni" } ], "_id": 3 }, |
There are two different methods for verification code usage. One is to just display the verification code itself so the user can visually verify it. The other one is to display 3 different codes which the user has to select the correct one from. The latter method is more secure but not needed at all times.
To only display the correct verification code, set the input value to “false”.
To display three codes to select from, set the input value to “true”.
{ "type": "NameCallback", "output": [ { "name": "prompt", "value": "Nota vchoice (true eða false)" } ], "input": [ { "name": "IDToken5", "value": "false" } ], "_id": 4 }, |
Confirm message is a feature that, if set, will let the App prompt the user with a message window. The user will then need to confirm to continue authentication process. By using this option the max length of the message string displayed to the user gets from 60 characters up to 200 characters.
To use this option set input value to “true”.
{ "type": "NameCallback", "output": [ { "name": "prompt", "value": "Nota confirmMessage (true eða false)" } ], "input": [ { "name": "IDToken6", "value": "false" } ], "_id": 5 }, |
This callback is for a hash string value. This hash string is used to generate the verification code displayed in the users APP.
You’ll need to provide the hash string to use. That’s how you can calculate the verification code at your side to display at your website for your user to see.
The hash string should be of type SHA512. Click here to search for more info about SHA512.
The verification code is calculated by:
verification code = integer(SHA256(the hash)[-2:-1]) mod 10000
Calculate SHA256 from the hash, extract 2 rightmost bytes from the result, interpret them as a big-endian unsigned integer and take the last 4 digits in decimal form for display. SHA256 is always used here.
Please mind that hash is a real hash byte value, not the Base64 form or the hexadecimal representation.
In this example we have generated a hash string and calculated a verification code.
“Auðkenni APP Authentication”
n/kRNhXaZ2jFKv8KlQX7ydgedXUmVy8b2O4xNq2ZxHteG7wOvCa0Kg3rY1JLOrOBXYQm+z2FRVwIv47w8gUb5g==
4141
{ "type": "NameCallback", "output": [ { "name": "prompt", "value": "Sláðu inn Hash gildi" } ], "input": [ { "name": "IDToken7", "value": "n/kRNhXaZ2jFKv8KlQX7ydgedXUmVy8b2O4xNq2ZxHteG7wOvCa0Kg3rY1JLOrOBXYQm+z2FRVwIv47w8gUb5g==" } ], "_id": 6 }, |
This callback is for selecting authentication method. There are three options to select from: sim (0), card (1) and app (2).
Since we are authenticating using Auðkennis APP in this example, we set the input value to 2.
{ "type": "ChoiceCallback", "output": [ { "name": "prompt", "value": "Veldu auðkenningarleið" }, { "name": "choices", "value": [ "sim", "card", "app" ] }, { "name": "defaultChoice", "value": 0 } ], "input": [ { "name": "IDToken8", "value": 2 } ], "_id": 7 } |
{ "authId": "{{authId from last call answer}}", "callbacks": [ { "type": "NameCallback", "output": [ { "name": "prompt", "value": "Sláðu inn clientId" } ], "input": [ { "name": "IDToken1", "value": "myApiClientId" } ], "_id": 0 }, { "type": "NameCallback", "output": [ { "name": "prompt", "value": "Sláðu inn Related Party" } ], "input": [ { "name": "IDToken2", "value": "MyOwnClient" } ], "_id": 1 }, { "type": "NameCallback", "output": [ { "name": "prompt", "value": "Sláðu inn símanúmer eða kennitölu" } ], "input": [ { "name": "IDToken3", "value": "1234567890" } ], "_id": 2 }, { "type": "NameCallback", "output": [ { "name": "prompt", "value": "Sláðu inn skilaboð til notanda" } ], "input": [ { "name": "IDToken4", "value": "Authentication to Auðkenni" } ], "_id": 3 }, { "type": "NameCallback", "output": [ { "name": "prompt", "value": "Nota vchoice (true eða false)" } ], "input": [ { "name": "IDToken5", "value": "false" } ], "_id": 4 }, { "type": "NameCallback", "output": [ { "name": "prompt", "value": "Nota confirmMessage (true eða false)" } ], "input": [ { "name": "IDToken6", "value": "false" } ], "_id": 5 }, { "type": "NameCallback", "output": [ { "name": "prompt", "value": "Sláðu inn Hash gildi" } ], "input": [ { "name": "IDToken7", "value": "n/kRNhXaZ2jFKv8KlQX7ydgedXUmVy8b2O4xNq2ZxHteG7wOvCa0Kg3rY1JLOrOBXYQm+z2FRVwIv47w8gUb5g==" } ], "_id": 6 }, { "type": "ChoiceCallback", "output": [ { "name": "prompt", "value": "Veldu auðkenningarleið" }, { "name": "choices", "value": [ "sim", "card", "app" ] }, { "name": "defaultChoice", "value": 0 } ], "input": [ { "name": "IDToken8", "value": 2 } ], "_id": 7 } ] } |
curl --location --request POST 'https://pfzww.audkenni.is:443/sso/json/realms/root/realms/audkenni/authenticate?authIndexType=service&authIndexValue=api_v200' \ --header 'Content-Type: application/json' \ --header 'Accept-API-Version: resource=2.0,protocol=1.0' \ --header 'Cookie: audssossolb=03' \ --data-raw '{ "authId": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhdXRoSW5kZXhWYWx1ZSI6ImFwaV92MTAwIiwib3RrIjoiNGIxM2R2aDZyZTN0bjluOXU3Z2ptam82ZnUiLCJhdXRoSW5kZXhUeXBlIjoic2VydmljZSIsInJlYWxtIjoiL2F1ZGtlbm5pIiwic2Vzc2lvbklkIjoiKkFBSlRTUUFDTURJQUJIUjVjR1VBQ0VwWFZGOUJWVlJJQUFKVE1RQUNNRE0uKmV5SjBlWEFpT2lKS1YxUWlMQ0pqZEhraU9pSktWMVFpTENKaGJHY2lPaUpJVXpJMU5pSjkuWlhsS01HVllRV2xQYVVwTFZqRlJhVXhEU2paaFdFRnBUMmxLVDFRd05VWkphWGRwV2xjMWFrbHFiMmxSVkVWNVQwVk9RMUY1TVVsVmVra3hUbWxKYzBsdFJuTmFlVWsyU1cxU2NHTnBTamt1TGpkRWNWVnRlV3hXYVZwdlJXNTVPSGhSYTBOeFMyY3VjWFphTlY5eldrcDFkMU51YzFKSk9HNXBOMFE0WkVWeU5FaDZNMWROU2kxc1lVVnZkV2RKYVVaSGNWbGZhbnBQTTFaMGRFMW1OVEkzUzFCT1QyaHRVMTlCWmpjNGNGUmtWRmQwTlVad2VUSnZPVVJ4V21kc2VtVjJSa0ZWU1c1YU5sbzRhMjlaYTI5blkwRlpTbm8zUjBkUlNGRXhYMTlWZWsxVFZYRldhRUZTYUdOQ2FWUnNYMTlhTW14bFpWZHpVRGgxTTNsU2VtUk5ZVTlQTkZWU1l6UlVTVlJXYkZoa1lURnljamxyUlZOVWNtdEJaMloyTUVjek1tWm9SakowWjNKNk9FMDBjMjAxUkhCNlZVVXhNMUpVZG1keFpHWXhRVmRsT1VSTlFVZDRlR2xpTFdSbVVFdFJhMXA0U21KNlRrSm5WWFZqUW5sdVYyOTNkblZwT1hsb01UTndaMmxSWVZwNGFrRmpVbWQzUjI5U2QxcHFVRzgxUzJKVmF6QkdTVkJXVlRsMlNrNVFjSEZVTUd0Q1JtaDVWRXRKWld4elZIQkNORkpOZDJaMmNXZzRZbGxMZDBjeVFqQnViSFJZWTNoU2JHZGlNMko1UnpGZlFrNU9RMkpaZEVaalJtRXpVM1pQVFdVM1JuVTJlbmRpVERSQlRXaHpOMUZ2TmpkalEydzFWRk56WTB0WVNqaHBNRFI2YTJrNFIxRmlNSHBIVldWUk1YWkJTVkJGVVd4T1dsTmxVVkZYZFd4Qk4yd3hTMlpvUjNFMFVrZGFUR2h6U1d0UFIzazFkVE5JYjJSUlkxOVZlSEJ3VFRCR1NWcDJiR2hZZVZOc1NDMU9jbkJzZGpJMmJUVkxPRkZZUW0wdFprVnVhRkJzWlZKMVdGWmhVVGgyY1hOek9WcEVjVGxUYVhKVE9GWkJOMlJQZG5sRlYwVTFZMWxyTWxsd1FsaHJRVjlIYVV4dlN6ZDFkMlpRV1VnNVJ6bFBVRjl1YkdKdk5qbFZlblpuT1hNeVZ6Y3lWM2RFUlhGcWQxQmllblZPT1hKNmVHdDFibE5VZG5WalZsOVpZME14VDNNd2VUQndOV0Z6VkhWS1ptRkxVbDlpVVhKdVRVeEtVMDgyTUVSRllYRnpTMTk2VDA1alVsUjJNMWhuYUVaalJWbEVNak5uY25kTU9ETmFOWEJFZVRjNE5rTmtjVTlKVkZObmRXUmpTVWMwUkVWMFVqZHpibFZQZGtGMGJVTkJhV1Z3ZEV4c1VITlhPV2swYUV4Nk1YY3hZVkV6U1dOQkxqVk5WRzFpV2xaTFlqUlFVM1JsVFRoa2FEQlBRVUUuSjcxMVcweXRiVnVKZUpJMXFRNl9keTlUM0hvcTFST2RnNERVcUlXdUI0YyIsImV4cCI6MTYxMTA1NjA2OSwiaWF0IjoxNjExMDU1NzY5fQ.u2__M6JpolKkkNCEmclYfzmrIzD9NQV93YF6Se-q7xs", "callbacks": [ { "type": "NameCallback", "output": [ { "name": "prompt", "value": "Sláðu inn clientId" } ], "input": [ { "name": "IDToken1", "value": "myApiClientId" } ], "_id": 0 }, { "type": "NameCallback", "output": [ { "name": "prompt", "value": "Sláðu inn Related Party" } ], "input": [ { "name": "IDToken2", "value": "MyOwnClient" } ], "_id": 1 }, { "type": "NameCallback", "output": [ { "name": "prompt", "value": "Sláðu inn símanúmer eða kennitölu" } ], "input": [ { "name": "IDToken3", "value": "123456789" } ], "_id": 2 }, { "type": "NameCallback", "output": [ { "name": "prompt", "value": "Sláðu inn skilaboð til notanda" } ], "input": [ { "name": "IDToken4", "value": "Authentication to Auðkenni" } ], "_id": 3 }, { "type": "NameCallback", "output": [ { "name": "prompt", "value": "Nota vchoice (true eða false)" } ], "input": [ { "name": "IDToken5", "value": "false" } ], "_id": 4 }, { "type": "NameCallback", "output": [ { "name": "prompt", "value": "Nota confirmMessage (true eða false)" } ], "input": [ { "name": "IDToken6", "value": "false" } ], "_id": 5 }, { "type": "NameCallback", "output": [ { "name": "prompt", "value": "Sláðu inn Hash gildi" } ], "input": [ { "name": "IDToken7", "value": "n/kRNhXaZ2jFKv8KlQX7ydgedXUmVy8b2O4xNq2ZxHteG7wOvCa0Kg3rY1JLOrOBXYQm+z2FRVwIv47w8gUb5g==" } ], "_id": 6 }, { "type": "ChoiceCallback", "output": [ { "name": "prompt", "value": "Veldu auðkenningarleið" }, { "name": "choices", "value": [ "sim", "card", "app" ] }, { "name": "defaultChoice", "value": 0 } ], "input": [ { "name": "IDToken8", "value": 2 } ], "_id": 7 } ] }' |
var client = new RestClient("https://pfzww.audkenni.is:443/sso/json/realms/root/realms/audkenni/authenticate?authIndexType=service&authIndexValue=api_v200"); client.Timeout = -1; var request = new RestRequest(Method.POST); request.AddHeader("Content-Type", "application/json"); request.AddHeader("Accept-API-Version", "resource=2.0,protocol=1.0"); request.AddHeader("Cookie", "audssossolb=03"); request.AddParameter("application/json", "{\n \"authId\": \"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhdXRoSW5kZXhWYWx1ZSI6ImFwaV92MTAwIiwib3RrIjoiNGIxM2R2aDZyZTN0bjluOXU3Z2ptam82ZnUiLCJhdXRoSW5kZXhUeXBlIjoic2VydmljZSIsInJlYWxtIjoiL2F1ZGtlbm5pIiwic2Vzc2lvbklkIjoiKkFBSlRTUUFDTURJQUJIUjVjR1VBQ0VwWFZGOUJWVlJJQUFKVE1RQUNNRE0uKmV5SjBlWEFpT2lKS1YxUWlMQ0pqZEhraU9pSktWMVFpTENKaGJHY2lPaUpJVXpJMU5pSjkuWlhsS01HVllRV2xQYVVwTFZqRlJhVXhEU2paaFdFRnBUMmxLVDFRd05VWkphWGRwV2xjMWFrbHFiMmxSVkVWNVQwVk9RMUY1TVVsVmVra3hUbWxKYzBsdFJuTmFlVWsyU1cxU2NHTnBTamt1TGpkRWNWVnRlV3hXYVZwdlJXNTVPSGhSYTBOeFMyY3VjWFphTlY5eldrcDFkMU51YzFKSk9HNXBOMFE0WkVWeU5FaDZNMWROU2kxc1lVVnZkV2RKYVVaSGNWbGZhbnBQTTFaMGRFMW1OVEkzUzFCT1QyaHRVMTlCWmpjNGNGUmtWRmQwTlVad2VUSnZPVVJ4V21kc2VtVjJSa0ZWU1c1YU5sbzRhMjlaYTI5blkwRlpTbm8zUjBkUlNGRXhYMTlWZWsxVFZYRldhRUZTYUdOQ2FWUnNYMTlhTW14bFpWZHpVRGgxTTNsU2VtUk5ZVTlQTkZWU1l6UlVTVlJXYkZoa1lURnljamxyUlZOVWNtdEJaMloyTUVjek1tWm9SakowWjNKNk9FMDBjMjAxUkhCNlZVVXhNMUpVZG1keFpHWXhRVmRsT1VSTlFVZDRlR2xpTFdSbVVFdFJhMXA0U21KNlRrSm5WWFZqUW5sdVYyOTNkblZwT1hsb01UTndaMmxSWVZwNGFrRmpVbWQzUjI5U2QxcHFVRzgxUzJKVmF6QkdTVkJXVlRsMlNrNVFjSEZVTUd0Q1JtaDVWRXRKWld4elZIQkNORkpOZDJaMmNXZzRZbGxMZDBjeVFqQnViSFJZWTNoU2JHZGlNMko1UnpGZlFrNU9RMkpaZEVaalJtRXpVM1pQVFdVM1JuVTJlbmRpVERSQlRXaHpOMUZ2TmpkalEydzFWRk56WTB0WVNqaHBNRFI2YTJrNFIxRmlNSHBIVldWUk1YWkJTVkJGVVd4T1dsTmxVVkZYZFd4Qk4yd3hTMlpvUjNFMFVrZGFUR2h6U1d0UFIzazFkVE5JYjJSUlkxOVZlSEJ3VFRCR1NWcDJiR2hZZVZOc1NDMU9jbkJzZGpJMmJUVkxPRkZZUW0wdFprVnVhRkJzWlZKMVdGWmhVVGgyY1hOek9WcEVjVGxUYVhKVE9GWkJOMlJQZG5sRlYwVTFZMWxyTWxsd1FsaHJRVjlIYVV4dlN6ZDFkMlpRV1VnNVJ6bFBVRjl1YkdKdk5qbFZlblpuT1hNeVZ6Y3lWM2RFUlhGcWQxQmllblZPT1hKNmVHdDFibE5VZG5WalZsOVpZME14VDNNd2VUQndOV0Z6VkhWS1ptRkxVbDlpVVhKdVRVeEtVMDgyTUVSRllYRnpTMTk2VDA1alVsUjJNMWhuYUVaalJWbEVNak5uY25kTU9ETmFOWEJFZVRjNE5rTmtjVTlKVkZObmRXUmpTVWMwUkVWMFVqZHpibFZQZGtGMGJVTkJhV1Z3ZEV4c1VITlhPV2swYUV4Nk1YY3hZVkV6U1dOQkxqVk5WRzFpV2xaTFlqUlFVM1JsVFRoa2FEQlBRVUUuSjcxMVcweXRiVnVKZUpJMXFRNl9keTlUM0hvcTFST2RnNERVcUlXdUI0YyIsImV4cCI6MTYxMTA1NjA2OSwiaWF0IjoxNjExMDU1NzY5fQ.u2__M6JpolKkkNCEmclYfzmrIzD9NQV93YF6Se-q7xs\",\n \"callbacks\": [\n {\n \"type\": \"NameCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"Sláðu inn clientId\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken1\",\n \"value\": \"myApiClientId\"\n }\n ],\n \"_id\": 0\n },\n {\n \"type\": \"NameCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"Sláðu inn Related Party\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken2\",\n \"value\": \"MyOwnClient\"\n }\n ],\n \"_id\": 1\n }, \n {\n \"type\": \"NameCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"Sláðu inn símanúmer eða kennitölu\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken3\",\n \"value\": \"123456789\"\n }\n ],\n \"_id\": 2\n },\n {\n \"type\": \"NameCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"Sláðu inn skilaboð til notanda\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken4\",\n \"value\": \"Authentication to Auðkenni\"\n }\n ],\n \"_id\": 3\n },\n {\n \"type\": \"NameCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"Nota vchoice (true eða false)\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken5\",\n \"value\": \"false\"\n }\n ],\n \"_id\": 4\n },\n {\n \"type\": \"NameCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"Nota confirmMessage (true eða false)\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken6\",\n \"value\": \"false\"\n }\n ],\n \"_id\": 5\n },\n {\n \"type\": \"NameCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"Sláðu inn Hash gildi\"\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken7\",\n \"value\": \"n/kRNhXaZ2jFKv8KlQX7ydgedXUmVy8b2O4xNq2ZxHteG7wOvCa0Kg3rY1JLOrOBXYQm+z2FRVwIv47w8gUb5g==\"\n }\n ],\n \"_id\": 6\n }, \n {\n \"type\": \"ChoiceCallback\",\n \"output\": [\n {\n \"name\": \"prompt\",\n \"value\": \"Veldu auðkenningarleið\"\n },\n {\n \"name\": \"choices\",\n \"value\": [\n \"sim\",\n \"card\",\n \"app\"\n ]\n },\n {\n \"name\": \"defaultChoice\",\n \"value\": 0\n }\n ],\n \"input\": [\n {\n \"name\": \"IDToken8\",\n \"value\": 2\n }\n ],\n \"_id\": 7\n }\n ]\n}", ParameterType.RequestBody); IRestResponse response = client.Execute(request); Console.WriteLine(response.Content); |
The REST API service answer is in JSON format.
When Step 2 is executed the authentication process at the users device starts.
authId (to use in next step)
callbacks (with waitTime and message)
{ "authId": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhdXRoSW5kZXhWYWx1ZSI6ImFwaV92MTAwIiwib3RrIjoianVuYm1qbGV2dG1lNWg3YjFnZ2tlN3ViNTciLCJhdXRoSW5kZXhUeXBlIjoic2VydmljZSIsInJlYWxtIjoiL2F1ZGtlbm5pIiwic2Vzc2lvbklkIjoiKkFBSlRTUUFDTURJQUJIUjVjR1VBQ0VwWFZGOUJWVlJJQUFKVE1RQUNNRE0uKmV5SjBlWEFpT2lKS1YxUWlMQ0pqZEhraU9pSktWMVFpTENKaGJHY2lPaUpJVXpJMU5pSjkuWlhsS01HVllRV2xQYVVwTFZqRlJhVXhEU2paaFdFRnBUMmxLVDFRd05VWkphWGRwV2xjMWFrbHFiMmxSVkVWNVQwVk9RMUY1TVVsVmVra3hUbWxKYzBsdFJuTmFlVWsyU1cxU2NHTnBTamt1TGpsR1F6bExNM2h6UmpGMlpGWnRNRXg2YjBoTGQyY3VXRlV6YlhkWFRYb3lTeTFDYmpSelJtVmxVSEZ1UVROdVdIQk9jR2hhUTA5aFRETjFkbk5GVURZelREY3RaVzlIVVdodVVXOVRYMmxuTTFod04yaEVORlk0Y1VoSk5qVjNUbTlJUkZwNFpFNVlZMjFITTJoaFdEUlJkemRFWVRjM1lsTXpZVE0yUXpnM01rSldRbEpPV0Y5SU1HWkVPRVU0YUdoblZIVmpWVjlzUmxaRFQzWTNURWxWTldwdmVuUm9ia2Q0UkRsU2RteHBabWh1Wm5sMVVEY3lkVE4zTFZJMmFTMU9SbVJDVEdGc1lYQnhOV3BrVUhoTFNGUmpVMWhDYUc5bkxXVmFUMnhRUm5FMFdXNUVSbU5QVTFjemJFMUVTRkJCZFRodE1IQldibm95VEhCM2RuRmhhVTFRZFhocU0xUmxUbDh6UWxKMlNtMTZiM0EyY0c5Rk1uVkVhVmMxY25kRVprdGxhVWhuTFVGSFdsZFphVzk1U2xKeU5WOUdUWEJxUTNOaVVtWlRSSGR2VG14eWJsOXJNMHM0YkhSWk9XZGZaMUJhTkVsdWRHcE5PVUZ2VjFCUldUSkZkRUpqWWtsTU5TMDBUMDVNVjJsS2RWWXhjMk4wVW1nMGExTjRRbXMxZG5WRVRWTXhUR2xVYUdsU1NYaENjRmw0VGtwb1RGcFdka0V0ZVVKaVRVZE5RVVU0UkhWalIzQnpZelJsZVVsdk1UaHhUbXM1ZEhKMFRIaFZaa1o0VkdoR05GOWpTMFV0ZEZOVFRHZGliVVpTY0ZjeGFVUnpibHBpTWpKV1dFMXZUMmN6YlhWdmMyMXRhRE5WWm1JMk1FTnRkV3BpU1hVMWNYbFdSWGhuTW1OYVZYcGtVRzFUTW5oR1RUWlNhMDlFVTJ0ZlNrdzBkRk5pWVdOTVoyNXhVVlJGY2tsTVZVRjVPVEV4YXpseldXMWxXV3RuUkhoWlVIbzFZV2RRU0d0QlJYSlFlRVpYVDBzNFlqQXpMVUYxVW01aVJrRkNTbGQ0VjNCV1RWSnVWVXQ1U0dacVpYWmlWRGsyYlRGTk9GUTNlSEZSTURSRGEzSmhjbmhRVFd0c2FVSmtjMFJ0YTNveE1GbGZRMGh4TjFwT1VXbFBTR2hEUTBadFIycHBlbGxNWWpWYVptVkJRM1JhVXpVM1JpMUVaRFJJVlRKWVdURlJObXRCY2tacU4ydDNVbGMwV2s0NFNHbE5Ua2hRY3pSUWRESXRTakZ3UmkxWWNtUnphbFJmWkhFNWFrSlVlbFJ2T0VGZmEyWlNkV0pVT0Zsc2NGRldlV2czTUhsNmMycHNVbk10TTJwVk5HOWtaRzlWZDB4NVEySXhlVzF0VTJKMVlqaEJObWN0TkU5aExYZ3hRbG95Y0ZoMVlsTnJYMUpXZUU1bWJGSjJOMU5MT1VsdlZFRTJhRzlTZVhVNGNHRXpjV1Z1UVhndE1YbEdiM3BYZW5scWNWRnFNMDlIU21OaE9HcERZazVIZDBrNVgxbHJSWGxaUWpkZlZXSnJkMmQyVUMxb2ExOTZhbWhuUlVjNFZsQnBUamgwT1V0ak4wTlVVbk5FZUdoVU9GRjVXRU4zVTFaRVYxaGtjbmd0V25sSFRtaHFZbW94WkRGQ0xYRjVlRFZDYTNBelN6QnFUVEZWV0hWVVR6VnlSMUkwU2kxVk1ua3RYMFp3WkZaVFZ6bFJZMDVHY0RGQ1VWaDJjVlI2TlZNM1JXVlVOVmxmUVVsRFJFUmlVbmx5VlZFeFJERlVkMmhWVVY5dk5VVkJaRFF0V1dkQmNUWTRaVlJRV1Vkd1luUnViak5WUlZWb055MVVhVTlTU1hZd2ExcFpWelF3Y0dWdVQzSlZNRGhGVDFCQ2RqZHlPSGhMY21obU5EUXdWbEk0U0ZCM1R6Uk5UM0JUVms5YU1HOXNjemxqYURkeVptVmpSVFpuY0VOb1Ftd3RiR3A1UVZOU1RWbEtSRXRQZVVsaWJUWjRkVVZ2YlU1NlIzTklSVUZJWmtoTE9IRjBZa2MzVGpCTGQyZERiR00xV0dFemQwczFaWEJQZFdwVFNUUnlRa1ZaZVdkaVgyNUZTVXN3Tm1RNFFqQlVXVEJRZHpSSFJuQnZaVXBVT0VoMUxVdEtjVVZGWlhwNFdYRkZaRE5YWjJkRVFscEtSbFZFWDFJdFNXNXdlRWd5ZGt4SVUya3liMlJNTFhZdFJITkRWR05QTkRoME4xZ3pRMmxsVm1OaFJIUmpPVWRxUkdGTVNrUnBPVEpZU1dWeE5XUlZNVWhYUmw5WmVHZHpNbHB5Vm01cmFtdElOMjVXVEhsU1YxZFNXVVZWTkdJdFgzSnVUM2ROWkhadGRVZDRZVXczUlRGaVduQmpYMDlzV2pCcVdqaFdjWFpoUkZkVlVFSnlWSFF6YUROVVpqZG5RVU5FZG5Zd2RrSXlVSGRtTW1oVmJFZHZXaTEzZGsxdlgwRkNZVFExVTJOdk5tZGpPSGxUYzNGQ1ZsaHJOakIxVERReVRuWTVhVjlGYzJsVE9VcFJOMlZNU3pKZmFISTJNbmxmYkU5RE9XMHlVbVprVDFOa2JqWmxWakJ0YkRoblIzUkxkbWN3ZEVOaVdFbHRTMVEwZUdobFoyMXpjVWszZG1WRU9UTk1YM00zWkhkeE16UlBUblZPUVU4NGVtOXlOR2wzWkUxUk56Sm5lRGRsVjBsMFNtaG5NMWhIVm1adFpsb3RlVEZQYUdsSVFYQnJXRlYxVmpSVFVEbFhSa1ZqVWpoeE9XNVJVWHBNV2xOYVIzQlZWRlpmWWpKR09WaDVaM0poTUZoRFJsaHRVRmxqTm1GV2VXUnlOMGhDVWpCNGVtMXpMWFpCY1hOUlVXbFFZMHR6VG0xemJFRmpNWGx6VUVseldtNUZSa1ZaVUZKTWJqSlJOWG96Y1c1ak0xQXdVakpoZFRGWGJ6SmtVa3Q1T1RkQ01sTkZVVEprTWxCMldqVnNUVXBOUWtGTmJXbHpSamR0UjA0NWNtMWtSbFZ3UWpCdkxscDJWMGhvT1VOQlZWWTFUbFUyZDBGck5Ia3RNMUUuRExXb2xEUTlZd0NCcHpUcWlnTGFUc2VmT1d1ZGRPVmhseEVzaGdUcFlwUSIsImV4cCI6MTYxMDk3MDI4NywiaWF0IjoxNjEwOTY5OTg3fQ.WU2_QuIHjjynobUuhC-gix6PMyWmOcuLulAdyIu7U2o", "callbacks": [ { "type": "PollingWaitCallback", "output": [ { "name": "waitTime", "value": "5000" }, { "name": "message", "value": "templates.user.LoginTemplate.pollingwaitmessage" } ] } ] } |
After executing Step 2 the authentication process at the users device starts. It depends on the user, the device and the network how long time this process takes.
In this step we poll for results from the authentication process. When authentication process is finished successfully you will receive answer with a tokenId which will in next step allow you get the Authentication Code. The tokenId is your login session token.
To poll for results we send yet another POST call to following URI:
https://pfzww.audkenni.is:443/sso/json/realms/root/realms/audkenni/authenticate
This call need a JSON body sent with it, including two objects
authId (from last answer)
PollingWaitCallback (from last answer)
curl --location --request POST 'https://pfzww.audkenni.is:443/sso/json/realms/root/realms/audkenni/authenticate' \ --header 'Content-Type: application/json' \ --header 'Accept-API-Version: resource=2.0,protocol=1.0' \ --header 'Cookie: audssossolb=03; audsso=UgT8UelNnFKc-Wm0GvQzDpwu0Ag.*AAJTSQACMDIAAlNLABwxQ1M5QVVlTFFxaXVCZWFTMkxXajhHV2JMWTg9AAR0eXBlAANDVFMAAlMxAAIwMw..*' \ --data-raw '{ "authId": "null", "callbacks": [ { "type": "PollingWaitCallback", "output": [ { "name": "waitTime", "value": "5000" }, { "name": "message", "value": "templates.user.LoginTemplate.pollingwaitmessage" } ] } ] }' |
var client = new RestClient("https://pfzww.audkenni.is:443/sso/json/realms/root/realms/audkenni/authenticate"); client.Timeout = -1; var request = new RestRequest(Method.POST); request.AddHeader("Content-Type", "application/json"); request.AddHeader("Accept-API-Version", "resource=2.0,protocol=1.0"); request.AddHeader("Cookie", "audssossolb=03; audsso=UgT8UelNnFKc-Wm0GvQzDpwu0Ag.*AAJTSQACMDIAAlNLABwxQ1M5QVVlTFFxaXVCZWFTMkxXajhHV2JMWTg9AAR0eXBlAANDVFMAAlMxAAIwMw..*"); request.AddParameter("application/json", "{\n \"authId\": \"null\",\n \"callbacks\": [\n {\n \"type\": \"PollingWaitCallback\",\n \"output\": [\n {\n \"name\": \"waitTime\",\n \"value\": \"5000\"\n },\n {\n \"name\": \"message\",\n \"value\": \"templates.user.LoginTemplate.pollingwaitmessage\"\n }\n ]\n }\n ]\n}", ParameterType.RequestBody); IRestResponse response = client.Execute(request); Console.WriteLine(response.Content); |
If you run the poll call before the user authentication process is finished you will receive a similar answer as in Step 2.
The REST API service answer is in JSON format.
If you get answer like this you need to wait for short time and run Step 3 call again, using the authId from the last response. Each time you receive a new “waiting” answer you also receive a new authId to use next time.
authId (to use in next step)
callbacks (with waitTime and message)
{ "authId": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhdXRoSW5kZXhWYWx1ZSI6ImFwaV92MTAwIiwib3RrIjoianVuYm1qbGV2dG1lNWg3YjFnZ2tlN3ViNTciLCJhdXRoSW5kZXhUeXBlIjoic2VydmljZSIsInJlYWxtIjoiL2F1ZGtlbm5pIiwic2Vzc2lvbklkIjoiKkFBSlRTUUFDTURJQUJIUjVjR1VBQ0VwWFZGOUJWVlJJQUFKVE1RQUNNRE0uKmV5SjBlWEFpT2lKS1YxUWlMQ0pqZEhraU9pSktWMVFpTENKaGJHY2lPaUpJVXpJMU5pSjkuWlhsS01HVllRV2xQYVVwTFZqRlJhVXhEU2paaFdFRnBUMmxLVDFRd05VWkphWGRwV2xjMWFrbHFiMmxSVkVWNVQwVk9RMUY1TVVsVmVra3hUbWxKYzBsdFJuTmFlVWsyU1cxU2NHTnBTamt1TGpsR1F6bExNM2h6UmpGMlpGWnRNRXg2YjBoTGQyY3VXRlV6YlhkWFRYb3lTeTFDYmpSelJtVmxVSEZ1UVROdVdIQk9jR2hhUTA5aFRETjFkbk5GVURZelREY3RaVzlIVVdodVVXOVRYMmxuTTFod04yaEVORlk0Y1VoSk5qVjNUbTlJUkZwNFpFNVlZMjFITTJoaFdEUlJkemRFWVRjM1lsTXpZVE0yUXpnM01rSldRbEpPV0Y5SU1HWkVPRVU0YUdoblZIVmpWVjlzUmxaRFQzWTNURWxWTldwdmVuUm9ia2Q0UkRsU2RteHBabWh1Wm5sMVVEY3lkVE4zTFZJMmFTMU9SbVJDVEdGc1lYQnhOV3BrVUhoTFNGUmpVMWhDYUc5bkxXVmFUMnhRUm5FMFdXNUVSbU5QVTFjemJFMUVTRkJCZFRodE1IQldibm95VEhCM2RuRmhhVTFRZFhocU0xUmxUbDh6UWxKMlNtMTZiM0EyY0c5Rk1uVkVhVmMxY25kRVprdGxhVWhuTFVGSFdsZFphVzk1U2xKeU5WOUdUWEJxUTNOaVVtWlRSSGR2VG14eWJsOXJNMHM0YkhSWk9XZGZaMUJhTkVsdWRHcE5PVUZ2VjFCUldUSkZkRUpqWWtsTU5TMDBUMDVNVjJsS2RWWXhjMk4wVW1nMGExTjRRbXMxZG5WRVRWTXhUR2xVYUdsU1NYaENjRmw0VGtwb1RGcFdka0V0ZVVKaVRVZE5RVVU0UkhWalIzQnpZelJsZVVsdk1UaHhUbXM1ZEhKMFRIaFZaa1o0VkdoR05GOWpTMFV0ZEZOVFRHZGliVVpTY0ZjeGFVUnpibHBpTWpKV1dFMXZUMmN6YlhWdmMyMXRhRE5WWm1JMk1FTnRkV3BpU1hVMWNYbFdSWGhuTW1OYVZYcGtVRzFUTW5oR1RUWlNhMDlFVTJ0ZlNrdzBkRk5pWVdOTVoyNXhVVlJGY2tsTVZVRjVPVEV4YXpseldXMWxXV3RuUkhoWlVIbzFZV2RRU0d0QlJYSlFlRVpYVDBzNFlqQXpMVUYxVW01aVJrRkNTbGQ0VjNCV1RWSnVWVXQ1U0dacVpYWmlWRGsyYlRGTk9GUTNlSEZSTURSRGEzSmhjbmhRVFd0c2FVSmtjMFJ0YTNveE1GbGZRMGh4TjFwT1VXbFBTR2hEUTBadFIycHBlbGxNWWpWYVptVkJRM1JhVXpVM1JpMUVaRFJJVlRKWVdURlJObXRCY2tacU4ydDNVbGMwV2s0NFNHbE5Ua2hRY3pSUWRESXRTakZ3UmkxWWNtUnphbFJmWkhFNWFrSlVlbFJ2T0VGZmEyWlNkV0pVT0Zsc2NGRldlV2czTUhsNmMycHNVbk10TTJwVk5HOWtaRzlWZDB4NVEySXhlVzF0VTJKMVlqaEJObWN0TkU5aExYZ3hRbG95Y0ZoMVlsTnJYMUpXZUU1bWJGSjJOMU5MT1VsdlZFRTJhRzlTZVhVNGNHRXpjV1Z1UVhndE1YbEdiM3BYZW5scWNWRnFNMDlIU21OaE9HcERZazVIZDBrNVgxbHJSWGxaUWpkZlZXSnJkMmQyVUMxb2ExOTZhbWhuUlVjNFZsQnBUamgwT1V0ak4wTlVVbk5FZUdoVU9GRjVXRU4zVTFaRVYxaGtjbmd0V25sSFRtaHFZbW94WkRGQ0xYRjVlRFZDYTNBelN6QnFUVEZWV0hWVVR6VnlSMUkwU2kxVk1ua3RYMFp3WkZaVFZ6bFJZMDVHY0RGQ1VWaDJjVlI2TlZNM1JXVlVOVmxmUVVsRFJFUmlVbmx5VlZFeFJERlVkMmhWVVY5dk5VVkJaRFF0V1dkQmNUWTRaVlJRV1Vkd1luUnViak5WUlZWb055MVVhVTlTU1hZd2ExcFpWelF3Y0dWdVQzSlZNRGhGVDFCQ2RqZHlPSGhMY21obU5EUXdWbEk0U0ZCM1R6Uk5UM0JUVms5YU1HOXNjemxqYURkeVptVmpSVFpuY0VOb1Ftd3RiR3A1UVZOU1RWbEtSRXRQZVVsaWJUWjRkVVZ2YlU1NlIzTklSVUZJWmtoTE9IRjBZa2MzVGpCTGQyZERiR00xV0dFemQwczFaWEJQZFdwVFNUUnlRa1ZaZVdkaVgyNUZTVXN3Tm1RNFFqQlVXVEJRZHpSSFJuQnZaVXBVT0VoMUxVdEtjVVZGWlhwNFdYRkZaRE5YWjJkRVFscEtSbFZFWDFJdFNXNXdlRWd5ZGt4SVUya3liMlJNTFhZdFJITkRWR05QTkRoME4xZ3pRMmxsVm1OaFJIUmpPVWRxUkdGTVNrUnBPVEpZU1dWeE5XUlZNVWhYUmw5WmVHZHpNbHB5Vm01cmFtdElOMjVXVEhsU1YxZFNXVVZWTkdJdFgzSnVUM2ROWkhadGRVZDRZVXczUlRGaVduQmpYMDlzV2pCcVdqaFdjWFpoUkZkVlVFSnlWSFF6YUROVVpqZG5RVU5FZG5Zd2RrSXlVSGRtTW1oVmJFZHZXaTEzZGsxdlgwRkNZVFExVTJOdk5tZGpPSGxUYzNGQ1ZsaHJOakIxVERReVRuWTVhVjlGYzJsVE9VcFJOMlZNU3pKZmFISTJNbmxmYkU5RE9XMHlVbVprVDFOa2JqWmxWakJ0YkRoblIzUkxkbWN3ZEVOaVdFbHRTMVEwZUdobFoyMXpjVWszZG1WRU9UTk1YM00zWkhkeE16UlBUblZPUVU4NGVtOXlOR2wzWkUxUk56Sm5lRGRsVjBsMFNtaG5NMWhIVm1adFpsb3RlVEZQYUdsSVFYQnJXRlYxVmpSVFVEbFhSa1ZqVWpoeE9XNVJVWHBNV2xOYVIzQlZWRlpmWWpKR09WaDVaM0poTUZoRFJsaHRVRmxqTm1GV2VXUnlOMGhDVWpCNGVtMXpMWFpCY1hOUlVXbFFZMHR6VG0xemJFRmpNWGx6VUVseldtNUZSa1ZaVUZKTWJqSlJOWG96Y1c1ak0xQXdVakpoZFRGWGJ6SmtVa3Q1T1RkQ01sTkZVVEprTWxCMldqVnNUVXBOUWtGTmJXbHpSamR0UjA0NWNtMWtSbFZ3UWpCdkxscDJWMGhvT1VOQlZWWTFUbFUyZDBGck5Ia3RNMUUuRExXb2xEUTlZd0NCcHpUcWlnTGFUc2VmT1d1ZGRPVmhseEVzaGdUcFlwUSIsImV4cCI6MTYxMDk3MDI4NywiaWF0IjoxNjEwOTY5OTg3fQ.WU2_QuIHjjynobUuhC-gix6PMyWmOcuLulAdyIu7U2o", "callbacks": [ { "type": "PollingWaitCallback", "output": [ { "name": "waitTime", "value": "5000" }, { "name": "message", "value": "templates.user.LoginTemplate.pollingwaitmessage" } ] } ] } |
When authentication process is finished successfully you will receive answer with a tokenId which will in next step allow you get the Authentication Code. The tokenId is your login session token.
The REST API service answer is in JSON format.
tokenId (to use in next step)
successUrl
realm
{ "tokenId": "UgT8UelNnFKc-Wm0GvQzDpwu0Ag.*AAJTSQACMDIAAlNLABwxQ1M5QVVlTFFxaXVCZWFTMkxXajhHV2JMWTg9AAR0eXBlAANDVFMAAlMxAAIwMw..*", "successUrl": "/sso/console", "realm": "/audkenni" } |
Now, when we have our login session token we can continue to next step, which is to get our Authentication Code.
To get the Authentication Code we send a GET call to following URI:
https://pfzww.audkenni.is:443/sso/oauth2/realms/root/realms/audkenni/authorize?service=api_v200&client_id=myApiClientId&response_type=code&scope=openid profile signature&code_challenge=5WnuXW4ALVNtX9G6MydkrPs-F2suz0TQkoaKBsk8Hzk&code_challenge_method=S256&state=abc123&redirect_uri=http://localhost:3000/callback
For this call to work we need to add a header object. It should be Cookie with the value “audsso=the tokenId from last call”.
client_id
scope (openid, profile, signature)
code_challenge (search for info about code_challenge and code verifier)
state (search for info about state)
redirect_uri
curl --location --request GET 'https://pfzww.audkenni.is:443/sso/oauth2/realms/root/realms/audkenni/authorize?service=api_v200&client_id=myApiClientId&response_type=code&scope=openid%20profile%20signature&code_challenge=5WnuXW4ALVNtX9G6MydkrPs-F2suz0TQkoaKBsk8Hzk&code_challenge_method=S256&state=abc123&redirect_uri=http://localhost:3000/callback' \ --header 'Cookie: audsso=tnPGRz4kjKhRfL8B2jjxPCo0Wcc.*AAJTSQACMDIAAlNLABxPYmVUSDZPWlNrK2ptZWJ0NVJDWE9PUHhweXM9AAR0eXBlAANDVFMAAlMxAAIwMw..*; audssossolb=03; audsso=tnPGRz4kjKhRfL8B2jjxPCo0Wcc.*AAJTSQACMDIAAlNLABxPYmVUSDZPWlNrK2ptZWJ0NVJDWE9PUHhweXM9AAR0eXBlAANDVFMAAlMxAAIwMw..*' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --data-raw '' |
var client = new RestClient("https://pfzww.audkenni.is:443/sso/oauth2/realms/root/realms/audkenni/authorize?service=api_v200&client_id=myApiClientId&response_type=code&scope=openid profile signature&code_challenge=5WnuXW4ALVNtX9G6MydkrPs-F2suz0TQkoaKBsk8Hzk&code_challenge_method=S256&state=abc123&redirect_uri=http://localhost:3000/callback"); client.Timeout = -1; var request = new RestRequest(Method.GET); request.AddHeader("Cookie", "audsso=tnPGRz4kjKhRfL8B2jjxPCo0Wcc.*AAJTSQACMDIAAlNLABxPYmVUSDZPWlNrK2ptZWJ0NVJDWE9PUHhweXM9AAR0eXBlAANDVFMAAlMxAAIwMw..*; audssossolb=03; audsso=tnPGRz4kjKhRfL8B2jjxPCo0Wcc.*AAJTSQACMDIAAlNLABxPYmVUSDZPWlNrK2ptZWJ0NVJDWE9PUHhweXM9AAR0eXBlAANDVFMAAlMxAAIwMw..*"); request.AddHeader("Content-Type", "application/x-www-form-urlencoded"); request.AddParameter("application/x-www-form-urlencoded", "", ParameterType.RequestBody); IRestResponse response = client.Execute(request); Console.WriteLine(response.Content); |
The JSON body of the answer should simply contain a “1”.
You should receive following header object in the answer
Location (should contain URI with a query parameter named “code”
This “code” parameter is the Authentication Code you will use for the exchange process in next step.
Now that we have the Authentication code we can finally ask for the Access and Id token of the user authenticated.
To exchange the Authentication Code for Access and Id token we send a POST call to following URI:
https://pfzww.audkenni.is:443/sso/oauth2/realms/root/realms/audkenni/access_token
We need to add following parameters
client_id
redirect_uri
code_verifier (search for info about code_challenge and code verifier)
code (the Authentication Code from last step)
client_secret
curl --location --request POST 'https://pfzww.audkenni.is:443/sso/oauth2/realms/root/realms/audkenni/access_token' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --header 'Cookie: audssossolb=03; audsso=tnPGRz4kjKhRfL8B2jjxPCo0Wcc.*AAJTSQACMDIAAlNLABxPYmVUSDZPWlNrK2ptZWJ0NVJDWE9PUHhweXM9AAR0eXBlAANDVFMAAlMxAAIwMw..*' \ --data-urlencode 'grant_type=authorization_code' \ --data-urlencode 'client_id=myApiClientId' \ --data-urlencode 'redirect_uri=http://localhost:3000/callback' \ --data-urlencode 'code_verifier=nO1rQDGH1QXNTTCMBb5rUFqwasA1LOEMBxJN9dtxWFDD0AFVPqMVDOoPyIrkLqPe7YGn2Q45o7ZG20L7zIJaOe8v8L51wy178ayQSk2zcNrT1ZjI2Kn3LxH2GGIbPqUK' \ --data-urlencode 'code=764sXFIB2i9t5nJsY4zpIUbV51I' \ --data-urlencode 'client_secret=MyApiClientP4$sW' |
var client = new RestClient("https://pfzww.audkenni.is:443/sso/oauth2/realms/root/realms/audkenni/access_token"); client.Timeout = -1; var request = new RestRequest(Method.POST); request.AddHeader("Content-Type", "application/x-www-form-urlencoded"); request.AddHeader("Cookie", "audssossolb=03; audsso=tnPGRz4kjKhRfL8B2jjxPCo0Wcc.*AAJTSQACMDIAAlNLABxPYmVUSDZPWlNrK2ptZWJ0NVJDWE9PUHhweXM9AAR0eXBlAANDVFMAAlMxAAIwMw..*"); request.AddParameter("grant_type", "authorization_code"); request.AddParameter("client_id", "myApiClientId"); request.AddParameter("redirect_uri", "http://localhost:3000/callback"); request.AddParameter("code_verifier", "nO1rQDGH1QXNTTCMBb5rUFqwasA1LOEMBxJN9dtxWFDD0AFVPqMVDOoPyIrkLqPe7YGn2Q45o7ZG20L7zIJaOe8v8L51wy178ayQSk2zcNrT1ZjI2Kn3LxH2GGIbPqUK"); request.AddParameter("code", "764sXFIB2i9t5nJsY4zpIUbV51I"); request.AddParameter("client_secret", "MyApiClientP4$sW"); IRestResponse response = client.Execute(request); Console.WriteLine(response.Content); |
The answer from this call should give you the Access and Id tokens along scope info, type and lifetime.
The Id token contains a PKCS1 signature and a authentication certificate.
The REST API service answer is in JSON format.
Best practice is to verify the signature and the certificate. Verify the user’s info in the Id token against the certificate and the social Id number entered by the user in beginning. By decoding the signature using the certificate you should end up with the hash from the earlier step.
access_token
id_token
scope
token_type
expires_in (lifetime of the tokens)
{ "access_token": "eyJ0eXAiOiJKV1QiLCJ6aXAiOiJOT05FIiwiYWxnIjoiSFMyNTYifQ.eyJzdWIiOiIxMDkwNWYxZS0yNjA4LTRmOWMtODBkMi0zZmI0NTI0MTUyMmMiLCJjdHMiOiJPQVVUSDJfU1RBVEVMRVNTX0dSQU5UIiwiYXV0aF9sZXZlbCI6MCwiYXVkaXRUcmFja2luZ0lkIjoiZWQ5NzcwMTgtOWMxYy00MDM3LWFkNTgtYzYxZGMyMjQ4MGE4LTg3MzA1NyIsImlzcyI6Imh0dHBzOi8vcGZ6d3cuYXVka2VubmkuaXM6NDQzL3Nzby9vYXV0aDIvcmVhbG1zL3Jvb3QvcmVhbG1zL2F1ZGtlbm5pIiwidG9rZW5OYW1lIjoiYWNjZXNzX3Rva2VuIiwidG9rZW5fdHlwZSI6IkJlYXJlciIsImF1dGhHcmFudElkIjoiNmN2MC1obUh0eDE0UU8tSlFDZzI2OHJacUhvIiwiYXVkIjoibXlBcGlDbGllbnRJZCIsIm5iZiI6MTYxMTA1NjY1MywiZ3JhbnRfdHlwZSI6ImF1dGhvcml6YXRpb25fY29kZSIsInNjb3BlIjpbInNpZ25hdHVyZSIsIm9wZW5pZCIsInByb2ZpbGUiXSwiYXV0aF90aW1lIjoxNjExMDU2NjQ4LCJyZWFsbSI6Ii9hdWRrZW5uaSIsImV4cCI6MTYxMTA2MDI1MywiaWF0IjoxNjExMDU2NjUzLCJleHBpcmVzX2luIjozNjAwLCJqdGkiOiIxZXVrdjQtWnZ1OFEzQmQxYnEtT3VwNk45QUUifQ.R602hS8WA6KWkLcp1Yw7hWFruPYiDivHwNvKvjL15zU", "scope": "signature openid profile", "id_token": "eyJ0eXAiOiJKV1QiLCJraWQiOiJ3VTNpZklJYUxPVUFSZVJCL0ZHNmVNUVAxUU19IiwiYWxnIjoiUlMyNTYifQ.emJhdR9oYXNoIjoibzA4NlpXbERxRUx0bVZJRG5zTjBXZyIsInN1YiI6IjEwOTA1ZjFlLTI2MDgtNGY5Yy04MGQyLTNmYjQ1MjQxNTIyYyIsInNpZ25hdHVyZSI6Imc2ZmVXaVJYeEJ1Z2xuamlYUWljK3dkUXFIRzN2Ti9mak1hQUVrdm9hdGdRVHJ6OGdhQ3BzZTFmRWkvZE5MOUE0YXI5b2dQcWVQMkg3Y3NuNjNUVnBUL1V4VXBrcWZ1dklxZkhUU3B2RDFLVWdwejF4VkNkTW12NGxqN2hvd3FHN3BJNFVhUVFRVG5mMi9XcHFTMVZIUmdjdzBWbUNtRTVOdnMzNUV0RVp1aDRaQ2VNaG1RMEE3TTV6bzN2TCtaVkNFVUJsZjNnSnZIcWFaeDVtWElOdEh4ZmRvejEyN1JFTGxSL0tQOURNc0x0dUJzOUtxK2huamQ4c2JFV25iZ0k5NFhXd0VWeFArVk82aVc5YnNQSG4yS0VIbFFQUzFhaEJRLzUxZ0NEdEVhQzRTRExNTE04QW4rMkxZV0NPcUloWkVGb3RaZDk2bnZJd09FNFQ5bldibHp3QmRxWURzRHUzWDlwaVhYZ3liMHE4ckoxMEVtYXlRMjhoWDB5VW9zeXpMTlQzREpzanJ3dGp3OWJqNUVXaXZsamhZWDhWZEVrRVpDTHI1T3czRlN4NHdNdkxURDd2VkZIbEdsYWk3MWdEYWRHa2FyL3lHYUpqOUYxZTljY2hyOCttMm5tNlg5cTFUYjJaUmRYdVppc05ZcnVadUt6MDRpMHZqbFE0UXRQKzhnUkNjUCtqVjlvVk5tNkFKbEM2MUVqRXJCWGRnSzdXRmNneGk5SWJ3U3NJMk4rM2NtS1ROVzllWDNEOEt0VUVjMzRKZHlSNGlXS3ViQ3gxK3kxcDZBRm5DMXJHNW1kT3pLU2NsOWY1RnRHVW10eVpNZlpsV05iS1dwU3dqeVQvclArcUNaSllQNnZwcmg1YlZJNTRna3VmZmtOTmVzUkl1ZjVrbXRlNzRoaENSTnpCVnFSRTJQanpiVHB6RUNNV1hiVGsxYTVLYUkyYlllczlPRGZoWlhKKzNXVnlFcVBpeG9tZE9Edmx1NHNRZDF6MENCbWpkTE5OUmR0UVI3bHI3VDJRT2VnaDg2OXY0R2l0Yk9VeXN6TmUyOHhDVmVJQzlRWGlFS1p5c3dJbE02TWJPN1JGU2FOMHZYMEZEaDZmVWo4ZCtQeUt5Uk9SMkMxNitJS21xL0NEYTV6dnFZOU1BbjVnN0FZMnJkbmFnNlpReWczejhsZTlkYTJGV3E4TERMc2RuaFBCL200VGQ5OXBlV2poamYwcndHbitwVGxSdmdxaDFnelhjY0U5REFSNkN1ektvRTA4UWFDZm9LR0dObnZtZWtMcWNKMWVDdkwyZGpVQ0ZVRWR3TkVzMGdQbmFNZkM0MTFIOWZXTDA3QTd4M0N6cU9uV0tqMHhMN28iLCJhdWRpdFRyYWNraW5nSWQiOiJlZDk3NzAxOC05YzFjLTQwMzctYWQ1OC1jNjFkYzIyNDgwYTgtODczMDU4IiwiY2VydGlmaWNhdGUiOiJNSUlIb3pDQ0JvdWdBd0lCQWdJRElDZTVNQTBHQ1NxR1NJYjNEUUVCQ3dVQU1INHhDekFKQmdOVkJBWVRBa2xUTVJNd0VRWURWUVFGRXdvMU1qRXdNREF5Tnprd01SVXdFd1lEVlFRS0V3eEJkV1JyWlc1dWFTQm9aaTR4SnpBbEJnTlZCQXNUSGxWMFoyVm1ZVzVrYVNCbWRXeHNaMmxzWkhKaElITnJhV3h5YVd0cVlURWFNQmdHQTFVRUF4TVJSblZzYkdkcGJIUWdZWFZrYTJWdWJta3dIaGNOTWpBeE1qRXlNVFl5TmpFMldoY05NalV4TWpFeU1UWXlOakUyV2pCeU1SSXdFQVlEVlFRRUV3bEljbUZtYm5OemIyNHhGekFWQmdOVkJDb01Ea1ZwYm1GeUlNT0JjblBEcG14c01Rc3dDUVlEVlFRR0V3SkpVekVUTUJFR0ExVUVCUk1LTVRVd05UY3hORFE0T1RFaE1COEdBMVVFQXd3WVJXbHVZWElndzRGeWM4T21iR3dnU0hKaFptNXpjMjl1TUlJRElqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0F3OEFNSUlEQ2dLQ0F3RUFsYS9SRU1OdmVmUHc1UWY0elVqVUJXQXpNVlZIeUppSitVWjdOa3VWekZGbXoxQXh3bFVrdXk0akxhZndpOUZuMXZ3djU5ajdMUGFDOW9CR0ZHdkh3T3hYcCtxeHFNYml5VTZhNlpxdS9NZlRjVHFDZkdTSElCS083WGZFamZZY3RvTldJY2ZZTnNOQm8xTDZFeTdhSFZMNUVTRDhPQ3FRa3RhbE1ObVFGR3lTSEFmLzhwY3VDMXFiYlY4aVFXOUF1N2VHMnU3aS9PZGRHdDcwWnBveU9KTVJFVVErTFpnZTk5dFBsTTdsMUZ1YnFlaDEvR1h3eDVjNVVhU3ZLQnZxVUR5c2FxZVF0QmMvQUI3ZFRtNTFhcDhJdlZkTldGcktDOHFuSGo1VTVUNEk3aDRqWWg5RjhFV3JnajcvcVk3b1Zrc0wyV0hzZDVtbHFLSDQ4VDRWVnA2TlJZYWxrRlUvZndiUkR3eGRQTklxWTd4NEIxVGtEb1Q4ekw0aUkzMkFrLzRSSW5acGlBeFRkUHRCbER4c01LclJOaWJLK0RtSTNnSFVNZEtmbDYvTEJWaVpjYlRCbWx5MVhLSTZoQUJoZ0JzYkRYZThJNXQwR2V2dW9oNW1FTUgzUEliWXVVQTd1Rk54MWZYRENOMDNwNDNTcHpZQ1JucTI3ZmNhK1FUSVh2Vk1EMjBBYUhCV3BISWFXTEtXYXFIak1EVHBqMWwwRWFpQW9sT25SVG1iNThkTHB4MHZUODVISFIra29QcHJuRmNDanlUQjlCa0RNRzBYSW9XZTNjTkJEMithODlNcnZkL3VlUkZEVVpnR3FWQjh3WGp6MnFWOVY4ZEk5RVN4bUdaWjVhQnNnL0sxMFFzOTBLR0FWblZBcGV1OUE0dXNENW5adk5LZkdaQ3ROL0laWFkzcFl0bmU2WWt3K2czbmhVWVcxOVVnc0pPR2YyRUpLK0MwU2x3YysrUHVmQlRDZlJ4emc4U1ZWQUZRWER4aGhaU1lNeCtkYWF4djhFYmVmYXJoY2dhZTl1SHBSL2JHMFZIVmhWWVdqclMwYnBzTGFWODB1MkM5UUhHUHY3MDVUOHZ3RVdmQ3lOUk5acXNOS3Y3MU41YWxGN01sc1E4K1JqektOK0Z0NDNzdmozZEVrVFpmc29KR3V0ZmU5RVJ3K0k0ckdHc1BkWXlQaDJsY0dtbnhNRHl1SHJWVkNzSUU5MnMzSHcrZEh6WVYzQzEzYUEvU1RvWGFwRnFOMCtsa3k5RTdtdXBvWGZJdTUzcldFOGg0Mkg0V3JKZllsMWVBOUQ4dnF5MUpDd3hPUEpBUFI3Q1cvdENtK1l6WU5DSVF0U3MwT2dlV3hmRk13RjF0QWdNQkFBR2pnZ0kwTUlJQ01EQU1CZ05WSFJNQkFmOEVBakFBTUlIL0JnTlZIU0FFZ2Zjd2dmUXdnZWNHQ1dDQ1lBRUNBUUVCQWpDQjJUQ0JzQVlJS3dZQkJRVUhBZ0l3Z2FNYWdhQlVhR2x6SUdObGNuUnBabWxqWVhSbElHbHpJR2x1ZEdWdVpHVmtJR1p2Y2lCaGRYUm9aVzUwYVdOaGRHbHZiaTRnVkdocGN5QmpaWEowWm1sallYUmxJR1oxYkdacGJITWdkR2hsSUhKbGNYVnBjbVZ0Wlc1MGN5Qm1iM0lnWVNCeGRXRnNhV1pwWldRZ1kyVnlkR2xtYVdOaGRHVWdZWE1nWkdWbWFXNWxaQ0JwYmlCU1pXZDFiR0YwYVc5dUlDaEZWU2tnVG04Z09URXdMekl3TVRRdU1DUUdDQ3NHQVFVRkJ3SUJGaGhvZEhSd2N6b3ZMM0psY0c4dVlYVmthMlZ1Ym1rdWFYTXdDQVlHQkFDUGVnRUNNSGNHQ0NzR0FRVUZCd0VCQkdzd2FUQWpCZ2dyQmdFRkJRY3dBWVlYYUhSMGNEb3ZMMjlqYzNBdVlYVmthMlZ1Ym1rdWFYTXdRZ1lJS3dZQkJRVUhNQUtHTm1oMGRIQTZMeTlqWkhBdWFYTnNZVzVrYzNKdmRDNXBjeTl6YTJsc2NtbHJhUzltZFd4c1oybHNkR0YxWkd0bGJtNXBMbkEzWWpBTEJnTlZIUThFQkFNQ0JhQXdFd1lEVlIwbEJBd3dDZ1lJS3dZQkJRVUhBd0l3SHdZRFZSMGpCQmd3Rm9BVXdpaytoditHeE5vMUgybW1wUDhCZ3p4S002a3dRd1lEVlIwZkJEd3dPakE0b0RhZ05JWXlhSFIwY0RvdkwyTnliQzVoZFdSclpXNXVhUzVwY3k5bWRXeHNaMmxzZEdGMVpHdGxibTVwTDJ4aGRHVnpkQzVqY213d0hRWURWUjBPQkJZRUZPNy9CcWpsMjh4aVUzMmIvamVHNHU1RUtSdU5NQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUJEQlFhUzQxcDhPdDRJOGdLWmdvSWtPWFZ3aDNoUldabUx1dU9xN1U1Ull6VkRoQmZlRzU4VkNRRFZSdVlPMm9zdjM2MWFPbFh1MzZmZ0hTL0dZbElteUJ2Y25TeXlhL0xoY3N2SGRuU2dLdmlMR2R2ZzAvNXNrUlRxTU1BbkkwRzNrck9Rcy9kVFE0cjFwdExhV0szcU1zb2dKbTZaVVdJWjU4TWNjMnZxMEVVQnd2SXhNVFBrNEFDQk1vM21DVUtMK2l1b09ndk0reTkyTWF2cWJnM28vM2RVTjlhSCtNRHErUHpJZlBmSVJ5cDQ5VU0yck42cldYNGxwS0xYa0hqRXVJWjJvVUxnYlh1UzJ1UUJ0MXhIaW52NFl3L3JWaG5DQy9yNEI2UUhjUzF6SGc4QzNxR0ZSMVVYdDNtMlhRK2lKWXQrcjF6VE1MTkk3V3ViN1ZlMiIsImlzcyI6Imh0dHBzOi8vcGZ6d3cuYXVka2VubmkuaXM6NDQzL3Nzby9vYXV0aDIvcmVhbG1zL3Jvb3QvcmVhbG1zL2F1ZGtlbm5pIiwidG9rZW5OYW1lIjoiaWRfdG9rZW4iLCJhdWQiOiJteUFwaUNsaWVudElkIiwiY19oYXNoIjoiLXRQeWZXWXV0XzlpRjhKMWUtWUJfZyIsImFjciI6IjAiLCJkb2N1bWVudE5yIjoiMTUwNTcxNDQ4OS1QU0JQLVEiLCJuYXRpb25hbFJlZ2lzdGVySWQiOiIxNTA1NzE0NDg5Iiwib3JnLmZvcmdlcm9jay5vcGVuaWRjb25uZWN0Lm9wcyI6IkxCQURrYS1yYWZOa3oxSHVGR0ZhQzhlZEFBQSIsInNfaGFzaCI6ImJLRTlVc3B3eUlQZzhMc1FIa0phaVEiLCJhenAiOiJteUFwaUNsaWVudElkIiwiYXV0aF90aW1lIjoxNjExMDU2NjQ4LCJuYW1lIjoiRWluYXIgw4Fyc8OmbGwgSHJhZm5zc29uIiwicmVhbG0iOiIvYXVka2VubmkiLCJleHAiOjE2MTEwNjAyNTMsInRva2VuVHlwZSI6IkpXVFRva2VuIiwiaWF0IjoxNjExMDU2NjUzfQ.IDGKpY-mwbJQqWbHIq6CeL_U_2C0xnHauu9b27u1QJYJn8Jsuid-ou9IQKqnXYKEziRWzXhHBTMl6IZwG-EPoMjUQ0neJWZ5IhsOXeoncAlskouwwDz1uljgF0jb29GjZR_eTivbBPq_4D4_EuKPCW4aJTnYtaRWyKq-QvxobolSXNvps4fDISiFYdpXArhh04HeDraJ48wUcD1oZRC5pCJ76JKRmbYOvRG6ZDf1JpYHua0NxImslIxjnNzmiKJ55G8o004cBCJzJhVuR7ZH4iUZlhSBFQI39X1ndSN92XdtTuA1UOqp8zaqg2QtOMFxC0BCHyFdbe8jyPdn7Zc3jA", "token_type": "Bearer", "expires_in": 3599 } |
{ "sub": "10915f1e-2628-4f9c-80d2-3fb45241522c", "cts": "OAUTH2_STATELESS_GRANT", "auth_level": 0, "auditTrackingId": "ed977018-9c1c-4037-ad58-c61dc22480a8-873057", "subname": "10915f1e-2628-4f9c-80d2-3fb45241522c", "iss": "https://pfzww.audkenni.is:443/sso/oauth2/realms/root/realms/audkenni", "tokenName": "access_token", "token_type": "Bearer", "authGrantId": "6cv0-hmHtx14QO-JQCg268rZqHo", "aud": "myApiClientId", "nbf": 1611056653, "grant_type": "authorization_code", "scope": [ "signature", "openid", "profile" ], "auth_time": 1611056648, "realm": "/audkenni", "exp": 1611060253, "iat": 1611056653, "expires_in": 3600, "jti": "1eukv4-Zvu8Q3Bd1bq-Oup6N9AE" } |
{ "at_hash": "o086ZWlDqELtmVIDnsN0Wg", "sub": "10935f1e-2628-4f9c-80d2-3fb45241522c", "signature": "g6feWiRXxBuglnjiXQic+wdQqHG3vN/fjMaAEkvoatgQTrz8gaCpse1fEi/dNL9A4ar9ogPqeP2H7csn63TVpT/UxUpkqfuvIqfHTSpvD1KUgpz1xVCdMmv4lj7howqG7pI4UaQQQTnf2/WpqS1VHRgcw0VmCmE5Nvs35EtEZuh4ZCeMhmQ0A7M5zo3vL+ZVCEUBlf3gJvHqaZx5mXINtHxfdoz127RELlR/KP9DMsLtuBs9Kq+hnjd8sbEWnbgI94XWwEVxP+VO6iW9bsPHn2KEHlQPS1ahBQ/51gCDtEaC4SDLMLM8An+2LYWCOqIhZEFotZd96nvIwOE4T9nWblzwBdqYDsDu3X9piXXgyb0q8rJ10EmayQ28hX0yUosyzLNT3DJsjrwtjw9bj5EWivljhYX8VdEkEZCLr5Ow3FSx4wMvLTD7vVFHlGlai71gDadGkar/yGaJj9F1e9cchr8+m2nm6X9q1Tb2ZRdXuZisNYruZuKz04i0vjlQ4QtP+8gRCcP+jV9oVNm6AJlC61EjErBXdgK7WFcgxi9IbwSsI2N+3cmKTNW9eX3D8KtUEc34JdyR4iWKubCx1+y1p6AFnC1rG5mdOzKScl9f5FtGUmtyZMfZlWNbKWpSwjyT/rP+qCZJYP6vprh5bVI54gkuffkNNesRIuf5kmte74hhCRNzBVqRE2PjzbTpzECMWXbTk1a5KaI2bYes9ODfhZXJ+3WVyEqPixomdODvlu4sQd1z0CBmjdLNNRdtQR7lr7T2QOegh869v4GitbOUyszNe28xCVeIC9QXiEKZyswIlM6MbO7RFSaN0vX0FDh6fUj8d+PyKyROR2C16+IKmq/CDa5zvqY9MAn5g7AY2rdnag6ZQyg3z8le9da2FWq8LDLsdnhPB/m4Td99peWjhjf0rwGn+pTlRvgqh1gzXccE9DAR6CuzKoE08QaCfoKGGNnvmekLqcJ1eCvL2djUCFUEdwNEs0gPnaMfC411H9fWL07A7x3CzqOnWKj0xL7o", "auditTrackingId": "ed977018-9c1c-4037-ad58-c61dc22480a8-873058", "certificate": "MIIHozCCBotgAwIBAgIDICe5MA0GCSqGMIb3DQEBCwUAMH4xCzAJBgNVBAYTAklTMRMwEQYDVQQFEwo1MjEwMDAyNzkwMRUwEwYDVQQKEwxBdWRrZW5uaSBoZi4xJzAlBgNVBAsTHlV0Z2VmYW5kaSBmdWxsZ2lsZHJhIHNraWxyaWtqYTEaMBgGA1UEAxMRRnVsbGdpbHQgYXVka2VubmkwHhcNMjAxMjEyMTYyNjE2WhcNMjUxMjEyMTYyNjE2WjByMRIwEAYDVQQEEwlIcmFmbnNzb24xFzAVBgNVBCoMDkVpbmFyIMOBcnPDpmxsMQswCQYDVQQGEwJJUzETMBEGA1UEBRMKMTUwNTcxNDQ4OTEhMB8GA1UEAwwYRWluYXIgw4Fyc8OmbGwgSHJhZm5zc29uMIIDIjANBgkqhkiG9w0BAQEFAAOCAw8AMIIDCgKCAwEAla/REMNvefPw5Qf4zUjUBWAzMVVHyJiJ+UZ7NkuVzFFmz1AxwlUkuy4jLafwi9Fn1vwv59j7LPaC9oBGFGvHwOxXp+qxqMbiyU6a6Zqu/MfTcTqCfGSHIBKO7XfEjfYctoNWIcfYNsNBo1L6Ey7aHVL5ESD8OCqQktalMNmQFGySHAf/8pcuC1qbbV8iQW9Au7eG2u7i/OddGt70ZpoyOJMREUQ+LZge99tPlM7l1Fubqeh1/GXwx5c5UaSvKBvqUDysaqeQtBc/AB7dTm51ap8IvVdNWFrKC8qnHj5U5T4I7h4jYh9F8EWrgj7/qY7oVksL2WHsd5mlqKH48T4VVp6NRYalkFU/fwbRDwxdPNIqY7x4B1TkDoT8zL4iI32Ak/4RInZpiAxTdPtBlDxsMKrRNibK+DmI3gHUMdKfl6/LBViZcbTBmly1XKI6hABhgBsbDXe8I5t0Gevuoh5mEMH3PIbYuUA7uFNx1fXDCN03p43SpzYCRnq27fca+QTIXvVMD20AaHBWpHIaWLKWaqHjMDTpj1l0EaiAolOnRTmb58dLpx0vT85HHR+koPprnFcCjyTB9BkDMG0XIoWe3cNBD2+a89Mrvd/ueRFDUZgGqVB8wXjz2qV9V8dI9ESxmGZZ5aBsg/K10Qs90KGAVnVApeu9A4usD5nZvNKfGZCtN/IZXY3pYtne6Ykw+g3nhUYW19UgsJOGf2EJK+C0Slwc++PufBTCfRxzg8SVVAFQXDxhhZSYMx+daaxv8Ebefarhcgae9uHpR/bG0VHVhVYWjrS0bpsLaV80u2C9QHGPv705T8vwEWfCyNRNZqsNKv71N5alF7MlsQ8+RjzKN+Ft43svj3dEkTZfsoJGutfe9ERw+I4rGGsPdYyPh2lcGmnxMDyuHrVVCsIE92s3Hw+dHzYV3C13aA/SToXapFqN0+lky9E7mupoXfIu53rWE8h42H4WrJfYl1eA9D8vqy1JCwxOPJAPR7CW/tCm+YzYNCIQtSs0OgeWxfFMwF1tAgMBAAGjggI0MIICMDAMBgNVHRMBAf8EAjAAMIH/BgNVHSAEgfcwgfQwgecGCWCCYAECAQEBAjCB2TCBsAYIKwYBBQUHAgIwgaMagaBUaGlzIGNlcnRpZmljYXRlIGlzIGludGVuZGVkIGZvciBhdXRoZW50aWNhdGlvbi4gVGhpcyBjZXJ0ZmljYXRlIGZ1bGZpbHMgdGhlIHJlcXVpcmVtZW50cyBmb3IgYSBxdWFsaWZpZWQgY2VydGlmaWNhdGUgYXMgZGVmaW5lZCBpbiBSZWd1bGF0aW9uIChFVSkgTm8gOTEwLzIwMTQuMCQGCCsGAQUFBwIBFhhodHRwczovL3JlcG8uYXVka2VubmkuaXMwCAYGBACPegECMHcGCCsGAQUFBwEBBGswaTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuYXVka2VubmkuaXMwQgYIKwYBBQUHMAKGNmh0dHA6Ly9jZHAuaXNsYW5kc3JvdC5pcy9za2lscmlraS9mdWxsZ2lsdGF1ZGtlbm5pLnA3YjALBgNVHQ8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwHwYDVR0jBBgwFoAUwik+hv+GxNo1H2mmpP8BgzxKM6kwQwYDVR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC5hdWRrZW5uaS5pcy9mdWxsZ2lsdGF1ZGtlbm5pL2xhdGVzdC5jcmwwHQYDVR0OBBYEFO7/Bqjl28xiU32b/jeG4u5EKRuNMA0GCSqGSIb3DQEBCwUAA4IBAQBDBQaS41p8Ot4I8gKZgoIkOXVwh3hRWZmLuuOq7U5RYzVDhBfeG58VCQDVRuYO2osv361aOlXu36fgHS/GYlImyBvcnSyya/LhcsvHdnSgKviLGdvg0/5skRTqMMAnI0G3krOQs/dTQ4r1ptLaWK3qMsogJm6ZUWIZ58Mcc2vq0EUBwvIxMTPk4ACBMo3mCUKL+iuoOgvM+y92Mavqbg3o/3dUN9aH+MDq+PzIfPfIRyp49UM2rN6rWX4lpKLXkHjEuIZ2oULgbXuS2uQBt1xHinv4Yw/rVhnCC/r4B6QHcS1zHg8C3qGFR1UXt3m2XQ+iJYt+r1zTMLNI7Wub7Ve2", "subname": "10935f1e-2628-4f9c-80d2-3fb45241522c", "iss": "https://pfzww.audkenni.is:443/sso/oauth2/realms/root/realms/audkenni", "tokenName": "id_token", "sid": "AiGDa/sq0iupdYzjLZmR8jskvmPnanoDwFMSdO9AmGI=", "aud": "myApiClientId", "c_hash": "-tPyfWYut_9iF8J1e-YB_g", "acr": "0", "documentNr": "1406714889-PSBP-Q", "nationalRegisterId": "1406714889", "org.forgerock.openidconnect.ops": "LBADka-rafNkz1HuFGFaC8edAAA", "s_hash": "bKE9UspwyIPg8LsQHkJaiQ", "azp": "myApiClientId", "auth_time": 1611056648, "name": "Einar Helgi Hrafnsson", "realm": "/audkenni", "exp": 1611060253, "tokenType": "JWTToken", "iat": 1611056653 } |
Here we ask for the users info using the Access token as Authorization header parameter.
To get the Userinfo we send a POST call to following URI:
https://pfzww.audkenni.is:443/sso/oauth2/realms/root/realms/audkenni/userinfo
We need to add following header parameters
Authorization (Bearer, using the Access token from last call as value)
curl --location --request POST 'https://pfzww.audkenni.is:443/sso/oauth2/realms/root/realms/audkenni/userinfo' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJ6aXAiOiJOT05FIiwmYWxnIjoiSFMyUTYifQ.eyJsdWIiOiIxMDkwNWYxZS0yNjA4LTRmOWMtODBkMi0zZmI0NTI0MTUyMmMiLCJjdHMiOiJPQVVUSDJfU1RBVEVMRVNTX0dSQU5UIiwiYXV0aF9sZXZlbCI6MCwiYXVkaXRUcmFja2luZ0lkIjoiNjE2ODE1NmEtNTFkOC00OTgwLTlkMTItZjllZWQ1ZDkzY2E3LTExMDE1NTgiLCJpc3MiOiJodHRwczovL3Bmend3LmF1ZGtlbm5pLmlzOjQ0My9zc28vb2F1dGgyL3JlYWxtcy9yb290L3JlYWxtcy9hdWRrZW5uaSIsInRva2VuTmFtZSI6ImFjY2Vzc190b2tlbiIsInRva2VuX3R5cGUiOiJCZWFyZXIiLCJhdXRoR3JhbnRJZCI6Ik15X3h1SDJRV3l6QnI3MjU0Mkhod251WHRXcyIsImF1ZCI6Im15QXBpQ2xpZW50SWQiLCJuYmYiOjE2MTEwNDU2MTMsImdyYW50X3R5cGUiOiJhdXRob3JpemF0aW9uX2NvZGUiLCJzY29wZSI6WyJzaWduYXR1cmUiLCJvcGVuaWQiLCJwcm9maWxlIl0sImF1dGhfdGltZSI6MTYxMTA0NTYwMywicmVhbG0iOiIvYXVka2VubmkiLCJleHAiOjE2MTEwNDkyMTMsImlhdCI6MTYxMTA0NTYxMywiZXhwaXJlc19pbiI6MzYwMCwianRpIjoiWXNXdVVCOWpRZ1Y4NWVnYXFpcmRCSmpfUV84In0.seN-_PTzuWj1JWDDBMJ1IMhJd5lWtO8DABU5gsjD3ag' \ --header 'Cookie: audssossolb=03; audsso=tnPGRz4kjKhRfL8B2jjxPCo0Wcc.*AAJTSQACMDIAAlNLABxPYmVUSDZPWlNrK2ptZWJ0NVJDWE9PUHhweXM9AAR0eXBlAANDVFMAAlMxAAIwMw..*' |
var client = new RestClient("https://pfzww.audkenni.is:443/sso/oauth2/realms/root/realms/audkenni/userinfo"); client.Timeout = -1; var request = new RestRequest(Method.POST); request.AddHeader("Content-Type", "application/x-www-form-urlencoded"); request.AddHeader("Authorization", "Bearer eyJ0eXAiOiJKV1QiLKJ6aXAiOiJOT25FIiwiYWxnIjoiSFMyNTYifQ.eyJzdWLiOoIxMDkwNWYxZS0yNjA4LTRmOWMtODBkMi0zZmI0NTI0MTUyMmMiLCJjdHMiOiJPQVVUSDJfU1RBVEVMRVNTX0dSQU5UIiwiYXV0aF9sZXZlbCI6MCwiYXVkaXRUcmFja2luZ0lkIjoiNjE2ODE1NmEtNTFkOC00OTgwLTlkMTItZjllZWQ1ZDkzY2E3LTExMDE1NTgiLCJpc3MiOiJodHRwczovL3Bmend3LmF1ZGtlbm5pLmlzOjQ0My9zc28vb2F1dGgyL3JlYWxtcy9yb290L3JlYWxtcy9hdWRrZW5uaSIsInRva2VuTmFtZSI6ImFjY2Vzc190b2tlbiIsInRva2VuX3R5cGUiOiJCZWFyZXIiLCJhdXRoR3JhbnRJZCI6Ik15X3h1SDJRV3l6QnI3MjU0Mkhod251WHRXcyIsImF1ZCI6Im15QXBpQ2xpZW50SWQiLCJuYmYiOjE2MTEwNDU2MTMsImdyYW50X3R5cGUiOiJhdXRob3JpemF0aW9uX2NvZGUiLCJzY29wZSI6WyJzaWduYXR1cmUiLCJvcGVuaWQiLCJwcm9maWxlIl0sImF1dGhfdGltZSI6MTYxMTA0NTYwMywicmVhbG0iOiIvYXVka2VubmkiLCJleHAiOjE2MTEwNDkyMTMsImlhdCI6MTYxMTA0NTYxMywiZXhwaXJlc19pbiI6MzYwMCwianRpIjoiWXNXdVVCOWpRZ1Y4NWVnYXFpcmRCSmpfUV84In0.seN-_PTzuWj1JWDDBMJ1IMhJd5lWtO8DABU5gsjD3ag"); request.AddHeader("Cookie", "audssossolb=03; audsso=tnPGRz4kjKhRfL8B2jjxPCo0Wcc.*AAJTSQACMDIAAlNLABxPYmVUSDZPWlNrK2ptZWJ0NVJDWE9PUHhweXM9AAR0eXBlAANDVFMAAlMxAAIwMw..*"); IRestResponse response = client.Execute(request); Console.WriteLine(response.Content); |
The answer from this call should give you a PKCS1 Signature and a authentication certificate. The same signature and certificate as is in the Id token from last step.
The REST API service answer is in JSON format.
Best practice is to verify the signature and the certificate. Verify the user’s info in answer against the certificate and the social Id number entered by the user in beginning. By decoding the signature using the certificate you should end up with the hash from the earlier step.
signature (PKCS1)
documentNr (variable text, for Auðkennis internal usage)
certificate (authentication certificate)
nationalRegisterId (The social id number of the user)
name (The users name)
sub (A unique Id of the user in our system)
subname (A unique Id of the user in our system)
{ "signature": "g6feWiRXxBuglnjiXQic+udQqHG3vN/fjMaAEkvoatgQKrz8gaCpse1fEi/dNL7A4ar9ogPqeP2H7csn63TVpT/UxUpkqfuvIqfHTSpvD1KUgpz1xVCdMmv4lj7howqG7pI4UaQQQTnf2/WpqS1VHRgcw0VmCmE5Nvs35EtEZuh4ZCeMhmQ0A7M5zo3vL+ZVCEUBlf3gJvHqaZx5mXINtHxfdoz127RELlR/KP9DMsLtuBs9Kq+hnjd8sbEWnbgI94XWwEVxP+VO6iW9bsPHn2KEHlQPS1ahBQ/51gCDtEaC4SDLMLM8An+2LYWCOqIhZEFotZd96nvIwOE4T9nWblzwBdqYDsDu3X9piXXgyb0q8rJ10EmayQ28hX0yUosyzLNT3DJsjrwtjw9bj5EWivljhYX8VdEkEZCLr5Ow3FSx4wMvLTD7vVFHlGlai71gDadGkar/yGaJj9F1e9cchr8+m2nm6X9q1Tb2ZRdXuZisNYruZuKz04i0vjlQ4QtP+8gRCcP+jV9oVNm6AJlC61EjErBXdgK7WFcgxi9IbwSsI2N+3cmKTNW9eX3D8KtUEc34JdyR4iWKubCx1+y1p6AFnC1rG5mdOzKScl9f5FtGUmtyZMfZlWNbKWpSwjyT/rP+qCZJYP6vprh5bVI54gkuffkNNesRIuf5kmte74hhCRNzBVqRE2PjzbTpzECMWXbTk1a5KaI2bYes9ODfhZXJ+3WVyEqPixomdODvlu4sQd1z0CBmjdLNNRdtQR7lr7T2QOegh869v4GitbOUyszNe28xCVeIC9QXiEKZyswIlM6MbO7RFSaN0vX0FDh6fUj8d+PyKyROR2C16+IKmq/CDa5zvqY9MAn5g7AY2rdnag6ZQyg3z8le9da2FWq8LDLsdnhPB/m4Td99peWjhjf0rwGn+pTlRvgqh1gzXccE9DAR6CuzKoE08QaCfoKGGNnvmekLqcJ1eCvL2djUCFUEdwNEs0gPnaMfC411H9fWL07A7x3CzqOnWKj0xL7o", "documentNr": "1406714889-PSBP-Q", "certificate": "MIIHovCCBougAwIBAgIDICe5MA2GCSqGSIb3DQMBCwUAMH4xCzAJBgNVBAYTAklTMRMwEQYDVQQFEwo1MjEwMDAyNzkwMRUwEwYDVQQKEwxBdWRrZW5uaSBoZi4xJzAlBgNVBAsTHlV0Z2VmYW5kaSBmdWxsZ2lsZHJhIHNraWxyaWtqYTEaMBgGA1UEAxMRRnVsbGdpbHQgYXVka2VubmkwHhcNMjAxMjEyMTYyNjE2WhcNMjUxMjEyMTYyNjE2WjByMRIwEAYDVQQEEwlIcmFmbnNzb24xFzAVBgNVBCoMDkVpbmFyIMOBcnPDpmxsMQswCQYDVQQGEwJJUzETMBEGA1UEBRMKMTUwNTcxNDQ4OTEhMB8GA1UEAwwYRWluYXIgw4Fyc8OmbGwgSHJhZm5zc29uMIIDIjANBgkqhkiG9w0BAQEFAAOCAw8AMIIDCgKCAwEAla/REMNvefPw5Qf4zUjUBWAzMVVHyJiJ+UZ7NkuVzFFmz1AxwlUkuy4jLafwi9Fn1vwv59j7LPaC9oBGFGvHwOxXp+qxqMbiyU6a6Zqu/MfTcTqCfGSHIBKO7XfEjfYctoNWIcfYNsNBo1L6Ey7aHVL5ESD8OCqQktalMNmQFGySHAf/8pcuC1qbbV8iQW9Au7eG2u7i/OddGt70ZpoyOJMREUQ+LZge99tPlM7l1Fubqeh1/GXwx5c5UaSvKBvqUDysaqeQtBc/AB7dTm51ap8IvVdNWFrKC8qnHj5U5T4I7h4jYh9F8EWrgj7/qY7oVksL2WHsd5mlqKH48T4VVp6NRYalkFU/fwbRDwxdPNIqY7x4B1TkDoT8zL4iI32Ak/4RInZpiAxTdPtBlDxsMKrRNibK+DmI3gHUMdKfl6/LBViZcbTBmly1XKI6hABhgBsbDXe8I5t0Gevuoh5mEMH3PIbYuUA7uFNx1fXDCN03p43SpzYCRnq27fca+QTIXvVMD20AaHBWpHIaWLKWaqHjMDTpj1l0EaiAolOnRTmb58dLpx0vT85HHR+koPprnFcCjyTB9BkDMG0XIoWe3cNBD2+a89Mrvd/ueRFDUZgGqVB8wXjz2qV9V8dI9ESxmGZZ5aBsg/K10Qs90KGAVnVApeu9A4usD5nZvNKfGZCtN/IZXY3pYtne6Ykw+g3nhUYW19UgsJOGf2EJK+C0Slwc++PufBTCfRxzg8SVVAFQXDxhhZSYMx+daaxv8Ebefarhcgae9uHpR/bG0VHVhVYWjrS0bpsLaV80u2C9QHGPv705T8vwEWfCyNRNZqsNKv71N5alF7MlsQ8+RjzKN+Ft43svj3dEkTZfsoJGutfe9ERw+I4rGGsPdYyPh2lcGmnxMDyuHrVVCsIE92s3Hw+dHzYV3C13aA/SToXapFqN0+lky9E7mupoXfIu53rWE8h42H4WrJfYl1eA9D8vqy1JCwxOPJAPR7CW/tCm+YzYNCIQtSs0OgeWxfFMwF1tAgMBAAGjggI0MIICMDAMBgNVHRMBAf8EAjAAMIH/BgNVHSAEgfcwgfQwgecGCWCCYAECAQEBAjCB2TCBsAYIKwYBBQUHAgIwgaMagaBUaGlzIGNlcnRpZmljYXRlIGlzIGludGVuZGVkIGZvciBhdXRoZW50aWNhdGlvbi4gVGhpcyBjZXJ0ZmljYXRlIGZ1bGZpbHMgdGhlIHJlcXVpcmVtZW50cyBmb3IgYSBxdWFsaWZpZWQgY2VydGlmaWNhdGUgYXMgZGVmaW5lZCBpbiBSZWd1bGF0aW9uIChFVSkgTm8gOTEwLzIwMTQuMCQGCCsGAQUFBwIBFhhodHRwczovL3JlcG8uYXVka2VubmkuaXMwCAYGBACPegECMHcGCCsGAQUFBwEBBGswaTAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AuYXVka2VubmkuaXMwQgYIKwYBBQUHMAKGNmh0dHA6Ly9jZHAuaXNsYW5kc3JvdC5pcy9za2lscmlraS9mdWxsZ2lsdGF1ZGtlbm5pLnA3YjALBgNVHQ8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwIwHwYDVR0jBBgwFoAUwik+hv+GxNo1H2mmpP8BgzxKM6kwQwYDVR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC5hdWRrZW5uaS5pcy9mdWxsZ2lsdGF1ZGtlbm5pL2xhdGVzdC5jcmwwHQYDVR0OBBYEFO7/Bqjl28xiU32b/jeG4u5EKRuNMA0GCSqGSIb3DQEBCwUAA4IBAQBDBQaS41p8Ot4I8gKZgoIkOXVwh3hRWZmLuuOq7U5RYzVDhBfeG58VCQDVRuYO2osv361aOlXu36fgHS/GYlImyBvcnSyya/LhcsvHdnSgKviLGdvg0/5skRTqMMAnI0G3krOQs/dTQ4r1ptLaWK3qMsogJm6ZUWIZ58Mcc2vq0EUBwvIxMTPk4ACBMo3mCUKL+iuoOgvM+y92Mavqbg3o/3dUN9aH+MDq+PzIfPfIRyp49UM2rN6rWX4lpKLXkHjEuIZ2oULgbXuS2uQBt1xHinv4Yw/rVhnCC/r4B6QHcS1zHg8C3qGFR1UXt3m2XQ+iJYt+r1zTMLNI7Wub7Ve2", "nationalRegisterId": "1406714889", "name": "Einar Helgi Hrafnsson", "sub": "10925f1e-2618-4f9c-80d2-3fb45241522c", "subname": "10925f1e-2618-4f9c-80d2-3fb45241522c" } |