Versions Compared

Old Version 6

changes.mady.by.user Antti Kallio

Saved on

compared with

New Version 7

changes.mady.by.user Antti Kallio

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

...

...

Table of Contents
minLevel1
maxLevel7

Pre-requisites

  • A person or company (the “Principal”) has created an authorisation at Suomi.fi, granting the User (the “Delegate”) ability to do something.

  • The User has signed in to your Service using OIDC. You have their access token.

At this time the Authorisation data is located only at the suomi.fi service. The User must transfer it to the ID service.

Create clickable buttons to retrieve the Authorisations

On behalf of another person

Create a form which makes a POST request to the URL https://id.example.com/api/suomi.fi/valtuudet/hpa with form parameters:

...

The Success and Failure URIs must be pre-registered on the ID service. This can be done in the Management UI, System Preferences, Suomi.fi / Authorisations, Allowed redirect URLs.

On behalf of a company

Use the URL https://id.example.com/api/suomi.fi/valtuudet/ypa, otherwise works the same as above.

Simple example

Paste code macro
languagehtmlbars
titleExample
<!DOCTYPE html>
<html>
<head>
<meta charset="ISO-8859-1">
<title>Authorisations example</title>
</head>
<body>

<h1>Authorisations example</h1>

<p>Click one of the below buttons to continue.</p>

<form action="https://id.example.com/api/suomi.fi/valtuudet/hpa" method="post">
  <input type="hidden" name="access_token" value="pctOdyzJxIn1jrfg368Gy8Ln1nmVyxyu9">
  <input type="hidden" name="successRedirectUri" value="https://example.com/hpa_success" >
  <input type="hidden" name="failureRedirectUri" value="https://example.com/hpa_failure" >
  <input type="submit" value="Henkilön puolesta asiointi">
</form>

<form action="https://id.example.com/api/suomi.fi/valtuudet/ypa" method="post">
  <input type="hidden" name="access_token" value="pctOdyzJxIn1jrfg368Gy8Ln1nmVyxyu9">
  <input type="hidden" name="successRedirectUri" value="https://example.com/ypa_success" >
  <input type="hidden" name="failureRedirectUri" value="https://example.com/ypa_failure" >
  <input type="submit" value="Yrityksen puolesta asiointi">
</form>

</body>
</html>

Have the User activate the buttons in their web browser

Show the buttons to the User and instruct the User to activate on of them.

User experience after clicking the button

The User’s web browser will go through the ID service, then be redirected to suomi.fi pages where they will likely have to identify themselves using bank credentials or other means.

...

They will be redirected to the ID service where they will see another confirmation dialog. [WHY????]

Finally they will be redirected to the success URL.

Retrieving Authorisation data

After being redirected to the Success URL, a copy of the Authorisation data is retrievable from the ID service’s Authorisations API.

Figuring out who created the Authorisation

See example in Authorisations API on how to retrieve active Authorisations granted to a specific user.

...