...
User is redirected to a web page on ID service, which redirects user to the strong identification service, where the user will sign in to their bank or otherwise prove their identity, and are then redirected back to the ID service and the service will redirect back to the original service.
Location: <baseUri>/openid/strongidentification
Example: https://fi.trivoreid.comEndpoint URL without parameters: <baseUri>/openid/strongidentification
Method: POST or GET
Parameters:
Parameter | Value | Required |
---|---|---|
access_token | Current user's access token | Yes |
successRedirectUri | URI where user agent is redirected after successful identification | Yes |
failureRedirectUri | URI where user agent is redirected in failure cases | Yes |
Example URL with parameters:
https://
fi.trivoreid.com
/openid/strongidentification
?access_token=SY6DwAUw6G1XT463sV52FzZyi3gC4lk5
&successRedirectUri=https%3A%2F%2Fexample.com%2Fsuccess &failureRedirectUri=https%3A%2F%2Fexample.com%2Ffailure
Failure redirect URI parameters
In some failure cases additional parameters are If identification process is not successfully finished, these parameters may be added to the failureRedirectUrifailure URI.
Parameter | Value |
---|---|
error | Error code. Codes are listed below. |
error_description | Short human readable explanation of error cause. Content is in English and can be jargon heavy (not necessarily user friendly). |
Error code | Meaning |
---|---|
not_available | Strong identification is not available for current user. |
invalid_token | Access token is invalid or expired |
saml_auth_fail | Authentication failed on SAML IDP side (for example, user cancelled) |
internal | Unexpected internal service error |
auth_fail | Internal authentication error (for example, configuration issue) |
Sequence for suomi.fi strong identification + sign-in (Finnish)
...