Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Updated error code list, added example of parameters

...

User is redirected to a web page on ID service, which redirects user to the strong identification service, where the user will sign in to their bank or otherwise prove their identity, and are then redirected back to the ID service and the service will redirect back to the original service.

Location: <baseUri>/openid/strongidentification

Example: https://fi.trivoreid.comEndpoint URL without parameters: <baseUri>/openid/strongidentification

Method: POST or GET

Parameters:

ParameterValueRequired
access_tokenCurrent user's access tokenYes
successRedirectUriURI where user agent is redirected after successful identificationYes
failureRedirectUriURI where user agent is redirected in failure casesYes

Example URL with parameters:

https://fi.trivoreid.com/openid/strongidentification
   ?access_token=SY6DwAUw6G1XT463sV52FzZyi3gC4lk5
   &successRedirectUri=https%3A%2F%2Fexample.com%2Fsuccess
   &failureRedirectUri=https%3A%2F%2Fexample.com%2Ffailure

Failure redirect URI parameters

In some failure cases additional parameters are If identification process is not successfully finished, these parameters may be added to the failureRedirectUrifailure URI.

ParameterValue
errorError code. Codes are listed below.
error_descriptionShort human readable explanation of error cause. Content is in English and can be jargon heavy (not necessarily user friendly).


Error codeMeaning
not_availableStrong identification is not available for current user.
invalid_tokenAccess token is invalid or expired
saml_auth_failAuthentication failed on SAML IDP side (for example, user cancelled)
internalUnexpected internal service error
auth_failInternal authentication error (for example, configuration issue)

Sequence for suomi.fi strong identification + sign-in (Finnish)

...