Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Permalink: https://doc.oneportal.fi/x/QIAW

Table of Contents

Note: This document describes behaviour after onePortalâ„¢ version 2.7.2.

This flow is currently working for suomi.fi strong identification and strong authentication in Finland.

User is redirected to a web page on ID service, which redirects user to the strong identification service, where the user will sign in to their bank or otherwise prove their identity, and are then redirected back to the ID service and the service will redirect back to the original service.

Location: <baseUrl>/openid/strongidentification

Method: POST or GET

Parameters:

...

Failure redirect URI parameters

...

Table of Contents

Produce URL leading to interactive strong identification web page

Since server version 3.7 the URL for interactive strong identification is generated by requesting the URL via the Management API. The API can be called with Management API Client credentials or any valid access token (no specific scope is required). You need to provide the User ID, success redirect URI and failure redirect URI parameters.

See the API documentation for
POST <baseUri>/api/rest/v1/user/{userId}/strongidentification/interactive
for more details.

The produced URL is valid only for a short time, so it should be generated only immediately before user is forwarded to the URL.

Deprecated method to produce identification URL

In previous server versions the URL for interactive identification was produced by hand and required an access token. This method still exists but is not recommended.

Redirect user to the produced URL

Have the user open the URL in their web browser.

Wait for results

The identification process may end in success or failure. In case of success, the user is redirected to the provided success redirect URL. In case of failure (including the case of cancellation) the user is redirected to the failure redirect URL.

Failure redirect URI parameters

If identification process is not successfully finished, these parameters may be added to the failure URI.

Parameter

Value

error

Error code. Codes are listed below.

error_description

Short human readable explanation of error cause.

Error codeMeaningnot_availableStrong identification is not available for current user.invalid_tokenAccess token is invalid or expired

Content is in English and can be jargon heavy (not necessarily user friendly).

For list of possible error codes, see https://trivore.atlassian.net/wiki/spaces/TISpubdoc/pages/884113468 .

Some graph

Sequence for suomi.fi strong identification + sign-in (Finnish)

...

...

Test credentials

Test credentials for suomi.fi identification + sign-in

The authotiry VRK provides test credentials at <https://palveluhallinta.suomi.fi/fi/tuki/artikkelit/5a82ef7ab03cdc41de664a2b>.

...