NOTE: Trivore ID Documentation has moved to https://trivoreid.com

The content on this site IS OUT OF DATE!

This space has been archived!

Please go ahead to the new site!

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

Permalink:

Produce URL leading to interactive strong identification web page

Since server version 3.7 the URL for interactive strong identification is generated by requesting the URL via the Management API. The API can be called with Management API Client credentials or any valid access token (no specific scope is required). You need to provide the User ID, success redirect URI and failure redirect URI parameters.

See the API documentation for

POST <baseUri>/api/rest/v1/user/{userId}/strongidentification/interactive

for more details.

The produced URL is valid only for a short time, so it should be generated only immediately before user is forwarded to the URL.

Deprecated method to produce identification URL

In previous server versions the URL for interactive identification was produced by hand and required an access token. This method still exists but is not recommended.

Redirect user to the produced URL

Have the user open the URL in their web browser.

Wait for results

The identification process may end in success or failure. In case of success, the user is redirected to the provided success redirect URL. In case of failure (including the case of cancellation) the user is redirected to the failure redirect URL.


Failure redirect URI parameters

If identification process is not successfully finished, these parameters may be added to the failure URI.

ParameterValue
errorError code. Codes are listed below.
error_descriptionShort human readable explanation of error cause. Content is in English and can be jargon heavy (not necessarily user friendly).
Error codeMeaning
not_availableStrong identification is not available for current user.
invalid_tokenAccess token is invalid or expired
saml_auth_failAuthentication failed on SAML IDP side (for example, user cancelled)
internalUnexpected internal service error
auth_failInternal authentication error (for example, configuration issue)

Some graph

Sequence for suomi.fi strong identification + sign-in (Finnish)

Test credentials

Test credentials for suomi.fi identification + sign-in

The authotiry VRK provides test credentials at <https://palveluhallinta.suomi.fi/fi/tuki/artikkelit/5a82ef7ab03cdc41de664a2b>.


  • No labels