NOTE: Trivore ID Documentation has moved to https://trivoreid.com
The content on this site IS OUT OF DATE!
This space has been archived!
Please go ahead to the new site!
Suomi.fi Authorisations
Authorisations generated in the Suomi.fi service by users can be imported to the ID Authorisations system.
Pre-requisites
A person or company (the “Principal”) has created an authorisation at Suomi.fi, granting the User (the “Delegate”) ability to do something.
The User has signed in to your Service using OIDC. You have their access token.
At this time the Authorisation data is located only at the suomi.fi service. The User must transfer it to the ID service.
Create clickable buttons to retrieve the Authorisations
On behalf of another person
Create a form which makes a POST request to the URL https://id.example.com/api/suomi.fi/valtuudet/hpa
with form parameters:
Form parameter | Value |
---|---|
| User’s access token |
| URI where user will be directed after successfully retrieving the Authorisations |
| URI where user will be directed if they cancel the operation or it fails for other reasons. |
The Success and Failure URIs must be pre-registered on the ID service. This can be done in the Management UI, System Preferences, Suomi.fi / Authorisations, Allowed redirect URLs.
On behalf of a company
Use the URL https://id.example.com/api/suomi.fi/valtuudet/ypa
, otherwise works the same as above.
Simple example
Have the User activate the buttons in their web browser
Show the buttons to the User and instruct the User to activate on of them.
User experience after clicking the button
The User’s web browser will go through the ID service, then be redirected to suomi.fi pages where they will likely have to identify themselves using bank credentials or other means.
They will agree to pass the authorisation data to the ID service.
They will be redirected to the ID service where they will see another confirmation dialog.
Finally they will be redirected to the success URL.
Retrieving Authorisation data
After being redirected to the Success URL, a copy of the Authorisation data is retrievable from the ID service’s Authorisations API.
Figuring out who created the Authorisation
See example in Authorisations API on how to retrieve active Authorisations granted to a specific user.
For each Authorisation record, see the subject.type
and subject.value
properties. The type should be User
and the value is the User ID of the person or company who granted the Authorisation.
Look up this Principal User account using the User API: GET /api/rest/v1/user/{userId}
The personalIdentityCodes
property will hold an array of objects. Their identityCode
value is the user’s personal identity code (“henkilötunnus”).