Pre-requisites

• A person or company (the “Principal”) has created an authorisation at Suomi.fi, granting the User (the “Delegate”) ability to do something.

• The User has signed in to your Service using OIDC. You have their access token.

At this time the knowledge of the authorisations is located only at the suomi.fi service. It needs to be retrieved from there.

Create a link to retrieve the Authorisations

TODO

(success URL, failure URL, user identification)

Have the User activate the link in their web browser

Show the link to the user as a clickable link or button, instruct the User to activate it.

User experience after clicking the link

The User’s web browser will go through the ID service, then be redirected to suomi.fi pages where they will likely have to identify themselves using bank credentials or other means.

They will agree to pass the authorisation data to the ID service.

They will be redirected to the ID service where they will see another confirmation dialog. [WHY????]

Finally they will be redirected to the success URL.

Retrieving Authorisation data

After being redirected to the Success URL, a copy of the Authorisation data is retrievable from the ID service’s Authorisations API.