Client management with PMS
e-Signet is onboarded as MISP partner in MOSIP system with the below policy:
{ "allowAuthRequestDelegation": true, "allowKycRequestDelegation": true, "trustBindedAuthVerificationToken": true, "allowKeyBindingDelegation": true }License key of the MISP partner must be updated in the
esignet-default.properties. Property name :mosip.esignet.misp.license.keyCreate and Update of OIDC clients are managed via PMS.\
Creates OIDCClient and return Client id
OK
POST /v1/partnermanager/oidc/client HTTP/1.1
Host: localhost
Content-Type: application/json
Accept: */*
Content-Length: 287
{
"id": "text",
"version": "text",
"requesttime": "2025-11-08T06:35:23.927Z",
"metadata": {},
"request": {
"name": "text",
"policyId": "text",
"publicKey": {
"ANY_ADDITIONAL_PROPERTY": {}
},
"authPartnerId": "text",
"logoUri": "text",
"redirectUris": [
"text"
],
"grantTypes": [
"text"
],
"clientAuthMethods": [
"text"
]
}
}OK
{
"id": "text",
"version": "text",
"responsetime": "2025-11-08T06:35:23.927Z",
"metadata": {},
"response": {
"clientId": "text",
"status": "text"
},
"errors": [
{
"errorCode": "text",
"message": "text"
}
]
}Service to update details of OIDCClient
OK
PUT /v1/partnermanager/oidc/client/{client_id} HTTP/1.1
Host: localhost
Content-Type: application/json
Accept: */*
Content-Length: 225
{
"id": "text",
"version": "text",
"requesttime": "2025-11-08T06:35:23.927Z",
"metadata": {},
"request": {
"logoUri": "text",
"redirectUris": [
"text"
],
"status": "text",
"grantTypes": [
"text"
],
"clientName": "text",
"clientAuthMethods": [
"text"
]
}
}OK
{
"id": "text",
"version": "text",
"responsetime": "2025-11-08T06:35:23.927Z",
"metadata": {},
"response": {
"clientId": "text",
"status": "text"
},
"errors": [
{
"errorCode": "text",
"message": "text"
}
]
}Relying party is onboarded as an
Authpartner. Auth partner is required to have the below allowedauth-typesin the policy.
{ "allowedAuthTypes" : [
{"authSubType":"","authType":"kycauth","mandatory":false},
{"authSubType":"","authType":"kycexchange","mandatory":false},
{"authSubType":"","authType":"otp-request","mandatory":false},
]
}An auth-partner may have one or more OIDC clients.
SHA-256 hash of the OIDC client public key is considered as
clientID.Authentication Context References (ACR) and user claims are derived based on the policy of the auth partner.
a.
allowedKycAttributesare used to derive user claims using theidentity_mapping.jsonb.
allowedAuthTypesare used to derive ACR values using theamr-acr-mapping.jsonClient management endpoints of e-Signet
oidc-serviceis invoked from PMS with the derived values,clientIDand the provided public-key.Also, the client-details with policy and partner details are sent as an event to MOSIP IDA system.
Configurations
To get the mapping of OIDC claims with MOSIP KYC-attributes.
To get the mapping of auth types in policy with ACR values.
The claims supported by e-Signet should be present in
identity-mapping.jsonfile.
Sample auth-policy of a relying party
{"authTokenType":"policy",
"allowedKycAttributes":[{"attributeName":"fullName"},
{"attributeName":"gender"},
{"attributeName":"phone"},
{"attributeName":"email"},
{"attributeName":"dateOfBirth"},
{"attributeName":"city"},
{"attributeName":"face"},
{"attributeName":"addressLine1"}],
"allowedAuthTypes":[{"authSubType":"IRIS","authType":"bio","mandatory":false},
{"authSubType":"FINGER","authType":"bio","mandatory":false},
{"authSubType":"","authType":"otp","mandatory":false},
{"authSubType":"FACE","authType":"bio","mandatory":false},
{"authSubType":"","authType":"otp-request","mandatory":false},
{"authSubType":"","authType":"kycauth","mandatory":false},
{"authSubType":"","authType":"kycexchange","mandatory":false},
{"authSubType":"","authType":"wla","mandatory":false}]
}Last updated
Was this helpful?