User Tools

Site Tools


nocode:identity-link

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
nocode:identity-link [2019/08/01 08:38]
tjotov created
nocode:identity-link [2019/08/13 11:20] (current)
740803864 [Positive response]
Line 1: Line 1:
-====== No-Code Identity Link support ======+====== Identity Link support ====== 
 +You can follow these steps to integrate no-code identity link support to your application: 
 +  * Send identity link HTTP request to ADUCID Binder 
 +  * Process authentication on ADUCID Binder 
 +  * Read identity link JSON response 
 +See chapters below for details. 
 + 
 +===== Setup ===== 
 +At first, identity link must be prepared and sent to ADUCID Binder. ADUCID Binder accepts identity link HTTP requests at ''/aducid-binder/prepareIdentityLinkUpload''. Before ADUCID Binder call, **unique identifier (aka ''identityLinkId'') must be generated**. This identifier is neccessary to successfully pair identity link request and response. Let's see ADUCID Binder identity link interface parameters: 
 +^ Name ^ Values ^ Mandatory ^ Description ^ 
 +| identityLinkId | String | Yes | identity link unique identifier | 
 +| remoteAims | List<String> | Yes | list of identity link remote AIMs | 
 +| peigMessage | MultipartFile | No | identity link message in plain or HTML format | 
 +| peigMessageData | MultipartFile | No | identity link message data | 
 +| initLF | Boolean | No | if true, personal code will be initialized | 
 +| redirectUrl | String | Yes | URL to redirect after ADUCID Binder successful authentication | 
 +| errorPage | String | No | URL to redirect after ADUCID Binder unsuccessful authentication | 
 +| udi | String | No | if defined, security attack check is realized | 
 +| request | String | No | if defined, ''syncMyIdentityLinkedUserData'' method is called | 
 +**It is neccessary to add ''identityLinkId'' parameter to ''redirectUrl'' attribute** to successfully pair identity link request and response. If ''errorPage'' is not defined, ''redirectUrl'' is used in case of error. Now we can send prepared request to ''/aducid-binder/prepareIdentityLinkUpload'' and check successful identity link upload (HTTP code 200). 
 + 
 +We must also remember to provide generated identity link identifier to web view, e.g. Ajax JSON response or JSP expression language. 
 + 
 +===== Identity link itself ===== 
 +When identity link data are successfully uploaded, we can start identity link itself. It can be done with use of [[web-integration:client-side|Client API for Web Integration]]. We only need to specify right ADUCID Binder methods to serve identity link: 
 + 
 +<code javascript> 
 +aducid.setStartOperationUrl("/aducid-binder/identityLinkJson?identityLinkId=" + response.data); 
 +aducid.setResultOperationUrl("/aducid-binder/identityLinkCheck"); 
 +aducid.setProxyUrl("/aducid-binder/proxy"); 
 +</code> 
 + 
 +Expression ''response.data'' contains unique identity link identifier pushed from backend to view. After identity link run, user is redirected to ''redirectUrl'' value (or to ''errorPage'' if defined and error occurs). 
 + 
 +===== Response processing ===== 
 +User is now redirected to ''redirectUrl'', where we must process identity link operation result. Operation result is saved in HTTP request attributes. We try to read attribute with prefix ''AAA_ULR_'' with identity link identifier at the end. When value exists, **we must invoke base64 decoding on value** to get readable JSON response. 
 + 
 +There is also saved used remote AIM in HTTP attributes. It can be accessed as an attribute with prefix ''AAA_ULR_RA_'' with identity link identifier at the end. This value is saved as it is, it is not base64 encoded. 
 + 
 +==== Positive response ==== 
 +When identity link was successful (''status = OK''), JSON response will be: 
 + 
 +<code javascript> 
 +
 +  "status": "OK", 
 +  "data": null, 
 +  "redirect": null 
 +
 +</code> 
 + 
 +When ''request'' value was used in identity link setup (e.g. ''{"eidProviderMethod":"READ_EID_USER_DATA","data":null}''), ''data'' will be filled in service provider response. For example: 
 + 
 +<code javascript> 
 +
 +  "status": "OK", 
 +  "data":
 +    "firstName": "John", 
 +    "firstNameApproved": true, 
 +    "lastName": "Green", 
 +    "lastNameApproved": true, 
 +    "permanentAddress": "Castle Road 54, Green Town, CF72 2YD", 
 +    "permanentAddressApproved": true, 
 +    "identityCardNumber": "ID97967588", 
 +    "identityCardNumberApproved": true, 
 +    "identityCardValidTo": "2023-05-10", 
 +    "identityCardValidToApproved": true, 
 +    "birthDate": "1971-10-09", 
 +    "birthDateApproved": true, 
 +    "deliveryAddress": "Castle Road 54, Green Town, CF72 2YD", 
 +    "deliveryAddressApproved": true, 
 +    "telephoneNumber": "+44 654 987 987", 
 +    "telephoneNumberApproved": true, 
 +    "voter": true, 
 +    "voterApproved": true, 
 +    "creditCardNumber": "4485 5057 0701 1520", 
 +    "creditCardNumberApproved": true, 
 +    "creditCardValidTo": "09/2022", 
 +    "creditCardValidToApproved": true, 
 +    "creditCardOwner": "John Green", 
 +    "creditCardOwnerApproved": true, 
 +    "gender": "male", 
 +    "genderApproved": true, 
 +    "email": "john.green@test.com", 
 +    "emailApproved": true, 
 +    "approvedLF": true, 
 +    "proofingStatus": "APPROVED" 
 +  }, 
 +  "redirect": null 
 +
 +</code> 
 + 
 +==== Negative response ==== 
 +See [[nocode:transactions#negative_response|Transaction support, Negative response]] chapter. 
nocode/identity-link.1564648726.txt.gz · Last modified: 2019/08/01 08:38 by tjotov