Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
nocode:identity-link [2019/08/01 08:38]
tjotov created
nocode:identity-link [2019/08/13 11:20] (current)
740803864 [Positive response]
Line 1: Line 1:
-====== ​No-Code ​Identity Link support ======+====== Identity Link support ====== 
 +You can follow these steps to integrate no-code identity link support to your application:​ 
 +  * Send identity link HTTP request to ADUCID Binder 
 +  * Process authentication on ADUCID Binder 
 +  * Read identity link JSON response 
 +See chapters below for details. 
 + 
 +===== Setup ===== 
 +At first, identity link must be prepared and sent to ADUCID Binder. ADUCID Binder accepts identity link HTTP requests at ''/​aducid-binder/​prepareIdentityLinkUpload''​. Before ADUCID Binder call, **unique identifier (aka ''​identityLinkId''​) must be generated**. This identifier is neccessary to successfully pair identity link request and response. Let's see ADUCID Binder identity link interface parameters:​ 
 +^ Name ^ Values ^ Mandatory ^ Description ^ 
 +| identityLinkId | String | Yes | identity link unique identifier | 
 +| remoteAims | List<​String>​ | Yes | list of identity link remote AIMs | 
 +| peigMessage | MultipartFile | No | identity link message in plain or HTML format | 
 +| peigMessageData | MultipartFile | No | identity link message data | 
 +| initLF | Boolean | No | if true, personal code will be initialized | 
 +| redirectUrl | String | Yes | URL to redirect after ADUCID Binder successful authentication | 
 +| errorPage | String | No | URL to redirect after ADUCID Binder unsuccessful authentication | 
 +| udi | String | No | if defined, security attack check is realized | 
 +| request | String | No | if defined, ''​syncMyIdentityLinkedUserData''​ method is called | 
 +**It is neccessary to add ''​identityLinkId''​ parameter to ''​redirectUrl''​ attribute** to successfully pair identity link request and response. If ''​errorPage''​ is not defined, ''​redirectUrl''​ is used in case of error. Now we can send prepared request to ''/​aducid-binder/​prepareIdentityLinkUpload''​ and check successful identity link upload (HTTP code 200). 
 + 
 +We must also remember to provide generated identity link identifier to web view, e.g. Ajax JSON response or JSP expression language. 
 + 
 +===== Identity link itself ===== 
 +When identity link data are successfully uploaded, we can start identity link itself. It can be done with use of [[web-integration:​client-side|Client API for Web Integration]]. We only need to specify right ADUCID Binder methods to serve identity link: 
 + 
 +<code javascript>​ 
 +aducid.setStartOperationUrl("/​aducid-binder/​identityLinkJson?​identityLinkId="​ + response.data);​ 
 +aducid.setResultOperationUrl("/​aducid-binder/​identityLinkCheck"​);​ 
 +aducid.setProxyUrl("/​aducid-binder/​proxy"​);​ 
 +</​code>​ 
 + 
 +Expression ''​response.data''​ contains unique identity link identifier pushed from backend to view. After identity link run, user is redirected to ''​redirectUrl''​ value (or to ''​errorPage''​ if defined and error occurs). 
 + 
 +===== Response processing ===== 
 +User is now redirected to ''​redirectUrl'',​ where we must process identity link operation result. Operation result is saved in HTTP request attributes. We try to read attribute with prefix ''​AAA_ULR_''​ with identity link identifier at the end. When value exists, **we must invoke base64 decoding on value** to get readable JSON response. 
 + 
 +There is also saved used remote AIM in HTTP attributes. It can be accessed as an attribute with prefix ''​AAA_ULR_RA_''​ with identity link identifier at the end. This value is saved as it is, it is not base64 encoded. 
 + 
 +==== Positive response ==== 
 +When identity link was successful (''​status = OK''​),​ JSON response will be: 
 + 
 +<code javascript>​ 
 +
 +  "​status":​ "​OK",​ 
 +  "​data":​ null, 
 +  "​redirect":​ null 
 +
 +</​code>​ 
 + 
 +When ''​request''​ value was used in identity link setup (e.g. ''​{"​eidProviderMethod":"​READ_EID_USER_DATA","​data":​null}''​),​ ''​data''​ will be filled in service provider response. For example: 
 + 
 +<code javascript>​ 
 +
 +  "​status":​ "​OK",​ 
 +  "​data":​ { 
 +    "​firstName":​ "​John",​ 
 +    "​firstNameApproved":​ true, 
 +    "​lastName":​ "​Green",​ 
 +    "​lastNameApproved":​ true, 
 +    "​permanentAddress":​ "​Castle Road 54, Green Town, CF72 2YD",​ 
 +    "​permanentAddressApproved":​ true, 
 +    "​identityCardNumber":​ "​ID97967588",​ 
 +    "​identityCardNumberApproved":​ true, 
 +    "​identityCardValidTo":​ "​2023-05-10",​ 
 +    "​identityCardValidToApproved":​ true, 
 +    "​birthDate":​ "​1971-10-09",​ 
 +    "​birthDateApproved":​ true, 
 +    "​deliveryAddress":​ "​Castle Road 54, Green Town, CF72 2YD",​ 
 +    "​deliveryAddressApproved":​ true, 
 +    "​telephoneNumber":​ "+44 654 987 987",​ 
 +    "​telephoneNumberApproved":​ true, 
 +    "​voter":​ true, 
 +    "​voterApproved":​ true, 
 +    "​creditCardNumber":​ "4485 5057 0701 1520",​ 
 +    "​creditCardNumberApproved":​ true, 
 +    "​creditCardValidTo":​ "​09/​2022",​ 
 +    "​creditCardValidToApproved":​ true, 
 +    "​creditCardOwner":​ "John Green",​ 
 +    "​creditCardOwnerApproved":​ true, 
 +    "​gender":​ "​male",​ 
 +    "​genderApproved":​ true, 
 +    "​email":​ "​john.green@test.com",​ 
 +    "​emailApproved":​ true, 
 +    "​approvedLF":​ true, 
 +    "​proofingStatus":​ "​APPROVED"​ 
 +  }, 
 +  "​redirect":​ null 
 +
 +</​code>​ 
 + 
 +==== Negative response ==== 
 +See [[nocode:​transactions#​negative_response|Transaction support, Negative response]] chapter. 
  • nocode/identity-link.1564648726.txt.gz
  • Last modified: 2019/08/01 08:38
  • by tjotov