3. Signing operation
1) Obtain Authorization code
Request
urn:safelayer:eidas:sign:identity:use:server scope shall be used
GET /trustedx-authserver/oauth/lvrtc-eipsign-as?response_type=code&
client_id=...&
state=...&
redirect_uri=...&
scope=...&
prompt=...&
acr_values=...&
ui_locales=...&
sign_identity_id = ...&
digests_summary = ...&
digests_summary_algorithm = ...&
sign_identity_id value is previously received value
digests_summary value ir signable data calculated by using received signing certificate
At this point end-user with active SSO session enters HSM password in redirected page
Response
GET {redirection_uri_path}?code={code}&state={state}
HTTP/1.1
Host: {redirection_uri_host}
2) Obtain a access token
Request
Using "code" value received from previous operation
POST /trustedx-authserver/oauth/lvrtc-eipsign-as/token HTTP/1.1
Host: eidas.eparaksts.lv
Authorization: Basic cG9ydCVDNCU4MWxzOmRybyVDNSVBMSVDNCVBQmJh
Content-Type: application/x-www-form-urlencoded;
charset=UTF-8
grant_type=authorization_code&
redirect_uri=<https://www.demoapp.lv/oauth/back&>
code=4515...e0ban
Response
{
"access_token" : "{string}",
"token_type" : "Bearer",
"expires_in" : "{number}"
}
3) Create a Digital Signature on the Server
Request
Using "sign_identity_id" value received from previous operations and "digest_value" value calculated by using received signing certificate.
If you are using SignAPI service, then received "diggest" property value from the calculateDigest operation response shall be used as "digest_value" value
POST /trustedx-resources/esigp/v1/signatures/server/raw
Host: eidas.eparaksts.lv
Content-Type: application/json
Authorization: Bearer cbc...6daf
Content-Length: 213
{
"digest_value" :
"n4bQgYhMfWWaL+qgxVrQFaO/TxsrC4Is0V1sFbDwCgg",
"signature_algorithm" : "ecdsa",
"sign_identity_id" : "nio...omq"
}
Response
Response contains the binary value of the PKCS #1 signature.
Updated about 1 year ago