1. Electronic identification of end-user
1) Obtain Authorization code
Request
urn:lvrtc:fpeil:aa scope shall be used
GET /trustedx-authserver/oauth/lvrtc-eipsign-as?response_type=code&
client_id=...&
state=...&
redirect_uri=...&
scope=...&
prompt=...&
acr_values=...&
ui_locales=...&
Response
GET {redirection_uri_path}?code={code}&state={state}
HTTP/1.1
Host: {redirection_uri_host}
2) Obtain a access token
Request
Using "code" value received from previous operation
POST /trustedx-authserver/oauth/lvrtc-eipsign-as/token HTTP/1.1
Host: eidas.eparaksts.lv
Authorization: Basic cG9ydCVDNCU4MWxzOmRybyVDNSVBMSVDNCVBQmJh
Content-Type: application/x-www-form-urlencoded;
charset=UTF-8
grant_type=authorization_code&
redirect_uri=<https://www.demoapp.lv/oauth/back&>
code=4515...e0ban
Response
{
"access_token" : "{string}",
"token_type" : "Bearer",
"expires_in" : "{number}"
}
3) Obtain Information About the Authenticated User
Request
Using Access token received from previous operation
GET /trustedx-resources/openid/v1/users/me
Host: eidas.eparaksts.lv
Authorization: Bearer a2b4...6daf
Response (example for urn:lvrtc:fpeil:aa scope)
HTTP/1.1 200 OK
Content-Type: application/json;charset=utf-8
Date: Thu, 16 Nov 2017 10:14:21 GMT
{
"sub": "ddf12735f35675ecb652e6e1a80e41f1",
"domain": "citizen",
"acr": "urn:safelayer:tws:policies:authentication:level:high",
"amr":["urn:eparaksts:tws:policies:authentication:adaptive:methods:sc_plugin"],
"given_name": "ANDRIS",
"family_name": "PARAUDZIŠ",
"name": "ANDRIS PARAUDZIŠ",
"serial_number": "PNOLV-010180-15097",
"eips": "VAS \"Latvijas Valsts radio un televzijas centrs\""
}
Updated over 1 year ago