3. Signing operation
1) Obtain Authorization code
Request
urn:safelayer:eidas:sign:identity:use:serverscope shall be used
GET /trustedx-authserver/oauth/lvrtc-eipsign-as?response_type=code&
client_id=...&
state=...&
redirect_uri=...&
scope=...&
prompt=...&
acr_values=...&
ui_locales=...&
sign_identity_id = ...&
digests_summary = ...&
digests_summary_algorithm = ...&
sign_identity_idvalue is previously received value
digests_summaryvalue ir signable data calculated by using received signing certificateAt this point end-user with active SSO session enters HSM password in redirected page
Response
GET {redirection_uri_path}?code={code}&state={state}
HTTP/1.1
Host: {redirection_uri_host}2) Obtain a access token
Request
Using
codevalue received from previous operation
POST /trustedx-authserver/oauth/lvrtc-eipsign-as/token HTTP/1.1
Host: eidas.eparaksts.lv
Authorization: Basic cG9ydCVDNCU4MWxzOmRybyVDNSVBMSVDNCVBQmJh
Content-Type: application/x-www-form-urlencoded;
charset=UTF-8
grant_type=authorization_code&
redirect_uri=<https://www.demoapp.lv/oauth/back&>
code=4515...e0banResponse
{
"access_token" : "{string}",
"token_type" : "Bearer",
"expires_in" : "{number}"
}3) Create a Digital Signature on the Server
Request
Using
sign_identity_idvalue received from previous operations anddigest_valuevalue calculated by using received signing certificate.If you are using SignAPI service, then received
diggestproperty value from thecalculateDigestoperation response shall be used asdigest_valuevalue
POST /trustedx-resources/esigp/v1/signatures/server/raw
Host: eidas.eparaksts.lv
Content-Type: application/json
Authorization: Bearer cbc...6daf
Content-Length: 213
{
"digest_value" :
"n4bQgYhMfWWaL+qgxVrQFaO/TxsrC4Is0V1sFbDwCgg",
"signature_algorithm" : "ecdsa",
"sign_identity_id" : "nio...omq"
}Response
Response contains the binary value of the PKCS #1 signature.
Updated 17 days ago