Simple flow
API
The simplified flow can be used for text signing and can be initiated by providing the sign scope and the text to be signed, i.e. sign_txt, as query parameters to the authorization request:
GET [authorize_endpoint]... &scope=sign&sign_txt=base64encoded(utf8-string) |
The text to be signed must be base64 encoded and provided in the query parameter sign_txt.
The result contains the basic signatures of the merchant and end user, as well as the hash over the received text. The result is contained in the sign_result claim in the ID token.
Claims
The following table show the additional claims in the id_token after a simplified flow sign session has been finished.
| Claim | Example | Description |
|---|---|---|
sign_result | "sign_result" : { | Signatures of the merchant and end user, as well as the hash over the received text. |
Step-by-step
Simple-text signing allows the end user to sign a predefined text. The result contains the basic signatures of the merchant and end user, as well as the hash over the received text.
Following the regular Authorization Code flow:
| Step | What you do | Endpoint | Method | Considerations | Remarks |
|---|---|---|---|---|---|
| 1 | Get the key properties of the OIDC provider | openid-configuration | GET | ||
| 2 | Build the authorization URL, and redirect the user to the authorization endpoint | authorize | GET | Include In the callback, make sure to check for error and matching states |
This is where the end user interacts with BankID.
|
| 3 | Exchange authorization code for tokens | token | POST | Check matching | The ID Token will contain signed data in |
| 4 | Fetch our public keys and use these to validate token signatures | jwk | GET | Example "sign_result" : { |
Note that Sequence diagram
