You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: src/pages/verify/e-ids/frejaid.mdx
+54Lines changed: 54 additions & 0 deletions
Original file line number
Diff line number
Diff line change
@@ -183,6 +183,60 @@ Enabling photo verification will force the user to take a photo of themselves wh
183
183
If the photos do not match, the user will be unable to approve the transaction.
184
184
You can enable photo verification with the `login_hint`: `userconfirmationmethod:defaultandface`.
185
185
186
+
## Signing text and data with FrejaID
187
+
FrejaID supports signing text and binary data as part of a regular authentication flow.
188
+
There are three types of signatures: Simple, Extended and Advanced.
189
+
All of the signature types allow you to present text to the user in the Freja app.
190
+
191
+
### Simple signatures
192
+
Simple signatures can be used to sign plain text.
193
+
The Simple signature flow is activated by adding `action:sign` in the `login_hint`.
194
+
The text must be provided in the `login_hint` using the `message` hint.
195
+
The text must be base64 encoded and no longer than 4096 characters (prior to base64 encoding).
196
+
The text will be shown to the user in the Freja app while authenticating.
197
+
198
+
### Extended signatures
199
+
Extended signatures can be used to sign plain text and some additional binary data.
200
+
The Extended signature flow is activated by adding `action:sign_extended` in the `login_hint`.
201
+
The text must be provided in the `login_hint` using the `message` hint, while the binary data must be provided using the `nonVisibleData` hint.
202
+
Both the text and the binary data must be base64 encoded.
203
+
The text must be no longer than 4096 characters and the binary data no larger than 5 MB (both prior to base64 encoding).
204
+
The text will be shown to the user in the Freja app while authenticating, but the binary data will not be shown to the user.
205
+
206
+
### Advanced signatures
207
+
Advanced signatures can be used to sign plain text and receive a response that is compatible with the "Mina meddelanden" digital communication platform in Sweden.
208
+
The Advanced signature response is tied to the user's personal data and can be independently validated.
209
+
The Advanced signature flow is activated by adding `action:sign_advanced` in the `login_hint`.
210
+
The text must be provided in the `login_hint` using the `message` hint.
211
+
The text must be base64 encoded and no longer than 4096 characters (prior to base64 encoding).
212
+
The text will be shown to the user in the Freja app while authenticating.
213
+
214
+
Advanced signatures are only available for Swedish users.
215
+
Advanced signatures require the Social Security Number and the Basic User Information (i.e. name) of the user.
216
+
These scopes will automatically be added to your request if the Advanced signature flow is activated.
217
+
218
+
### Signature responses
219
+
When the user has approved a Simple or an Extended signature, the JWT will contain the claims `certificateStatus` and `userSignature`.
220
+
When the user has approved an Advanced signature, the JWT will contain the claims `certificateStatus`, `userSignature` and `advancedSignature`.
221
+
222
+
The `certificateStatus` claim contains the OCSP response regarding the user certificate status when the signature was validated.
223
+
The `userSignature` claim contains the signature of the user.
224
+
The `advancedSignature` claim contains an XML signature containing the signature method, signature value, certificate chain, signing time and text presented to the user in the Freja app.
225
+
226
+
<Highlighticon="exclamation"warning>
227
+
Note that signing can produce very large JWTs which are not appropriate for use in `Bearer` headers.
228
+
This means that JWTs produced from signature flows can often not be used for authentication.
229
+
</Highlight>
230
+
231
+
### Features available for all signature types
232
+
You can add a title to be displayed in the Freja app over the text to sign by adding the `title` hint in the `login_hint`.
233
+
The text in the `title` hint must be base64 encoded and no longer than 128 characters (prior to base64 encoding).
234
+
235
+
The Freja app may sometimes send a push notification to the user's device if the user information is prefilled.
236
+
The push notification will contain a default title and message, but you can customize it.
237
+
Use the `pushTitle` and `pushText` hints in the `login_hint` to override the default push notification.
238
+
Both the push notification title and the push notification text must be base64 encoded and no longer than 256 characters each (prior to base64 encoding).
239
+
186
240
## Ordering FrejaID
187
241
188
242
To start accepting real users with FrejaID, you must first request a certificate to identify your organization.
0 commit comments