With user input
This authenticator expects users to input an identifier. Based on the configuration it can be e-mail, personnummer, phone number, or organizational identifier.
Configuration
Based on the Freja e-ID documentation found here:
Freja eID Relying Party Developers' Documentation
Authenticator type: FrejaWithUserInput
Common Authenticator configuration can be found here.
internal_http_destination
ID of the internal http client used to talk with backend.
N/A
mode
Four modes are possible: "prod_personal"
, "test_personal"
, "prod_org"
& "test_org"
. Depending on the mode, the URL used to talk to Freja backen differs.
"prod_personal"
userInfoType
How to identify the user on the front end. Possible values are: "PHONE"
, "EMAIL"
, "SSN"
, "ORG_ID"
"SSN"
attributesToReturn
Array of attributes to return to the server after completed authentication. See allowed values in Freja documentation
N/A
minRegistrationLevel
Required registration level. Allowed values are "BASIC"
, "EXTENDED"
or "PLUS"
"PLUS"
relyingPartyId
Value of the relying party ID to be used
N/A
custom_identifier
When logging events, the custom_identifier lets you tag the event.
N/A
Property base_path should not contain the full path when used in conjunction with the Selector, instead, the full URI will be handled by the selector. The full path will be base_path + / + id.
Logging
Apart from system logging, event logging is done when starting, completing, and failing a transaction.
Event ids are:
WEB_100005("Freja authentication started")
IDENTIFIER (user trace id)
SOURCE_ADDRESS (ip address of device starting transaction)
CUSTOMER_IDENTIFIER (if configured)
WEB_100006("Freja authentication completed")
IDENTIFIER (user trace id)
SOURCE_ADDRESS (ip address of the device used)
CUSTOMER_IDENTIFIER (if configured)
WEB_100008("Freja authentication canceled or expired")
IDENTIFIER (user trace id)
SOURCE_ADDRESS (ip address of the device used)
CUSTOMER_IDENTIFIER (if configured)
Data exposed to global state
After a user completes a transaction, the authenticator is marked as done. Data from the authentication response is then put into the global state replacing existing values:
details
givenName
surName
ssn
co
mail
organisationIdIdentifier
integratorSpecificUserId
relyingPartyUserId
registrationLevel
Note that it is not guaranteed that all parameters hold value. The result varies depending on the configuration
API
When communicating with the backend this describes the
General requirements
Backend communications are made using AJAX and the HTTP PUT method. Every request need a Content-Type with the value of application/json
.
Getting state
Body must conform to the example below.
Starting an authentication
To start authentication send AJAX request containing the user's identifier, 12 digits.
Cancel a request
A request can be canceled at any time. This is done by sending a cancel request.
Response from server
In general, you should expect a server response with http status code 200. Anything else is to be considered an error.
Response body will be in the form of a JSON object. Typically the response looks like:
The property "status"
will contain status.
Possible status messages
One of the following status codes is returned based on the current state.
ABOUT_TO_START
PENDING
COMPLETED
FREJA_ERROR
ERROR
Possible frejaStatus messages
One of the following frejaStatus codes is returned based on the current state.
STARTED
DELIVERED_TO_MOBILE
CANCELED
RP_CANCELED
EXPIRED
APPROVED
REJECTED
UNKNOWN
Data in authRef
Once the authentication process has started the identifier generated by the Freja-backed server is sent back to the client in parameter authRef.