Step 2

​Step 2 describes how to set up an identification request using the OpenID Connect protocol and how to get end user through a user logon.

​​Topics found on this page:​

Set up an identification request

An identification request is a URL used to initiate the E-Ident user identification session. The demo app configures the identification request in an HTML form that submits the request to the Nets E-Ident service: 

[https://www.ident-preprod1.nets.eu/its/index.html ].  

The following parameters should be provided along with the request:

  • client_id
  • redirect_uri
  • scope
  • response_type
  • state

 

​Parameter name​Value in demo app
​client_id

Contact support to request the client_id to use.

​redirect_uri​http://localhost:8080/eident/return 
​scope

​openid profile ssn cert

​response_type​code
​state​28/09/2017
Read more for a comprehensive list of all identification parameters.

​User logon

On initiating the identification session, Nets E-Ident service responds to the identification request with an appropriate eID, allowing the end users to identify themselves. The E-Ident service with the eID (or eIDs) can be presented in two modes: Embedded or Standalone.  The E-Ident service can be requested to display the UI in either of these modes.

Embedded user interface

Embedded option allows customers to present E-Ident service UI within their own web UI. To access the embedded UI, the following URL can be used (for customer test):

https://www.ident-preprod1.nets.eu/its/index.html?scope=openid&response_type=code&client_id=<clientid>&redirect_uri=<redirect_uri>&state=<state>&nonce=<nonce>&wi=r

Note that the parameter wi is sent with the value r for embedded user interface.

The page that is returned by the above URL can be styled with customer's own look-and-feel to fit their web UI. One example is to display the response from embedded UI E-Ident URL into an iframe in the customer’s web UI.
A simple iframe can be setup with similar HTML code as below.

 <iframe name="E-Ident"
     src="https://www.ident-preprod1.nets.eu/its/index.html?scope=openid&response_type=code&client_id=<clientid>&redirect_uri=<redirect_uri>&state=<state>&nonce=<nonce>&wi=r" 
     height="512" width="640">
 </iframe>

The E-Ident demo app uses embedded mode to display the E-Ident service UI for the end user to login.  A screenshot from the demo app is shown below.

E-Ident service UI demo app.png
 

Standalone user interface

In the standalone UI, the E-Ident service renders the user interface using the default E-Ident visual interface. To access the standalone UI, the following URL can be used (for customer test).

https://www.ident-preprod1.nets.eu​/its/index.html?scope=openid&response_type=code&client_id=<clientid>&redirect_uri=<redirect_uri>&state=<state>&nonce=<nonce>

The resulting page from the above URL does not require any further styling from the customer i.e. the end user can be directly taken to the standalone user interface E-Ident URL.

Upon successful completion, an authorisation code is generated and returned to the application's redirect_uri.

For test users: Test users

 

Continue to Step 3