Skip to content

id.gov.ua OAuth2 part mock

Jump to bottom
Dmytro Minochkin edited this page Aug 3, 2024 · 1 revision

IdGoUa Mock App

Description of mock app that loosely follows API of id.gov.ua (encryption is not implemented yet)

Auth request

Auth url: http://localhost:8081/oauth2/authorize

Query parameters that needs to be sent:

  • Normal query parameters for OAuth client_id and response_type=code
  • redirect_uri: currently only http://localhost:5433/callback/login/idgovua/role/provider is supported.
  • auth_type: list of possible login options, e.g, dig_sign,bank_id,diia_id
  • state: random string that needs to be validated later. Check if OpedIdDict OAuth client supports this out of the box. If not - need to have custom implementation. Min 10 max 512 characters.
  • scope: can be empty, not checked

Token request

Token url: http://localhost:8081/oauth2/get-access-token

Method: POST

When user logs in, he will be redirected to our redirect_uri with state and code. There we need to process the response from idgovua and make a call to token url to receive tokens and user id.

Query parameters that needs to be sent:

  • Normal query parameters for OAuth client_id, client_secret, grant_type=authorization_code, code

Token response

{
  "access_token": "...",
  "refresh_token": "...",
  "user_id": "a string",
  "token_type": "Bearer",
  "expires_in": 299
}

In id.gov.ua API expires_in is a string :(

User Info

User info url: http://localhost:8081/get-user-info

Method: GET

When we have the token and user_id we can request user information.

Query parameters that needs to be sent:

  • user_id: user id from previous step
  • fields=issuer,issuercn,serial,subject,subjectcn,locality,state,o,ou,title,lastname,middlename,givenname,email,address,phone,dns,edrpoucode,drfocode the fields that need to be returned (specify less fields - get less info back :))
  • cert: required field. Can be any string at the moment. We will not implement encryption on the mock service
  • access_token: access token from previous step

As response is not encrypted in the mock API yet, implement the decryption operation as some empty method that return the same string that you send there.

And only transform the json string from field to an object.

{
  "encryptedUserInfo": "json string. see format below"
}

User Info response JSON string

{
  "auth_type": "",
  "issuer": "",
  "issuercn": "",
  "serial": "",
  "subject": "",
  "subjectcn": "",
  "locality": "",
  "state": "",
  "o": "",
  "ou": "",
  "title": "",
  "lastname": "",
  "givenname": "",
  "middlename": "",
  "email": "",
  "address": "",
  "phone": "",
  "dns": "",
  "edrpoucode": "",
  "unzr": "",
  "drfocode": ""
}

Example flow (even with encryption), objects, etc. can be found here Check the .Net folder, EUSignOAuth.cs file

Clone this wiki locally