Page tree
Skip to end of metadata
Go to start of metadata

Informācijas iegūšana par identitāti no elektroniskā paraksta

There is two types of signing identity, one for electronic signing and one for authentication

Request

GET /trustedx-resources/esigp/v1/sign_identities/{sign_identity_id}

Parameters

NameTypeUsageDescription
sign_identity_id
pathRequiredIdentifier of the signing identity information is being requested on.

Authorization

The request must contain a bearer access token generated by a trusted authorization server of the service from which the information on the signing identity is requested and that is associated to the domain to which the identity belongs. This token must be used as explained in RFC 6750. It must have the urn:safelayer:eidas:sign:identity:profile scope.

Basically, the token must be included in an HTTP Authorization header as follows:

Authorization: Bearer <token>

The access token can be obtained via an authorization code grant or Service provider's credentials grant OAuth 2.0 flow.

Example

GET /trustedx-resources/esigp/v1/sign_identities/12345678 HTTP/1.1
Authorization: Bearer mF_9.B5f-4.1JqM

Response

Response body representation in JSON as follows

{
 "id" : {string},
 "self" : {string},
 "description" : {string},
 "labels" : [ {string} ],
 "type" : {string},
 "device_id" : {string},
 "domain" : {string},
 "access" : [ {
     "user_id" : {string}
 } ]
 "details" : {
      "certificate" : {string},
      "activation_mode": {string},
      "public_key" : {string}
 },
 "links" :  {
      <operation_alias> : {
           "auth" : {
               "oauth2": {
                  "scopes": [ {string} ]
               }
           }
      }    
      },
 "status" : {
    "value" : {string},
    "reason" : {string}
 }
}

Property

Description
id
Identifier of the signing identity.
self
Access URL for the signing identity.
description
Description of the signing identity.
labels[ ]

List of tags associated to the signing identity.

type
Type of signing identity. This property currently always takes the pki:x509 value.
device_id
Device where the private part of the keys associated to the signing identity is located. Only the signing identities on mobile devices have this property.
domain
Domain the signing identity belongs to.
access[ ]
Information on access control to the signing identity.
access[ ].user_id
Identifier of a end-user with access to the signing identity.
details
Details for implementing the signing identity.
details.certificate
X.509 certificate encoded in DER and base64. Only pki:x509 signing identities have this property.
details.activation_mode

Activation mode of the signing identity. Only server signing identities have this property and it can take the following values:

  • "hsm-pwd": the signature identity is activated by a password entered by the owner and validated by the HSM.
details.public_key
Public part of the keys associated to the signing identity. PublicKeyInfo ASN.1 structure encoded in DER and base64. Only pki:x509 signing identities have this property.
links
Information on operations that use the signing identity.
links.<operation_alias>
Information on the <operation_alias> operation regarding the use of the signing identity. Currently the only value possible for <operation_alias> is Signatures.create.server.raw.
links.<operation_alias>.auth
Authorization information on the <operation_alias> operation regarding the use of the signing identity.
links.<operation_alias>.auth.oauth2
OAuth 2.0 authorization information on the <operation_alias> operation regarding the use of the signing identity.
links.<operation_alias>.auth.oauth2.scopes[ ]
Set of OAuth 2.0 scopes required for accessing the <operation_alias> operation so that this operation can use the signing identity.
status
Information on the status of the signing identity.
status.value

Status of the signing identity.

  • "enabled": The signing identity is enabled.
  • "disabled": The signing identity is disabled.
  • "locked": The signing identity is locked.
status.reason
Reason why the signing identity is in its current state. This property is optional and is normally used to indicate why a signing identity has been locked or disabled.

For receiving signing certificate, labels array shall contain serverid tag.

For receiving authentication certificate, labels array shall contain mobileid tag.

  • No labels