Easy way to add eID user identification on you website.
Using eID Easy ID you can add secure ID-card, Mobile-ID and Smart-ID app authentication to your site without the need for complex custom nginx/apache setup and multiple integrations for each country and each secure identification method.
We have provided eID Easy plugin for WordPress. There is community provided open source plugin made for Drupal https://www.drupal.org/project/smartid_auth Other platforms can use internet standard Oauth 2.0 protocol to add ID-card and Mobile-ID logins.
eID Easy is using OAuth 2.0 protocol like Google and Facebook. However if you want to have more details of how to integrate then read on.
STEP 1 – Register website to get the API keys.
- Open registration page at id.eideasy.com
- Authenticate yourself
- Enter Website home page address and redirect_uri value where user will be redirected after authentication.
- Save the created client_id and secret values to a safe place. Do not tell the secret value to anyone for added security
STEP 2 – Integrate the login into your website.
- Redirect user to eID Easy authorize endpoint https://id.eideasy.com/oauth/authorize with client_id, redirect_uri and response_type url parameters. Full url will look like https://id.eideasy.com/oauth/authorize?client_id=pM…m5&redirect_uri=https://example.com/login&response_type=code.
Explanation of the url parameters:- client_id – client_id value that you got when registering the website
- redirect_uri – redirect_uri value that you entered when registering the website
- response_type=code – this is always like that on authorize page
- After user has been authenticated then he is redirected to the redirect_uri page with url parameter code. Code is authentication token that can be exchanged with access_token to get user data as described in next point.
- Exchange authorization code with access token with http POST query to https://id.eideasy.com/oauth/access_token with post body parameters code, grant_type, client_id, client_secret and redirect_uri. Full url will look like https://id.eideasy.com/oauth/access_token and post body needs to contain values in following format
code=fy…36&grant_type=authorization_code&client_id=r1…oo&client_secret=Iu…ch&redirect_uri=https://example.com/login. Query returns JSON like {“access_token”:”yF…zc”,”token_type”:”Bearer”,”expires_in”:3600} . Use the access_token value from this json to get the user data as a next step.
Make sure that “Content-Type: application/x-www-form-urlencoded” and redirect_uri value is urlencoded.
Explanation of the URL parameters:- client_id – client_id value that you got when registering the website
- client_secret – secret value that you got when registering the website
- redirect_uri – redirect_uri value that you entered when registering the website
- code – code value that was set when redirecting user back from authorization endpoint
- grant_type=authorization_code – this is always like that when getting the access token
- Get the user data from url https://id.eideasy.com/api/v2/user_data . This call has only one url parameter access_token. Full url will look like https://id.eideasy.com/api/v2/user_data?access_token=2D…Co .
Result will be JSON where new fields could be added. Example user_data response in JSON format is {“status”:”OK”,”idcode”:”46912302711″,”lastname”:”Kersti”,”firstname”:”Kaljulaid”,”email”:”president@eesti.ee”,”email_verified”:”true”,”last_login_method”:”id-card”,”current_login_method”:”Facebook”}”
Explanation of the URL parameters:access_token – access_token value that was received when sending post call to https://id.eideasy.com/oauth/access_token
More tips
It is possible to pre-choose authentication method for the user. For this add &method=%3Cvalue%3E to the authenticaion page URL. In this case only one authentication method is shown.
Possible values are:
- ee-id-card
- lv-id-card
- lt-id-card
- pt-id-card
- ee-mobile-id
- lt-mobile-id
If oauth2 client library is used then all of the integration flow is very easy. One example of such library is https://github.com/thephpleague/oauth2-client
