CSC signing flow

Login flow

Before starting the CSC signing flow, the user must first log in via one of the login flows below:

• Passwordless login flow
• Web login flow

Once the user has logged in, the CSC signing flow continues as below:

CSC signing flow

sequenceDiagram
    participant USR as End-user
    participant CFE as Client<br>webpage
    participant CBE as Client<br>backend
    participant DBE as Digidentity<br>backend

    CBE ->>+ DBE: Request CSC token with<br>user access token (1)
    DBE ->>- CBE: CSC token
    CBE ->>+ DBE: Request certificate IDs<br>with CSC token (2)
    DBE ->>- CBE: Certificate IDs

    loop For each certificate ID
        CBE ->>+ DBE: Request certificate details (3)
        DBE ->>- CBE: Certificate details
    end

    CBE -->> CBE: Filter relevant certificates
    CBE -->> CFE: Update webpage<br>(if multiple certificates,<br>display selector)
    USR -->> CFE: Sign document
    CBE ->>+ DBE: Request authorisation<br>with certificate ID (4)
    DBE -->> USR: Push notification to Digidentity app
    USR -->> USR: Enter PIN in<br>Digidentity app
    DBE ->>- CBE: Signature activation data (SAD)
    CBE ->>+ DBE: Request signature<br>with SAD (5)
    DBE ->>- CBE: Signature
    CBE ->>+ DBE: Request timestamp (6)
    DBE ->>- CBE: Timestamp

---

• (1) /api/esign/tokens
• (2) /csc/v1/credentials/list
• (3) /csc/v1/credentials/info
• (4) /csc/v1/credentials/authorize
• (5) /csc/v1/signatures/signHash
• (6) /csc/v1/signatures/timestamp