Web login flow

Web login redirects users to the Digidentity webpage to log in, then redirects the user back to the client webpage once complete. Once logged in, the client can retrieve the user's personal details via either:

• OIDC (OpenID Connect): A summary of the user's primary personal details.
• Identity verification report: A report containing more extensive personal details (eg. results of background checks, or photos of the user's identity documents).

Web login with OIDC

sequenceDiagram
    participant USR as End-user
    participant DFE as Digidentity<br>webpage
    participant CFE as Client<br>webpage
    participant CBE as Client<br>backend
    participant DBE as Digidentity<br>backend

    USR -->> CFE: User requests access to client resource
    CFE ->>+ DFE: Log in with Digidentity<br>via hyperlink (1)<br>(Authorisation request)
    USR -->> DFE: Scan QR code
    USR -->> USR: Register/Enter PIN<br>in Digidentity app
    DFE ->>- CFE: Callback with<br>authorisation code
    CFE -->> CBE: Retrieve authorisation code<br>from callback params
    CBE ->>+ DBE: Request access token<br>with authorisation code (2)
    DBE ->>- CBE: Access token
    CBE ->>+ DBE: Request user info<br>with access token (3)
    DBE ->>- CBE: User info
    CBE -->> CFE: Update webpage

---

• (1) /oauth2/authorize
• (2) /oauth2/token
• (3) /user_info.json

Web login with identity verification report

sequenceDiagram
    participant USR as End-user
    participant DFE as Digidentity<br>webpage
    participant CFE as Client<br>webpage
    participant CBE as Client<br>backend
    participant DBE as Digidentity<br>backend

    loop Once per day
        CBE ->>+ DBE: Request application token (1)
        DBE ->>- CBE: Application token
    end

    USR -->> CFE: User requests access to client resource
    CFE ->>+ DFE: Log in with Digidentity<br>via hyperlink (2)<br>(Authorisation request)
    USR -->> DFE: Scan QR code
    USR -->> USR: Register/Enter PIN<br>in Digidentity app
    DFE ->>- CFE: Callback with<br>authorisation code
    CFE -->> CBE: Retrieve authorisation code<br>from callback params
    CBE ->>+ DBE: Request access token<br>with authorisation code (3)
    DBE ->>- CBE: Access token
    CBE -->> CBE: Retrieve user pseudonym<br>from access token
    CBE ->>+ DBE: Request identity report<br>with application token<br>and user pseudonym (4)
    DBE ->>- CBE: Identity report
    CBE -->> CFE: Update webpage

---

• (1) /oauth2/token.json
• (2) /oauth2/authorize
• (3) /oauth2/token
• (4) /api/v1/reports.json