POST/authorisation/v2/siop-sessions
Session Token endpoint as the callback for DID SIOP Response.
Request
- application/x-www-form-urlencoded
Bodyrequired
The request body must contain an ID Token (parameter name: id_token) and, optionally, a VP token (as vp_token) (only for onboarding).
The ID Token should be a JWT.
Its header must contain the signer's kid (e.g. "kid": "did:ebsi:zbM8cCuoBMFNLeQyLiVFyxw#keys-1").
The ID Token payload must contain the following fields:
aud: the URL of the /siop-sessions endpoint, e.g. "https://api-pilot.ebsi.eu/authorisation/v2/siop-sessions"sub: the subjectsub_jwk: the JWK used to sign the JWTnonce: a random UUIDclaims:encryption_key: public key used to encrypt the response
responseMode: should be "form_post",iss: should be "https://self-issued.me/v2",_vp_token: only if the request also contains a VP token.presentation_submission: a VP submission object (https://identity.foundation/presentation-exchange/spec/v2.0.0/#presentation-submission).
Here's an example of a valid presentation_submission:
"presentation_submission": {
"id": "237b0eec-0b7e-4a16-b3bc-bdd42f57b86b",
"definition_id": "b5c07e84-55f6-48e1-a531-3608d26fc336",
"descriptor_map": [
{
"id": "6f43bcea-da4b-4e45-ac2c-25307d6dfe34",
"format": "jwt_vp",
"path": "$",
"path_nested": {
"id": "onboarding-input-id",
"format": "jwt_vc",
"path": "$.vp.verifiableCredential[0]"
}
}
]
}
With the associated vp_token being a Verifiable Presentation JWT:
eyJhbGciOiJFUzI1NksiLCJ0eXAiOiJKV1QiLCJraWQiOiJkaWQ6ZWJzaTp6c3ROc2VtaWZrd2ZVY2pBYzJucDFXcCNTLTJiQV9lUXNTa1JDbmw0ZnNielVWZGtwM3F4WEVrcnFKTTI3WWhBZUtzIn0.eyJqdGkiOiIiLCJzdWIiOiJkaWQ6ZWJzaTp6c3ROc2VtaWZrd2ZVY2pBYzJucDFXcCIsImlzcyI6ImRpZDplYnNpOnpzdE5zZW1pZmt3ZlVjakFjMm5wMVdwIiwibmJmIjoxNjcyODQyOTc3LCJleHAiOjE2ODg1Njc3NzcsImlhdCI6MTY3Mjg0Mjk3OCwiYXVkIjoiYXV0aG9yaXNhdGlvbi1hcGkiLCJ2cCI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSJdLCJ0eXBlIjpbIlZlcmlmaWFibGVQcmVzZW50YXRpb24iXSwidmVyaWZpYWJsZUNyZWRlbnRpYWwiOlsiZXlKaGJHY2lPaUpGVXpJMU5rc2lMQ0owZVhBaU9pSktWMVFpTENKcmFXUWlPaUprYVdRNlpXSnphVHA2Y2pKeVYwUklTSEpWUTJSYVFWYzNkM05UWWpWdVVTTnJaWGx6TFRFaWZRLmV5SnFkR2tpT2lKMll6cGxZbk5wT21GMWRHaGxiblJwWTJGMGFXOXVJMk00TUdSalpHTmlMV1UxTURVdE5HTTRNQzFoTlRnekxUTTROakZsT0RObFlUQTRZaUlzSW5OMVlpSTZJbVJwWkRwbFluTnBPbnB6ZEU1elpXMXBabXQzWmxWamFrRmpNbTV3TVZkd0lpd2lhWE56SWpvaVpHbGtPbVZpYzJrNmVuSXljbGRFU0VoeVZVTmtXa0ZYTjNkelUySTFibEVpTENKdVltWWlPakUyTnpJNE5ESTVOemNzSW1WNGNDSTZNVFk0T0RVMk56YzNOeXdpYVdGMElqb3hOamN5T0RReU9UYzNMQ0oyWXlJNmV5SkFZMjl1ZEdWNGRDSTZXeUpvZEhSd2N6b3ZMM2QzZHk1M015NXZjbWN2TWpBeE9DOWpjbVZrWlc1MGFXRnNjeTkyTVNKZExDSnBaQ0k2SW5aak9tVmljMms2WVhWMGFHVnVkR2xqWVhScGIyNGpZemd3WkdOa1kySXRaVFV3TlMwMFl6Z3dMV0UxT0RNdE16ZzJNV1U0TTJWaE1EaGlJaXdpZEhsd1pTSTZXeUpXWlhKcFptbGhZbXhsUTNKbFpHVnVkR2xoYkNJc0lsWmxjbWxtYVdGaWJHVkJkWFJvYjNKcGMyRjBhVzl1SWwwc0ltbHpjM1ZsY2lJNkltUnBaRHBsWW5OcE9ucHlNbkpYUkVoSWNsVkRaRnBCVnpkM2MxTmlOVzVSSWl3aWFYTnpkV0Z1WTJWRVlYUmxJam9pTWpBeU15MHdNUzB3TkZReE5Eb3pOam94TjFvaUxDSnBjM04xWldRaU9pSXlNREl6TFRBeExUQTBWREUwT2pNMk9qRTNXaUlzSW5aaGJHbGtSbkp2YlNJNklqSXdNak10TURFdE1EUlVNVFE2TXpZNk1UZGFJaXdpWlhod2FYSmhkR2x2YmtSaGRHVWlPaUl5TURJekxUQTNMVEExVkRFME9qTTJPakUzV2lJc0ltTnlaV1JsYm5ScFlXeFRkV0pxWldOMElqcDdJbWxrSWpvaVpHbGtPbVZpYzJrNmVuTjBUbk5sYldsbWEzZG1WV05xUVdNeWJuQXhWM0FpZlN3aVkzSmxaR1Z1ZEdsaGJGTmphR1Z0WVNJNmV5SnBaQ0k2SW1oMGRIQnpPaTh2WVhCcExYQnBiRzkwTG1WaWMya3VaWFV2ZEhKMWMzUmxaQzF6WTJobGJXRnpMWEpsWjJsemRISjVMM1l5TDNOamFHVnRZWE12ZWtoTmNEVXlUSEZLVjI5amJXaEJPVkpyZW01VVYzVkZaV05LV0c5UVJFdDNNMnRYVVhBNE1WbFpPWEJESWl3aWRIbHdaU0k2SWtaMWJHeEtjMjl1VTJOb1pXMWhWbUZzYVdSaGRHOXlNakF5TVNKOWZYMC5vdmR1a20wVnpRNWpUZE9nTmJHY0g4LTVCdFZTMTNqcDhxUUstV0JJQTlvbmU5WmswUnRXZWV2RkJMQ05LeGdCWS0tMk1WZ0E2eUJTNHR4Y3Z4VlZhZyJdLCJob2xkZXIiOiJkaWQ6ZWJzaTp6c3ROc2VtaWZrd2ZVY2pBYzJucDFXcCJ9fQ.86g3f_b5JvsvKwuayWGp_9BpQ0GwsvmY_51K88npaFM2CWJH6D3Aqjee4_URXHPtdSzKoiBhPdGqGyz3RACsKQ
id_token stringrequired
JWS compact serialised ID Token
vp_token string
A Verifiable Presentation JWT. Only for onboarding.
Responses
- 200
- 400
- 500
Success
- application/json
- Schema
- Encrypted access token
Schema
ake1_enc_payload string
Encrypted payload with user's public key
ake1_jws_detached string
Detached JWS of AKE1 Signing Payload
ake1_sig_payload object
ake1_enc_payload string
Encrypted payload with user's public key
ake1_nonce string
Nonce used during the authentication process
did string
API DID
iat number
Issued at
exp number
Expires
iss string
Issuer (Authorisation API)
kid string
API KID
{
"ake1_enc_payload": "ce527bf1e06bd6241625d54e76bdb5ac029c455f97324ed20a5038724966ba5d9befd49195b4841b513c7f23e785c99f87bad2e255cbceb1152cef05b15137a1411520d8d578961f16d6c59ec042889e45cb4d3965d9d859dac8f217b3b3776ad342a605f2bb985d820ad8b0f6cb2c7c40da4d1ebd3efb5a3d57507e0479801c088e68b277fac799f852c1053a1dacc7cdb921cff2006eaf1b3fa3a5b64de91e991390b7317814625f490a1354dc2b69498b2bfad7caf0e819ebd93cccb2ef26e399d996ab19910605d798dacf9f78489dd7bac8613b5da28314e1153d929a9059decedce00eeb2848ee95f14e523f9f12372e71b9db4ebe702ce508d2dbc1e5cbdafcd5a15afe397fb35f9a45424c6aac43380b054185cbac4f498a5db4dcf517cf8bc760354c26e2e1af37dbdf06f888e5d424a66ab9546475b187787b557d197af20c7ac1e0639acf0304f051194da4be7c8badb0747b3e669ffd7ffe5a2c9c2060f338d8e4eb3010e10e6a67a1c8fe21d48ee7bc5d540497071f80dd36e58d309e868837c193dd5646b33baa61c3c190d5ce44d08bc6820d240e14edd12af9ae8242e5a7186c1697426d14e97101313331cb1d803030cd2d6d2799852bda0dbc80b3c927efffc19d170327ac11c5d645b83c38fdcfb9ac779d9eac795d8eb671fe0ade56cdcb020261e1bf6d2e1d2fdfc1f954959c2d5516adf3f2abcee298c92b5451e3dee89d1903b8390fe9a426278ec879a59e682eabf8b8f3ad4482de9c636a41e506c82d7d0be1a92d926ba7fb05779f2612a86f8b47e10477b1d6080044d1f983cf3cb81e35af5b3ea4205e1d25ce0b6d20755442904d670380082203e25d4326df0ab47ee8bb404f98d5184a3949e043a0656e856f78f442fb33a2ec63c7347520c796fb721bfc0c6106c0db9e0580ba17aa3f96abf1a4744256635803f90bcfce185ddba20a8635a1c59f68760220ddaf296ac3a582ea953f928290c50f186ea8909a9a94a82b6b1c8204f243a4ed4cef5fd672959cec8359a57ac08c4b41ccb515b963f675af7cf4a9bef97f13942a63678680fb8f9e2de766f3c578d6f5913d7e71aafbd5ebc965b90ce4c3dc4a7bc2af74754c3e7c05fc3fbd1851ee5caa4723fe7bf5a9cd804a979bbd341836bcb3e82ad164748cb46f5d9fd4b599d27a307962eea6465eb91a6155",
"ake1_sig_payload": {
"iat": 1672841881,
"exp": 1672842781,
"ake1_nonce": "53a6e914-ef94-412b-b226-82da24be3dd9",
"ake1_enc_payload": "ce527bf1e06bd6241625d54e76bdb5ac029c455f97324ed20a5038724966ba5d9befd49195b4841b513c7f23e785c99f87bad2e255cbceb1152cef05b15137a1411520d8d578961f16d6c59ec042889e45cb4d3965d9d859dac8f217b3b3776ad342a605f2bb985d820ad8b0f6cb2c7c40da4d1ebd3efb5a3d57507e0479801c088e68b277fac799f852c1053a1dacc7cdb921cff2006eaf1b3fa3a5b64de91e991390b7317814625f490a1354dc2b69498b2bfad7caf0e819ebd93cccb2ef26e399d996ab19910605d798dacf9f78489dd7bac8613b5da28314e1153d929a9059decedce00eeb2848ee95f14e523f9f12372e71b9db4ebe702ce508d2dbc1e5cbdafcd5a15afe397fb35f9a45424c6aac43380b054185cbac4f498a5db4dcf517cf8bc760354c26e2e1af37dbdf06f888e5d424a66ab9546475b187787b557d197af20c7ac1e0639acf0304f051194da4be7c8badb0747b3e669ffd7ffe5a2c9c2060f338d8e4eb3010e10e6a67a1c8fe21d48ee7bc5d540497071f80dd36e58d309e868837c193dd5646b33baa61c3c190d5ce44d08bc6820d240e14edd12af9ae8242e5a7186c1697426d14e97101313331cb1d803030cd2d6d2799852bda0dbc80b3c927efffc19d170327ac11c5d645b83c38fdcfb9ac779d9eac795d8eb671fe0ade56cdcb020261e1bf6d2e1d2fdfc1f954959c2d5516adf3f2abcee298c92b5451e3dee89d1903b8390fe9a426278ec879a59e682eabf8b8f3ad4482de9c636a41e506c82d7d0be1a92d926ba7fb05779f2612a86f8b47e10477b1d6080044d1f983cf3cb81e35af5b3ea4205e1d25ce0b6d20755442904d670380082203e25d4326df0ab47ee8bb404f98d5184a3949e043a0656e856f78f442fb33a2ec63c7347520c796fb721bfc0c6106c0db9e0580ba17aa3f96abf1a4744256635803f90bcfce185ddba20a8635a1c59f68760220ddaf296ac3a582ea953f928290c50f186ea8909a9a94a82b6b1c8204f243a4ed4cef5fd672959cec8359a57ac08c4b41ccb515b963f675af7cf4a9bef97f13942a63678680fb8f9e2de766f3c578d6f5913d7e71aafbd5ebc965b90ce4c3dc4a7bc2af74754c3e7c05fc3fbd1851ee5caa4723fe7bf5a9cd804a979bbd341836bcb3e82ad164748cb46f5d9fd4b599d27a307962eea6465eb91a6155",
"did": "did:ebsi:zbM8cCuoBMFNLeQyLiVFyxw",
"iss": "authorisation-api_pilot-temp-01"
},
"ake1_jws_detached": "eyJhbGciOiJFUzI1NksiLCJ0eXAiOiJKV1QiLCJraWQiOiJodHRwczovL2FwaS1waWxvdC5lYnNpLmV1L3RydXN0ZWQtYXBwcy1yZWdpc3RyeS92My9hcHBzL2F1dGhvcmlzYXRpb24tYXBpX3BpbG90LXRlbXAtMDEifQ..bJ5gwcsgYcRTpMAJYpkUPGSYA962eioQ94Yju7buVGneuCCmelxWH-ZhKxMf7RolebgdVrrnNIIhdTZLJ8NpMw",
"kid": "https://api-pilot.ebsi.eu/trusted-apps-registry/v3/apps/authorisation-api_pilot-temp-01"
}
Bad Request
- application/problem+json
- Schema
- Bad Request
- Token Expired
- Issuer Not Found
Schema
type uri
Default value: about:blank
An absolute URI that identifies the problem type. When dereferenced, it SHOULD provide human-readable documentation for the problem type.
title string
A short summary of the problem type.
status int32
Possible values: >= 400 and <= 600
The HTTP status code generated by the origin server for this occurrence of the problem.
detail string
A human readable explanation specific to this occurrence of the problem.
instance uri
An absolute URI that identifies the specific occurrence of the problem. It may or may not yield further information if dereferenced.
{
"title": "Bad Request",
"status": 400,
"detail": "Bad request."
}
{
"title": "Token Expired",
"status": 400,
"detail": "The token has expired."
}
{
"title": "Issuer Not Found",
"status": 400,
"detail": "Issuer not found in the trusted apps registry."
}
Internal Error
- application/problem+json
- Schema
- Internal Server Error
Schema
type uri
Default value: about:blank
An absolute URI that identifies the problem type. When dereferenced, it SHOULD provide human-readable documentation for the problem type.
title string
A short summary of the problem type.
status int32
Possible values: >= 400 and <= 600
The HTTP status code generated by the origin server for this occurrence of the problem.
detail string
A human readable explanation specific to this occurrence of the problem.
instance uri
An absolute URI that identifies the specific occurrence of the problem. It may or may not yield further information if dereferenced.
{
"title": "Internal Server Error",
"status": 500,
"detail": "The server encountered an internal error and was unable to process your request."
}
Loading...