eID Easy authentication page flow
For a complete authentication of a user, you need to follow these steps:
1. Redirect the user to eID Easy authorize endpoint.
URL: https://id.eideasy.com/oauth/authorize
Required query parameters:
| Parameter | Description |
|---|---|
client_id | client_id value that you got when registering the website |
redirect_uri | You set this value when you registered your website in My Webpages |
response_type | This is always code. |
Optional query parameters:
| Parameter | Description | Values |
|---|---|---|
state | RECOMMENDED: A unique string to prevent CSRF attacks. | Any string. |
lang | Language of the user. Use 2-letter codes. | ISO 639-1 |
start | User’s selected method code. Authentication begins with this method if specified. | See available method codes. |
phone | Supported methods (e.g Mobile-ID) mobile number prefill. | Mobile number. |
idcode | Supported methods (e.g Smart-ID and Mobile-ID) number prefill. | ID code. |
country | Country preselect. | EE, LT, LV, etc. |
lang_selector | Determines whether the language selector is shown or not. | true | false. |
cancel_button | Determines whether the cancel button is shown or not. | true | false. |
allow_method_change | If set to false, the user can only use the method provided with the start and country params. | true | false. |
scope | A + separated list of scopes. |
Example: https://id.eideasy.com/oauth/authorize?client_id=pM...m5&redirect_uri=https://your-site.com/login&response_type=code
Important Information about Scopes.
- Scopes are enabled per method. Please contact us to enable scopes for the supported method(s).
- Not all methods support scopes.
‼️
We recommend using additional scopes in a situation where you automatically choose a method for your end user, that is use allow_method_change=false, start, and country query parameters. Your users would experience error if they are able to choose methods for themselves and scopes are not enabled for those methods.
2. User will go through the authentication flow on our login page.
Don’t worry, we’ll send them back.
3. After authentication, user is redirected to your redirect_uri.
e.g https://your-site.com/login?code=j93jd0qk. Notice you received a query param named code. We’ll use this in the next step.
If you have set the state parameter in the step 1, your redirect_uri will also contain the state parameter. e.g https://your-site.com/login?code=j93jd0qk&state=xyz123. Ensure that the state value is the same as the one you set in step 1.
4. Make a POST request eID Easy server to ask for access token.
URL: https://id.eideasy.com/oauth/access_token
Required headers:
| Header Name | Value |
|---|---|
Content-Type | application/x-www-form-urlencoded |
Required body parameters:
| Parameter | Description |
|---|---|
client_id | client_id value that you got when registering the website |
client_secret | secret value that you got when registering the website |
redirect_uri | redirect_uri value that you entered when registering the website |
code | code value that was set when redirecting user back from authorization endpoint |
grant_type | This is always authorization_code. |
Example Request body:
{
"code": "j93jd0qk",
"grant_type": "authorization_code",
"client_id": "pM...m5",
"client_secret": "Iu...ch",
"redirect_uri": "http://example.com/login"
}
Example response:
{
"access_token":"yF...zc",
"token_type":"Bearer",
"expires_in":3600
}
You’ll need the access_token value in the next step.
5. Make a GET request to eID Easy server to ask for user details.
URL: https://id.eideasy.com/api/v2/user_data
Add the access_token value to the HTTP Authorization request header.
Example:
Authorization: 'Bearer yF...zc'
Example response:
{
"status": "OK",
"idcode": "39111123456",
"lastname": "John",
"firstname": "Smith",
"current_login_method": "ee-id-login",
"birth_date": "1991-11-11",
"country": "EE"
}
About returned data
Not all methods return the same data. For example, some methods do not return the idcode or birth_date values. See Electronic Identities in test environment for more details about the returned data of each methods.