SPID
The following page contains step by step description of integration with asynchronous SPID strategy via the headless API.
Creating Conversation
We use the same conversation creation endpoint as usually.
{
"userKey": "7dfb9ded-c38f-49ae-95e2-307283a0b1f6",
"returnUrl": "https://sandbox.authologic.com/tests/return/?conversation={conversationId}",
"strategy": "public:fspid",
"query": {
"identity": {
"requireOneOf": [["PERSON_NAME_FIRSTNAME", "PERSON_NAME_LASTNAME"]]
}
}
}
In the response you will receive common values:
{
"id": "9711e1db-7eea-4a19-a05d-4729512e3626",
"userKey": "7dfb9ded-c38f-49ae-95e2-307283a0b1f6",
"url": "https://id.sandbox.authologic.com/c/9711e1db-7eea-4a19-a05d-4729512e3626",
"status": "CREATED",
"result": {
"identity": {
"status": "IN_PROGRESS",
"user": {}
}
}
}
Process Initiation
Now you need to initialize the interaction with the verification process.
All you need to do is just call /api/conversations/{conversationId}/headless endpoint.
Example below:
curl -u my_login "https://sandbox.authologic.com/api/conversations/9711e1db-7eea-4a19-a05d-4729512e3626/headless" \
-H "Accept: application/vnd.authologic.v1.1+json" \
-H 'X-User-IP: XXX.X.X.X' \
-H "Content-Type: application/vnd.authologic.v1.1+json"
What you can expect is response like this:
{
"component": "SPID/SHOW_WIDGET",
"next": "907fa8e6-df86-43f9-8e93-6ebb38483c5b",
"args": {
"providerId": "foo",
"attributeConsumingService": "AUTH",
"authContextClass": "SpidL2",
"onSuccessRedirectUrl": "https://sandbox.authologic.com/p/fspid/return?sessionId=7e03708c-6b60-4203-8946-917c9cb3b72b",
"onFailureRedirectUrl": "https://sandvox.authologic.com/p/fspid/return?sessionId=7e03708c-6b60-4203-8946-917c9cb3b72b",
"apiKey": "YEOZYOEBNKPPTOPPBHVMPMENEIYOVROFAH"
}
}
This means that verification method is SPID and current action that you need to perform in your UI is SHOW_WIDGET.
Initializing the Fabrick widget
The integration on the FrontEnd side plans to insert a JS library provided by Fabrick. The library can be linked from the following site: https://web.fabrick.com/web/fabrick/spid/v1.0/assets/js/spid-button.js(opens in new tab)
The library is linked to Fabrick's production environment (https://www.webfabrick.com/(opens in new tab)), but is agnostic, so you can use the same link for all environments.
Initialization takes place via JS code:
FabrickSpid.init("#fabrick", {
size: "m",
providerId: "foo",
attributeConsumingService: "AUTH",
authContextClass: "SpidL2",
env: FabrickSpid.ENVIRONMENT.PRE,
onSuccessRedirectUrl:
"https://sandbox.authologic.com/p/fspid/return?sessionId=7e03708c-6b60-4203-8946-917c9cb3b72b",
onFailureRedirectUrl:
"https://sandvox.authologic.com/p/fspid/return?sessionId=7e03708c-6b60-4203-8946-917c9cb3b72b",
apiKey: "XWUGEM7LKWA57K4GHQMW8PE4XTJVUFKSGV",
});
while the parameters of use are:
- size - manage the size of the buttons, accepted s, m, l, xl. The 'm' size is a standard one.
- providerId - the id of the provider:
- received in the response of the headless call (args.providerId).
- attributeConsumingService - level of attributes requested from SPID:
- received in the response of the headless call (args.attributeConsumingService).
- authContextClass - security level:
- received in the response of the headless call (args.authContextClass).
- env - usage environment:
- use FabrickSpid.ENVIRONMENT.PRE for sandbox environment
- use FabrickSpid.ENVIRONMENT.PRO for production environment
- onSuccessRedirectUrl - url to redirect in case of success:
- received in the response of the headless call (args.onSuccessRedirectUrl).
- onFailureRedirectUrl - url where to redirect in case of failure:
- received in the response of the headless call (args.onFailureRedirectUrl).
- apiKey - frontend apikey
- received in the response of the headless call (args.apiKey).
Important!
AgID requires by law the logo and links to be included in the SPID button page. Remember NOT to hot-link the agid image (https://s.cdn.authologic.com/img/logo/spid/spid_agid_logo_lb.png(opens in new tab)). Authologic does not guarantee that the logo image is always present and remains unchanged over time. The image must be copied to the local servers.
Below is an example html snippet:
<head>
<script src="https://web.fabrick.com/web/fabrick/spid/v1.0/assets/js/spid-button.js"></script>
</head>
<body>
<div id="fabrick"></div>
<!-- below the div section with the elements required by law -->
<div>
<img src="https://s.cdn.authologic.com/img/logo/spid/spid_agid_logo_lb.png" />
<p><a href="http://www.spid.gov.it" target="_ blank ">Maggiori informazioni su SPID</a></p>
<p><a href="http://www.spid.gov.it/richiedi-spid" target="_blank">Non hai SPID?</a></p>
</div>
<script type="text/javascript">
FabrickSpid.init("#fabrick", {
size: "m",
providerId: "foo",
attributeConsumingService: "AUTH",
authContextClass: "SpidL2",
env: FabrickSpid.ENVIRONMENT.PRE,
onSuccessRedirectUrl:
"https://sandbox.authologic.com/p/fspid/return?sessionId=7e03708c-6b60-4203-8946-917c9cb3b72b",
onFailureRedirectUrl:
"https://sandvox.authologic.com/p/fspid/return?sessionId=7e03708c-6b60-4203-8946-917c9cb3b72b",
apiKey: "XWUGEM7LKWA57K4GHQMW8PE4XTJVUFKSGV",
});
</script>
</body>
Triggering Process
Now it is time to trigger the process on Authologic side.
All you need to do is just call /api/conversations/{conversationId}/headless/{next} endpoint.
As there are no additional parameters to be passed, you can call the endpoint with no arguments.
Example below:
curl -X POST -u my_login "https://sandbox.authologic.com/api/conversations/9711e1db-7eea-4a19-a05d-4729512e3626/headless/907fa8e6-df86-43f9-8e93-6ebb38483c5b" \
-H "Accept: application/vnd.authologic.v1.1+json" \
-H 'X-User-IP: XXX.X.X.X' \
-H "Content-Type: application/vnd.authologic.v1.1+json" \
-d "{
"args": {}
}"
What you should expect is the response like this:
{
"component": "GLOBAL/ACCEPTED"
}
This means that the process is started and we are waiting for the user to confirm the verification. What you need to do is just wait for callback with conversation results from Authologic.