Introduction
Pluggable Verification is what enables the provision of custom verification methods instead of the default email confirmation process. This flow consists of two parts:
-
External verification - The Relying Party Application (RPA) creates their own unique verification flow based on their needs. Once the verification has passed, the RPA makes a request to the MIRACL platform to register an MPin Identity and receive an activation code for the given user.
-
User registration - With the received activation code, the Client activates the user identity and finalizes the registration process on our platform.
sequenceDiagram Client ->+ RPA: Start verification process for userID RPA->+MIRACL: Generate MPin Identity and activation code MIRACL -->- RPA: mpinID, activation code RPA -->- Client: mpinID, activation code Client->+MIRACL: Initiate Registration with activation code MIRACL-->-Client: Client secret shares Client --> Client: Enter PIN Client --> Client: Complete identity registration
Authorization endpoint
After a successful activation request, the user needs to be redirected to the
OIDC authorization endpoint (as described in OIDC client
setup). The activation
token from the response should be passed to the authorization endpoint as an URL
parameter acttoken. In addition the user ID for which the activation was done
needs to also be passed as prerollid. Here is an example of an authorization
endpoint URL:
https://api.mpin.io/authorize?client_id=wplkh5ertuboa&redirect_uri=https%3A%2F%2Fexample.com%2Flogin&response_type=code&scope=openid+email+profile&acttoken=ACTIVATION_TOKEN&prerollid=user@example.com
API reference
- POST
/activate/initiate- Creates an MPin Identity and receives an activation token used to activate the identity during the registration process.
Authorization: "Basic <base64(clientId:clientSecret)>"
Payload:
{
userId: string,
deviceName: string
}
Response:
{
mpinId: string,
hashMPinId: string,
actToken: string,
expireTime: integer
}