Pluggable Verification

Introduction

Pluggable Verification is what enables the provision of custom verification methods instead of the default email confirmation process. This flow consists of two parts:

  • External verification - The Relying Party Application (RPA) creates their own unique verification flow based on their needs. Once the verification has passed, the RPA makes a request to the MIRACL platform to register an MPin Identity and receive an activation code for the given user.

  • User Registration - With the received activation code, the Client activates the user identity and finalizes the registration process on our platform.

sequenceDiagram Client ->+ RPA: Start verification process for userID RPA->+MIRACL: Generate MPin Identity and activation code MIRACL -->- RPA: mpinID, activation code RPA -->- Client: mpinID, activation code Client->+MIRACL: Initiate Registration with activation code MIRACL-->-Client: Client secret shares Client --> Client: Enter PIN Client --> Client: Complete identity registration

Authorization endpoint

After a successful activation request, the user needs to be redirected to the OIDC authorization endpoint (as described in OIDC Client Setup). The activation token from the response should be passed to the authorization endpoint as an URL parameter acttoken. In addition the user ID for which the activation was done needs to also be passed as prerollid. Here is an example of an authorization endpoint URL:

https://api.mpin.io/authorize?client_id=wplkh5ertuboa&redirect_uri=https%3A%2F%2Fexample.com%2Flogin&response_type=code&scope=openid+email+profile&acttoken=ACTIVATION_TOKEN&prerollid=user@example.com

API Reference

  • POST /activate/initiate - Creates an MPin Identity and receives an activation token used to activate the identity during the registration process.
Authorization: "Basic <base64(clientId:clientSecret)>"
Payload:
{
        userId: string,
        deviceName: string
}

Response:
{
        mpinId: string,
        hashMPinId: string,
        actToken: string,
        expireTime: integer
}