Step 1

​E-Consent provides a secure solution to customers who require end user consent when third party applications accesses personal data through an API.

This guide is intended for developers who are integrating E-Consent. ​E-Consent is based on the OpenID Connect (OIDC) protocol. The code examples found on these pages are in Java, using Nimbus SDK. Integration can be done with other programming languages and other third party OIDC libraries as well.

The integration requires some customer setup in E-Consent and that the customer has a certificate that can be used to sign requests. Please contact us for support with this setup.
The first step is to get an URL from E-Consent that the third party application can send the end user to. The end user can then authenticate and confirm a consent statement using one of the national electronic ID providers.

 

import com.nimbusds.*;
import org.json.JSONObject;


// The authorization endpoint of E-Consent 
URI authorizationEndpoint = new URI("https://e-consent-preprod1.nets.eu/e-consent/authorize");

// The client identifier (has to be pre-registered)
ClientID clientId = new ClientID("myinsuranse.com");

// The client redirect URI which has to be pre-registered with the ACS
URI redirectURI = new URI("https://myinsurance.com/consent/callback");

// Always 'code'
ResponseType responseType = new ResponseType(ResponseType.Value.CODE);

// Should be 'consent' or 'login' based on whether the scope 'offline_access' is set
String prompt = "login";

// A random generated state (string) used for pairing the response to the request
State state = new State(generateRandomString());

// A globally unique generated nonce
String nonce = generateRandomString();

// The id of the requested scope (not an actual web page)
Scope scope = new Scope("https://myinsurance.com/api/get-insurance-documents");

// The name of the token expected in return
String tokenName = "myinsurance-token";

// Data dynamically included in the consent statement. For instance the third party that the consent is given to.
String thirdParty = "InstantInsurance.com";

// The electronic ID to use for authentication
String eID = "NO_BANKID_MOB";


// Build the content of the 'request' parameter
JWTClaimsSet claims = new JWTClaimsSet.Builder()
        .claim("response_type", responseType.toString())
        .claim("client_id", clientId.toString())
        .claim("redirect_uri", redirectURI.toString())
        .claim("scope", scope.toString())
        .claim("state", state)
        .claim("nonce", nonce)
        .claim("prompt", prompt)
        .claim("amr", eID)
        .claim("claims", new JSONObject()
                .put(tokenName, new JSONObject()
                        .put("thirdparty", thirdParty)) 
                .toString())
        .build();

// Sign the JWT with the client private key
SignedJWT requestJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.RS256), claims);
requestJWT.sign(new RSASSASigner(getPrivateKey()));

// Build the request
AuthorizationRequest authenticationRequest = new AuthorizationRequest.Builder(
        responseType, clientId)
        .endpointURI(authorizationEndpoint)
        .redirectionURI(redirectURI)
        .scope(scope)
        .state(state)
        .customParameter("request", requestJWT.serialize())
        .customParameter("prompt", prompt)
        .customParameter("nonce", nonce)
        .build();

URI requestURI = authenticationRequest.toURI();

The requestURI in the end is the URL that the end user should access to give the consent.

Continue to Step 2