Overview


The Freja eID Authentication Service allows you to authenticate end users through the use of the Freja eID mobile application. The end user will have previously downloaded the Freja eID mobile application and registered with Freja eID. A user may have also undergone an extended registration process by adding an ID document or achieving the status of Freja eID Plus (Sweden only). 


You can authenticate Freja eID users through their:

  • email address(es);
  • phone number(s);
  • personal identity number (i.e. social security number) for users that have passed the extended registration flow


For more detailed information about Freja eID Authentication Service API, please refer to Freja eID Relying Party REST API Documentation.


Calling the Service


This section describes how to make calls to the Freja eID Authentication Service API and process the response.


Initiate Authentication


This method is used to initiate an authentication request.


This method is intended to be used in situations where your end users initiate access to your service. These types of authentications are short-lived i.e. from the moment of initiation, the end user has two minutes to confirm their identity via Freja eID.


As a security measure, only one authentication request may exist for any given end user at any given time. In case a user attempts to access either your or some other service while a previous authentication request is still pending, both will be rendered invalid. 


Relying Parties which are Integrators must set relyingPartyId per request and that can be done only with a custom request. Read more about how Integrator and Integrated Relying Parties can integrate with Freja eID here.


/*
* Initiate authentication request can be created with EMAIL.
* Change the email value (joe.black@verisec.com in the example) to 
* match your setup.
*/

String email = "joe.black@verisec.com";
InitiateAuthenticationRequest initiateAuthenticationRequest = 
    InitiateAuthenticationRequest
        .createDefaultWithEmail(email);

/*
* Initiate authentication request can be created with SSN.
* Change the ssn value ("123456789001" in the example) and country
* to match your setup.
*/

SsnUserInfo ssn = SsnUserInfo
        .create(Country.SWEDEN, "123456789001");
InitiateAuthenticationRequest initiateAuthenticationRequest =
    InitiateAuthenticationRequest
        .createDefaultWithSsn(ssn);

/*
* Initiate authentication request can be created with PHONE NUMBER
* by using the custom request builder.
* Change the phone number value ("+467123456789" in the example) 
* to match your setup.
*/

String phoneNum = "+467123456789";
InitiateAuthenticationRequest initiateAuthenticationRequest =
    InitiateAuthenticationRequest
        .createCustom()
        .setPhoneNumber(phoneNum)
        .build();

/*
* Initiate authentication request can be created as INFERRED
* by using the custom request builder.
*/

InitiateAuthenticationRequest initiateAuthenticationRequest = 
    InitiateAuthenticationRequest
        .createCustom()
        .setInferred()
        .build();

/*
* In case of Initiate authentication method, response type is String.
* The data in this response is the authentication transaction reference.
*/

String transactionReference = authenticationClient
        .initiate(initiateAuthenticationRequest);


Requesting a Minimum Registration Level


When initiating an authentication, you can request the minimum registration level the user should be on in order to complete the authentication. Supported levels are:

  • Basic
  • Extended
  • Plus


This parameter is optional. If not forwarded, the default value (BASIC) is used.

/*
* When initiating authentication, you can request the minimum registration level of the user.
*/

String email = "joe.black@verisec.com";
RegistrationState minRegistrationLevel = RegistrationState.PLUS;
InitiateAuthenticationRequest initiateAuthenticationRequest = 
    InitiateAuthenticationRequest
        .createCustom()
        .setEmail(email)
        .setMinRegistrationLevel(minRegistrationLevel)
        .build();
String transactionReference = authenticationClient
        .initiate(initiateAuthenticationRequest);


Requesting Additional User Information


You can also ask for additional information about the user. Currently, supported user attributes that can be requested are:

  • BASIC_USER_INFO (name and surname), 
  • EMAIL_ADDRESS (user's primary email address),
    If you would prefer an email with specific email domain please get in touch with partnersupport@frejaeid.com.
  • ALL_EMAIL_ADDRESSES (all user's email addresses registered in Freja eID),
  • ALL_PHONE_NUMBERS (all user's phone numbers registered in Freja eID),
  • DATE_OF_BIRTH (user's date of birth), 
  • AGE (user's age),
  • PHOTO (Base64 encoded PNG bytes of user's photo),
  • ADDRESSES (user's current physical addresses),
  • SSN (social security number/personal identity number and country),
  • DOCUMENT (user's document type, serial number, country and expiry time)
  • RELYING_PARTY_USER_ID (a unique, user-specific value that allows the Relying Party to identify the same user across multiple sessions),
  • CUSTOM_IDENTIFIER (a unique, Relying Party-specific, user identifier, set by the Relying Party through the Custom Identifier Management Client)
  • REGISTRATION_LEVEL (the user's registration level in Freja eID)
  • COVID_CERTIFICATES (user's Covid-19 vaccination, test or recovery data)
    In order to be able to request this attribute, you must first get in touch with partnersupport@frejaeid.com.


If you wish to ask for any of these user attributes, you need to pass another parameter in initAuthRequest builder - an array of attributes that represents that extra information required.


If you wish to ask for BASIC_USER_INFO, DATE_OF_BIRTH, SSN, DOCUMENT or ADDRESSES, you must set the minRegistrationLevel parameter in the initAuthRequest to EXTENDED or PLUS or the request will fail.

/*
* Additional information about the user to be returned. Interpreted as a 
* set of attributes that represents that extra information required.
* The requested information is returned when fetching authentication 
* results.
*/

String email = "joe.black@verisec.com";
RegistrationState minRegistrationLevel = RegistrationState.EXTENDED;
AttributeToReturn[] attributes = {AttributeToReturn.BASIC_USER_INFO,
                                  AttributeToReturn.EMAIL_ADDRESS,
                                  AttributeToReturn.ALL_EMAIL_ADDRESSES,
                                  AttributeToReturn.ALL_PHONE_NUMBERS,
                                  AttributeToReturn.DATE_OF_BIRTH,
                                  AttributeToReturn.AGE,
                                  AttributeToReturn.PHOTO,
                                  AttributeToReturn.ADDRESSES,
                                  AttributeToReturn.SSN,
                                  AttributeToReturn.DOCUMENT,
                                  AttributeToReturn.RELYING_PARTY_USER_ID,
                                  AttributeToReturn.CUSTOM_IDENTIFIER,
                                  AttributeToReturn.REGISTRATION_LEVEL,
                                  AttributeToReturn.COVID_CERTIFICATES
                                  };
InitiateAuthenticationRequest initiateAuthenticationRequest =
    InitiateAuthenticationRequest
        .createCustom()
        .setEmail(email)
        .setMinRegistrationLevel(minRegistrationLevel)
        .setAttributesToReturn(attributes)
        .build();
String transactionReference = authenticationClient
        .initiate(initiateAuthenticationRequest);


For each Integrated Relying Party, as well as for the Integrator Relying Party itself, Freja eID generates a unique identifier called relyingPartyId. The Integrator Relying Party needs to pass this identifier in each request. Read more about Integrator Relying Parties here.
/*
* Parameter relyingPartyId represents a unique ID of the Relying Party
* for which the authentication request should be initiated.
*/

String relyingPartyId = "relying_party_id";
 
InitiateAuthenticationRequest initiateAuthenticationRequest =
    InitiateAuthenticationRequest
        .createCustom()
        .setEmail(email)
        .setRelyingPartyId(relyingPartyId)
        .build();


Integrator Specific User ID


This section only applies to you if you are an Integrator Relying Party - one acting as an Integrator for multiple other Relying Parties. If you are a Relying Party or Partner who is acting only on your own behalf, feel free to skip this section.


Besides the above-mentioned attributes, Integrator Relying Parties can ask for an additional user attribute called INTEGRATOR_SPECIFIC_USER_ID. This is a unique, user-specific value that allows the Integrator to identify the same user across multiple sessions regardless of the Integrated Relying Party service that the user is using.


/*
* Parameter relyingPartyId represents a unique ID of the Relying Party
* for which the authentication request should be initiated.
*/

String relyingPartyId = "relying_party_id";
 
/*
* When initiating authentication, you have to set relyingPartyId for
* every request. See the example below.
*/

String email = "joe.black@verisec.com";
 
AttributeToReturn[] attributes =
    {AttributeToReturn.INTEGRATOR_SPECIFIC_USER_ID};
InitiateAuthenticationRequest initiateAuthenticationRequest =
    InitiateAuthenticationRequest
        .createCustom()
        .setEmail(email)
        .setAttributesToReturn(attributes)
        .setRelyingPartyId(relyingPartyId)
        .build();
String transactionReference = authenticationClient
        .initiate(initiateAuthenticationRequest);


Get Authentication Result


This method is used to fetch a single result for a specified authentication transaction reference (authRef returned from a call to Initiate Authentication method described above)


/*
* A reference unique to the transaction that can be used to
* query the result of a transaction.
*/

String authRef ="reference";
  
/*
* In case of getResult method, response type is AuthenticationResult.
* Response contains authentication reference passed during 
* authentication initiation, status of the action, details 
* (can be used for extra validation of response)
* and, if requested during authentication initiation and the action has 
* been approved, the response potentially contains additional 
* attributes: basicUserInfo, emailAddress, allEmailAddresses, 
* dateOfBirth, age, photo, relyingPartyUserId, customIdentifier, ssn, 
* integratorSpecificUserId, allPhoneNumbers, addresses, documentInfo,
* registrationLevel and/or covidCertificates. 
* The request contains an authentication transaction 
* reference. See the example below.
*/

AuthenticationResultRequest authenticationResultRequest = 
    AuthenticationResultRequest
        .create(authRef);
AuthenticationResult response = authenticationClient
        .getResult(authenticationResultRequest);
String receivedAuthRef = response.getAuthRef();
ActionStatus status = response.getStatus();
String details = response.getDetails();
RequestedAttributes requestedAttributes = response
        .getRequestedAttributes();
BasicUserInfo basicUserInfo = requestedAttributes
        .getBasicUserInfo();
String emailAddress = requestedAttributes.getEmailAddress();
SsnUserInfo ssn = requestedAttributes.getSsn();
String relyingPartyUserId = requestedAttributes
        .getRelyingPartyUserId();
String dateOfBirth = requestedAttributes.getDateOfBirth();
Integer age = requestedAttributes.getAge();
String photo = requestedAttributes.getPhoto();
String customIdentifier = requestedAttributes
        .getCustomIdentifier();
String integratorSpecificUserId = requestedAttributes
        .getIntegratorSpecificUserId();
List<AddressInfo> addresses = requestedAttributes.getAddresses();
List<Email> allEmailAddresses = requestedAttributes
        .getAllEmailAddresses();
List<PhoneNumberInfo> allPhoneNumbers = requestedAttributes.getAllPhoneNumbers();
RegistrationLevel registrationLevel =
requestedAttributes.getRegistrationLevel();
DocumentInfo document =
requestedAttributes.getDocument();
CovidCertificates covidCertificates = requestedAttributes.getCovidCertificates();
String vaccinationCertificateBase45 = covidCertificates.getVaccines().getCertificate();
String testsCertificateBase45 = covidCertificates.getTests().getCertificate();
String recoveryCertificateBase45 = covidCertificates.getRecovery().getCertificate();


You can ask for integratorSpecificUserId attribute only if you are an Integrator Relying Party, and you need to pass relyingPartyId in the request.


Get Final Authentication Result


This is a blocking method and is used to fetch a single result with the final status (can be one of: rejected, approved, cancelled or expired) for a specified authentication reference. The method keeps polling until it receives the final status of the authentication action. If the maximum polling time expires before the action is completed, the method will throw an exception.


/*
* A reference unique to the transaction that can be used to
* query the result of that transaction.
*/

String authRef ="reference";

/*
* A maximum time in seconds to wait for a final status of action
* (to be approved, cancelled, rejected or expired).
*/

int maxWaitingTimeInSec = 120;

/*
* In case of pollForResult method, response type is AuthenticationResult.
* Response contains authentication reference passed during 
* authentication initiation, status of the action, details (can be used for 
* extra validation of response) and, if requested during authentication 
* initiation and the action has been approved, the response contains
* basicUserInfo, emailAddress, allEmailAddresses, dateOfBirth, age,
* photo, relyingPartyUserId, customIdentifier, ssn, 
* integratorSpecificUserId, documentInfo,
* allPhoneNumbers, addresses, registrationLevel and/or 
* covidCertificates.
* If maxWaitingTimeInSec passes and authentication action is not 
* completed with one of the final statuses, this method will throw
* FrejaEidClientPollingException.
*/

AuthenticationResultRequest authenticationResultRequest = 
    AuthenticationResultRequest
        .create(authRef);
AuthenticationResult response = authenticationClient
        .pollForResult(authenticationResultRequest, maxWaitingTimeInSec);
String receivedAuthRef = response.getAuthRef();
ActionStatus status = response.getStatus();
String details = response.getDetails();
RequestedAttributes requestedAttributes = response 
        .getRequestedAttributes();
BasicUserInfo basicUserInfo = requestedAttributes.getBasicUserInfo();
String emailAddress = requestedAttributes.getEmailAddress();
SsnUserInfo ssn = requestedAttributes.getSsn();
String relyingPartyUserId = requestedAttributes.getRelyingPartyUserId();
String dateOfBirth = requestedAttributes.getDateOfBirth();
Integer age = requestedAttributes.getAge();
String photo = requestedAttributes.getPhoto();
String customIdentifier = requestedAttributes.getCustomIdentifier();
String integratorSpecificUserId = requestedAttributes
        .getIntegratorSpecificUserId();
List<AddressInfo> addresses = requestedAttributes.getAddresses();
List<Email> allEmailAddresses = requestedAttributes
        .getAllEmailAddresses();
List<PhoneNumberInfo> allPhoneNumbers = requestedAttributes.getAllPhoneNumbers();
RegistrationLevel registrationLevel =
requestedAttributes.getRegistrationLevel();
DocumentInfo document = 
requestedAttributes.getDocument();
CovidCertificates covidCertificates = requestedAttributes.getCovidCertificates();
String vaccinationCertificateBase45 = covidCertificates.getVaccines().getCertificate();
String testsCertificateBase45 = covidCertificates.getTests().getCertificate();
String recoveryCertificateBase45 = covidCertificates.getRecovery().getCertificate();


You can ask for integratorSpecificUserId attribute only if you are an Integrator Relying Party, and you need to pass relyingPartyId in the request.

Get Authentication Results


This method is used to fetch the results of multiple outstanding authentications.


Integrator Relying Parties must pass relyingPartyId as part of the request.


/*
* Response type is list of authentication result.
* The response will contain a complete list of authentications,
* successfully initiated within the last 10 minutes.
*/

AuthenticationResultsRequest authenticationResultsRequest =
    AuthenticationResultsRequest.create();
List<AuthenticationResult> response = authenticationClient
        .getResults(authenticationResultsRequest);


Cancel Authentication


This method is used to cancel an initiated authentication request.


Integrator Relying Parties must pass relyingPartyId as part of the request.


/*
* A reference unique to the transaction that can be used to cancel
* transaction.
*/

String authRef ="reference";
CancelAuthenticationRequest cancelRequest = 
    CancelAuthenticationRequest.create(authRef);
authenticationClient.cancel(cancelRequest);