{
"openapi": "3.0.3",
"info": {
"title": "Digital Credential Authentication Events",
"description": "## Authentication Events AsyncApi Preview\n\nThis specification provides details and schemas of authentication-related events available by the platform to the issuer.\n\nThese events cover the authentication flow and client registration lifecycle, including:\n* ClientRegistered\n* ClientDeleted\n* AuthenticationRequested\n* AuthenticationStarted\n* AuthenticationSuccessful\n* AuthenticationDeclined\n* AuthenticationTimedOut\n* AuthenticationFailed\n\n## Event Delivery model\n\nEvents are pushed as opposed to traditional pulling.\nCustomers are expected to expose endpoints to receive events with the following constraints:\n* HTTP POST + JSON content\n* Authentication supported is mTLS and/or oAuth2\n\nThe delivery model is At least once delivery which means that at events will be delivered at least once within reasonable time.\n\nEndpoints are however expected to be idempotent and tolerant reader to support forward compatibility.\n\n## Retry Logic and Retention\n\nAfter forwarding an event to the Issuer, the Event hub implements the following retry logic depending on the HTTP response from the Issuer's Backend:\n* An HTTP 2xx response acknowledges reception of the event. Endpoint must ensure storage or full business processing before acknowledgement. \n* An HTTP 4xx response from Issuer will either retry or abort. This is configurable.\n* An HTTP 5xx response will always retry.\n\nIf the Event hub fails to notify a subscriber endpoint, it will retry calling the subscriber endpoint with a default retry frequency once per second; retries continue for a retry limit of 2 hours.\nIf the subscriber cannot be notified after 2 hours, an alarm is raised requiring manual intervention to resolve.\n\nResolution involves correcting the issue that is preventing events from being sent to the subscriber, and then resending all events going back to the time of initial failure. This may include resending events which were properly sent if the initial failure was intermittent.\nAs the same event may be re-sent multiple times during resolution, the subscriber endpoint’s handling of an event must be idempotent.\n\nResolution must be completed within the retention period, which is 1 day by default, otherwise the events are permanently lost.\n\n## Note\nThe retry frequency is configurable and is intended to prevent retries from overwhelming the Issuer’s subscriber endpoints. The default is 1 retry per second.\n\nThe 2-hour retry limit is enforced by the Event hub and cannot be increased.\n\nThe retention period is configurable and is intended to limit data retention. The default is 1 day.\n\n## Event structure\nAll event are structured in the same manner\n1. Common header\n2. Specific payload depending on the event type\n\n## Subscription model\nThe customer must define a subscriber endpoint each event they want to be notified about.\n\nIDEMIA will register each endpoint with the Event Hub on request to our SRE team.\n"
},
"servers": [
{
"url": "https://add-event.subscribe.io",
"description": "Example endpoint to allow subscription for the event"
}
],
"paths": {
"/ClientRegistered": {
"post": {
"summary": "ClientRegistered event",
"operationId": "ClientRegistered",
"x-badges": [
{
"name": "SUB",
"position": "before",
"color": "purple"
}
],
"tags": ["Authentication Events Definition"],
"description": "The topic on which ClientRegistered will be published: `com.idemia.identity.mobileid.authentication.ClientRegistered`\n- Producer: **IAM360** \n- Consumer: **Issuer** \n \nThis event is produced when OpenID Client (Relying Party) has been registered.\n",
"responses": {
"2xx": {
"description": "Event delivered successfully",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ClientRegisteredEvent"
}
}
}
}
}
}
},
"/ClientDeleted": {
"post": {
"summary": "ClientDeleted event",
"operationId": "ClientDeleted",
"x-badges": [
{
"name": "SUB",
"position": "before",
"color": "purple"
}
],
"tags": ["Authentication Events Definition"],
"description": "The topic on which ClientDeleted will be published: `com.idemia.identity.mobileid.authentication.ClientDeleted`.\n- Producer: **IAM360** \n- Consumer: **Issuer** \n \nThis event is produced upon OpenID Client (Relying Party) has been deleted.\n",
"responses": {
"2xx": {
"description": "Event delivered successfully",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ClientDeletedEvent"
}
}
}
}
}
}
},
"/AuthenticationRequested": {
"post": {
"summary": "AuthenticationRequested event",
"operationId": "AuthenticationRequested",
"x-badges": [
{
"name": "SUB",
"position": "before",
"color": "purple"
}
],
"tags": ["Authentication Events Definition"],
"description": "The topic on which AuthenticationRequested will be published: `com.idemia.identity.mobileid.authentication.AuthenticationRequested`.\n- Producer: **IAM360** \n- Consumer: **Issuer** \n \nReceive information that an authentication request has been submitted by the client to the OpenID Connect Identity Provider and the authorization flow has been requested.\n",
"responses": {
"2xx": {
"description": "Event delivered successfully",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/AuthenticationRequestedEvent"
}
}
}
}
}
}
},
"/AuthenticationStarted": {
"post": {
"summary": "AuthenticationStarted event",
"operationId": "AuthenticationStarted",
"x-badges": [
{
"name": "SUB",
"position": "before",
"color": "purple"
}
],
"tags": ["Authentication Events Definition"],
"description": "`com.idemia.identity.mobileid.authentication.AuthenticationStarted`\nThe topic on which AuthenticationStarted will be published.\n- Producer: **IAM360** \n- Consumer: **Issuer** \n \nReceive information that an authentication transaction has been initiated and can be claimed by the end user.\n",
"responses": {
"2xx": {
"description": "Event delivered successfully",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/AuthenticationStartedEvent"
}
}
}
}
}
}
},
"/AuthenticationSuccessful": {
"post": {
"summary": "AuthenticationSuccessful event",
"operationId": "AuthenticationSuccessful",
"x-badges": [
{
"name": "SUB",
"position": "before",
"color": "purple"
}
],
"tags": ["Authentication Events Definition"],
"description": "`com.idemia.identity.mobileid.authentication.AuthenticationSuccessful`\nThe topic on which AuthenticationSuccessful will be published.\n- Producer: **IAM360** \n- Consumer: **Issuer** \n \nEvent produced during online authentication flow after\nsuccessful authentication process completes\n",
"responses": {
"2xx": {
"description": "Event delivered successfully",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/AuthenticationSuccessfulEvent"
}
}
}
}
}
}
},
"/AuthenticationDeclined": {
"post": {
"summary": "AuthenticationDeclined event",
"operationId": "AuthenticationDeclined",
"x-badges": [
{
"name": "SUB",
"position": "before",
"color": "purple"
}
],
"tags": ["Authentication Events Definition"],
"description": "`com.idemia.identity.mobileid.authentication.AuthenticationDeclined`\nThe topic on which AuthenticationDeclined will be published.\n- Producer: **IAM360** \n- Consumer: **Issuer** \n \nReceive information that the authentication request was explicitly declined by the end user.\n",
"responses": {
"2xx": {
"description": "Event delivered successfully",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/AuthenticationDeclinedEvent"
}
}
}
}
}
}
},
"/AuthenticationTimedOut": {
"post": {
"summary": "AuthenticationTimedOut event",
"operationId": "AuthenticationTimedOut",
"x-badges": [
{
"name": "SUB",
"position": "before",
"color": "purple"
}
],
"tags": ["Authentication Events Definition"],
"description": "`com.idemia.identity.mobileid.authentication.AuthenticationTimedOut`\nThe topic on which AuthenticationTimedOut will be published.\n- Producer: **IAM360** \n- Consumer: **Issuer** \n \nReceive information that the authentication flow expired because the user did not interact with the request within the allowed time window.\n",
"responses": {
"2xx": {
"description": "Event delivered successfully",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/AuthenticationTimedOutEvent"
}
}
}
}
}
}
},
"/AuthenticationFailed": {
"post": {
"summary": "AuthenticationFailed event",
"operationId": "AuthenticationFailed",
"x-badges": [
{
"name": "SUB",
"position": "before",
"color": "purple"
}
],
"tags": ["Authentication Events Definition"],
"description": "`com.idemia.identity.mobileid.authentication.AuthenticationFailed`\nThe topic on which AuthenticationFailed will be published.\n- Producer: **IAM360** \n- Consumer: **Issuer** \n \nReceive information that the authentication flow has failed.\n",
"responses": {
"2xx": {
"description": "Event delivered successfully",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/AuthenticationFailedEvent"
}
}
}
}
}
}
}
},
"components": {
"schemas": {
"ClientRegisteredEvent": {
"type": "object",
"description": "Wrapper combining GenericEventHeader and event payload",
"properties": {
"header": {
"$ref": "#/components/schemas/GenericEventHeader"
},
"payload": {
"$ref": "#/components/schemas/ClientRegistered"
}
},
"required": ["header", "payload"]
},
"ClientDeletedEvent": {
"type": "object",
"description": "Wrapper combining GenericEventHeader and event payload",
"properties": {
"header": {
"$ref": "#/components/schemas/GenericEventHeader"
},
"payload": {
"$ref": "#/components/schemas/ClientDeleted"
}
},
"required": ["header", "payload"]
},
"AuthenticationRequestedEvent": {
"type": "object",
"description": "Wrapper combining GenericEventHeader and event payload",
"properties": {
"header": {
"$ref": "#/components/schemas/GenericEventHeader"
},
"payload": {
"$ref": "#/components/schemas/AuthenticationRequested"
}
},
"required": ["header", "payload"]
},
"AuthenticationStartedEvent": {
"type": "object",
"description": "Wrapper combining GenericEventHeader and event payload",
"properties": {
"header": {
"$ref": "#/components/schemas/GenericEventHeader"
},
"payload": {
"$ref": "#/components/schemas/AuthenticationStarted"
}
},
"required": ["header", "payload"]
},
"AuthenticationSuccessfulEvent": {
"type": "object",
"description": "Wrapper combining GenericEventHeader and event payload",
"properties": {
"header": {
"$ref": "#/components/schemas/GenericEventHeader"
},
"payload": {
"$ref": "#/components/schemas/AuthenticationSuccessful"
}
},
"required": ["header", "payload"]
},
"AuthenticationDeclinedEvent": {
"type": "object",
"description": "Wrapper combining GenericEventHeader and event payload",
"properties": {
"header": {
"$ref": "#/components/schemas/GenericEventHeader"
},
"payload": {
"$ref": "#/components/schemas/AuthenticationDeclined"
}
},
"required": ["header", "payload"]
},
"AuthenticationTimedOutEvent": {
"type": "object",
"description": "Wrapper combining GenericEventHeader and event payload",
"properties": {
"header": {
"$ref": "#/components/schemas/GenericEventHeader"
},
"payload": {
"$ref": "#/components/schemas/AuthenticationTimedOut"
}
},
"required": ["header", "payload"]
},
"AuthenticationFailedEvent": {
"type": "object",
"description": "Wrapper combining GenericEventHeader and event payload",
"properties": {
"header": {
"$ref": "#/components/schemas/GenericEventHeader"
},
"payload": {
"$ref": "#/components/schemas/AuthenticationFailed"
}
},
"required": ["header", "payload"]
},
"GenericEventHeader": {
"description": "Generic Event Header",
"type": "object",
"properties": {
"version": {
"type": "integer",
"description": "Version of the Generic Event. Currently: 1",
"default": 1
},
"eventID": {
"type": "string",
"description": "Unique identifier for the event",
"example": "7775F340-03A2-4FE9-AED5-5BDFF7FDCE59"
},
"eventType": {
"type": "string",
"description": "Fully qualified Event type",
"example": "com.idemia.identity.mobileid.lifecycle.mIDIssued"
},
"tenantID": {
"type": "string",
"description": "Tenant Identifier the event is targeted to",
"example": "idemia_dc"
},
"correlationID": {
"type": "string",
"description": "Identifier used to correlate a single transaction across services and systems. For transactions originating from the `did-update` service, if the Issuer's Backend provides either `x-requestId` (API v2) or `x-correlation-id` (API v1) in the request headers, the provided value is propagated and used as the `correlationID` in the resulting event. If neither header is provided, the correlation identifier is generated by the DC Platform.\n",
"example": "71AA7D2E-8E35-47DE-9A1E-8775DCB9FC39"
},
"timestamp": {
"type": "string",
"description": "ISO 8601 compliant timestamp of the event",
"example": "2026-06-20T11:25:02.952Z"
},
"origin": {
"type": "string",
"description": "Origin of the event; may optionally include the service version.",
"example": "issuanceService:2.1.100"
},
"audience": {
"type": "string",
"description": "Optional audience - identified consumers of the event.",
"example": "status-service"
},
"expires": {
"type": "string",
"description": "Optional timestamp, when the event expires",
"example": "2027-06-20T11:25:02.952Z"
},
"headers": {
"type": "object",
"additionalProperties": {
"type": "string"
},
"description": "Optional map for additional headers",
"example": {
"x-request-id": "aa1526ba-741f-9c0a-96aa-b22cc677101a",
"x-b3-parentspanid": "b9aa762c225ac59f",
"x-b3-traceid": "a3724cc7f59018d83363f637f2303ed9",
"x-b3-spanid": "4dd9fb54bd0af34c",
"x-b3-sampled": "1",
"messageId": "950840f3-17b8-4e79-ac88-eb368ff11a09",
"partition-key": "02b224f2-ec72-4361-9e86-9ae15301c11d",
"timestamp": "1750418702954"
}
}
},
"required": [
"version",
"eventID",
"eventType",
"status",
"tenantID",
"correlationID",
"timestamp",
"origin"
]
},
"ErrorDetails": {
"description": "Optional error details",
"type": "object",
"properties": {
"type": {
"type": "string",
"description": "Optional error type",
"example": "org.iso.18013.5.1"
},
"message": {
"type": "string",
"description": "Optional message",
"example": "signature_usual_mark"
}
}
},
"Error": {
"description": "Generic error",
"type": "object",
"properties": {
"subject": {
"type": "string",
"description": "Subject of the error",
"example": "Issuance"
},
"reason": {
"type": "string",
"description": "Code indicating the reason for the error",
"example": "MISSING_MANDATORY_ATTRIBUTES"
},
"message": {
"type": "string",
"description": "Error message in a human-readable format, intended to be recorded in log files.",
"example": "Missing mandatory attributes for issuance"
},
"details": {
"$ref": "#/components/schemas/ErrorDetails"
}
},
"required": ["subject", "reason"]
},
"ClientRegistered": {
"type": "object",
"properties": {
"clientId": {
"type": "string",
"description": "An identifier that corresponds to OpenID client used for authentication",
"example": "4664f827-ed61-4b8e-95da-f2186290b495"
},
"ip": {
"type": "string",
"description": "Identifier of ip address used to invoke dynamic registration endpoint",
"example": "217.123.9.69"
},
"macAddress": {
"type": "string",
"description": "Identifier of macAddress of the machine that started registration process",
"example": "11-D5-D7-92-F0-64"
},
"scopes": {
"type": "array",
"description": "DEPRECATED - always __null__",
"example": null
}
},
"required": ["clientId"]
},
"ClientDeleted": {
"type": "object",
"properties": {
"clientId": {
"type": "string",
"description": "An identifier that corresponds to OpenID client used for authentication",
"example": "4664f827-ed61-4b8e-95da-f2186290b495"
},
"ip": {
"type": "string",
"description": "Identifier of ip address used to invoke dynamic registration endpoint",
"example": "217.123.9.69"
},
"macAddress": {
"type": "string",
"description": "Identifier of macAddress of the machine that started registration process",
"example": "11-D5-D7-92-F0-64"
},
"scopes": {
"type": "array",
"description": "DEPRECATED - always __null__",
"example": null
}
},
"required": ["clientId"]
},
"AuthenticationRequested": {
"type": "object",
"properties": {
"clientId": {
"type": "string",
"description": "An identifier that corresponds to OpenID client used for authentication"
},
"acr_values": {
"type": "array",
"description": "The acr value used during authentication process",
"items": {
"type": "string",
"example": "mid_pin"
}
},
"scopes": {
"type": "array",
"description": "The scope requested",
"items": {
"type": "string",
"example": "id_basic"
}
},
"ip_address": {
"type": "string",
"description": "IP Address of the device that initialized the process",
"example": "127.0.0.1"
},
"clientTenantId": {
"type": "string",
"description": "An identifier that corresponds to the software statement property that presents which Tenant this client is bound to",
"example": "4664f827-ed61-4b8e-95da-f2186290b495"
},
"customMetadata": {
"type": "object",
"description": "A map containing project-specific data as custom key-value pairs. This field is intended for passing additional metadata relevant to specific integration or application needs.",
"additionalProperties": {
"type": "string"
},
"example": {
"ftn_chain_level": "SUBSTANTIAL"
}
}
},
"required": ["clientId", "acr_values", "scopes", "ip_address"]
},
"AuthenticationStarted": {
"type": "object",
"properties": {
"credentialId": {
"type": "string",
"description": "Unique identifier of the Digital Credential, used in the lifecycle API",
"example": "a7a82462-3f72-4f42-ba8a-73fb6c7269dd"
},
"midUid": {
"type": "string",
"description": "Identifier of the deviceCredential",
"example": "c6c74456-dbe3-4d9b-b68d-0c13a48f048a"
},
"acr_values": {
"type": "array",
"description": "The acr value used during authentication process",
"items": {
"type": "string",
"example": "mid_pin"
}
},
"scopes": {
"type": "array",
"description": "The scope requested",
"items": {
"type": "string",
"example": "id_basic"
}
},
"clientId": {
"type": "string",
"description": "An identifier that corresponds to OpenID client used for authentication",
"example": "4664f827-ed61-4b8e-95da-f2186290b495"
},
"clientTenantId": {
"type": "string",
"description": "An identifier that corresponds to the software statement property that presents which Tenant this client is bound to",
"example": "4664f827-ed61-4b8e-95da-f2186290b495"
},
"username": {
"type": "string",
"description": "An identifier that corresponds with the username (derived form of msisdn)",
"example": "E385B617A8FA8FE4A9223D8B34B03B46B508FB271E430659F3654623B387498E"
},
"customMetadata": {
"type": "object",
"description": "A map containing project-specific data as custom key-value pairs. This field is intended for passing additional metadata relevant to specific integration or application needs.",
"additionalProperties": {
"type": "string"
},
"example": {
"ftn_chain_level": "SUBSTANTIAL"
}
}
},
"required": ["clientId", "acr_values", "scopes"]
},
"AuthenticationSuccessful": {
"type": "object",
"properties": {
"credentialId": {
"type": "string",
"description": "Unique identifier of the Digital Credential, used in the lifecycle API",
"example": "a7a82462-3f72-4f42-ba8a-73fb6c7269dd"
},
"midUid": {
"type": "string",
"description": "Identifier of the deviceCredential, chosen to share",
"example": "c6c74456-dbe3-4d9b-b68d-0c13a48f048a"
},
"acr_values": {
"type": "array",
"description": "The acr value used during authentication process",
"items": {
"type": "string",
"example": "mid_pin"
}
},
"scopes": {
"type": "array",
"description": "The scope requested",
"example": ["id_basic", "openid", "pcr"],
"items": {
"type": "string"
}
},
"U2FAuthenticationRequestToken": {
"type": "string",
"description": "Optional U2F request token used to additional validation",
"example": "eyJrZXlIYW5kbGUiOiAiTURoaU1tRmtZMlF0TmpVNFlpMDBOVFF5TFRnelkyRXRaRE5rTjJGa1lqazVNR0ZqIiwgImFwcGxpY2F0aW9uIjogImh0dHBzOi8vYXBpLm1pZC1lMmUtZmluLXNoYXJlZC50ZXN0LmlkZW50aXR5LWRldi5pZGVtaWEuaW8iLCAiY2hhbGxlbmdlIjogInRkWDAyZEYzUTl3WER0SjVwX1pGNVltNWxUT1h2cUhMM0V0aGxHOTNDemMifQ=="
},
"U2FAuthenticationResponseToken": {
"type": "string",
"description": "Optional U2F response token (signed by device) used to additional validation",
"example": "eyJzaWduYXR1cmUiOiAiQVFBQUFBSXdSZ0loQUlLYlFDcy1WR2FzN1hCMzVfWFZwdnBsME1oUk80WS1yMlh0LU9RVFhObDRBaUVBOEczTHRJMmpiTXdnRnQtemNQVXFhMHRZODVpLWtaQTM3el8yWDdFQzU5QT0ifQ=="
},
"counter": {
"type": "integer",
"description": "Optional counter value that the U2F token increments every time it performs an authentication operation. Used to additional validation.",
"example": 2
},
"publicKey": {
"type": "string",
"description": "Optional credential auth public key used to additional validation",
"example": "BLRBLHB7-x0r9UK-J9NCFnZxzpyanNGo8VaNZuXJlvdPnfcyVJ08HAf9N7JBl0ef8OGG2j-sCWgaEAHx0Ny7oxA"
},
"attestationCert": {
"type": "string",
"description": "Attestation certificate (encoded) used to additional validation by a trust anchor",
"example": "MIICXzCCAgSgAwIBAgIIdwQCzBfX7G4wCgYIKoZIzj0EAwIwMDEQMA4GA1UEAwwHRmlubGFuZDEPMA0GA1UECgwGSWRlbWlhMQswCQYDVQQGEwJGSTAeFw0yNDAyMDUxMTU5MDZaFw0yNTAyMDUwMDAwMDBaMIHBMTUwMwYDVQQDDCxIODhvTitWdld2UElrRmdXZW1SVk1XOEd0VFBicWNvSUFlWjBKWGRaT0FJPTELMAkGA1UEBhMCRkkxDzANBgNVBAoMBklkZW1pYTE0MDIGCisGAQQBg60EAgEMJDk4MTY5MWFjLWQ3ZDEtNDMzZS04ZDBhLTE2Zjk4ZDIwMjUzZjE0MDIGCisGAQQBg60EAgIMJDA4YjJhZGNkLTY1OGItNDU0Mi04M2NhLWQzZDdhZGI5OTBhYzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABLRBLHB7-x0r9UK-J9NCFnZxzpyanNGo8VaNZuXJlvdPnfcyVJ08HAf9N7JBl0ef8OGG2j-sCWgaEAHx0Ny7oxCjdjB0MAwGA1UdEwEB_wQCMAAwNQYDVR0jBC4wLIAUjSDQRLN52iS9Fs3awrbJCNtILyuCFG-BZsnadiyYhGaSIvX6tgZih-tTMB0GA1UdDgQWBBS3OniO3qWQJET3Z8ilALmCA0BKnzAOBgNVHQ8BAf8EBAMCA9gwCgYIKoZIzj0EAwIDSQAwRgIhALBn3wJjbV2ws3pusK0URihgp-lhBqXw9va3pPp583AWAiEAiS6V1PZRkjfuXbzGN25SGxoBwPubkWIiCHCQMbHzF4M"
},
"clientId": {
"type": "string",
"description": "An identifier that corresponds to OpenID client used for authentication",
"example": "FFFFFFFF-7273-6D74-0004-000000000001"
},
"clientTenantId": {
"type": "string",
"description": "An identifier that corresponds to the software statement property that presents which Tenant this client is bound to",
"example": "4664f827-ed61-4b8e-95da-f2186290b495"
},
"username": {
"type": "string",
"description": "An identifier that corresponds with the username (derived form of msisdn)",
"example": "E385B617A8FA8FE4A9223D8B34B03B46B508FB271E430659F3654623B387498E"
},
"userClaims": {
"type": "object",
"description": "Map of insensitive user attributes included in claims request",
"additionalProperties": {
"type": "string"
},
"example": {
"mid_eventid": "7775F340-03A2-4FE9-AED5-5BDFF7FDCE59",
"mid_issuer": "MNOA"
}
},
"userSensitiveClaims": {
"type": "object",
"description": "Map of sensitive user attributes included in claims request",
"additionalProperties": {
"type": "string"
},
"example": {
"rpPcr": "eXcglHpIGqoSF44YlxD24OpwxvHmME9GADL7yBd/yPshc6gJjlcaqVp6Y8ZGk1+O+s6hYFSDD1kIqyXndX1hSg"
}
},
"customMetadata": {
"type": "object",
"description": "A map containing project-specific data as custom key-value pairs. This field is intended for passing additional metadata relevant to specific integration or application needs.",
"additionalProperties": {
"type": "string"
},
"example": {
"ftn_chain_level": "SUBSTANTIAL"
}
}
},
"required": ["acr_values", "scopes", "clientId"]
},
"AuthenticationDeclined": {
"type": "object",
"properties": {
"credentialId": {
"type": "string",
"description": "Unique identifier of the Digital Credential, used in the lifecycle API",
"example": "a7a82462-3f72-4f42-ba8a-73fb6c7269dd"
},
"midUid": {
"type": "string",
"description": "Identifier of the deviceCredential, chosen to share",
"example": "c6c74456-dbe3-4d9b-b68d-0c13a48f048a"
},
"acr_values": {
"type": "array",
"description": "The acr value used during authentication process",
"items": {
"type": "string",
"example": "mid_pin"
}
},
"scopes": {
"type": "array",
"description": "The scope requested",
"items": {
"type": "string",
"example": "id_basic"
}
},
"clientId": {
"type": "string",
"description": "An identifier that corresponds to OpenID client used for authentication",
"example": "4664f827-ed61-4b8e-95da-f2186290b495"
},
"clientTenantId": {
"type": "string",
"description": "An identifier that corresponds to the software statement property that presents which Tenant this client is bound to",
"example": "4664f827-ed61-4b8e-95da-f2186290b495"
},
"username": {
"type": "string",
"description": "An identifier that corresponds with the username (derived form of msisdn)",
"example": "E385B617A8FA8FE4A9223D8B34B03B46B508FB271E430659F3654623B387498E"
},
"customMetadata": {
"type": "object",
"description": "A map containing project-specific data as custom key-value pairs. This field is intended for passing additional metadata relevant to specific integration or application needs.",
"additionalProperties": {
"type": "string"
},
"example": {
"ftn_chain_level": "SUBSTANTIAL"
}
}
},
"required": ["acr_values", "scopes", "clientId"]
},
"AuthenticationTimedOut": {
"type": "object",
"properties": {
"credentialId": {
"type": "string",
"description": "Unique identifier of the Digital Credential, used in the lifecycle API",
"example": "a7a82462-3f72-4f42-ba8a-73fb6c7269dd"
},
"midUid": {
"type": "string",
"description": "Identifier of the deviceCredential",
"example": "c6c74456-dbe3-4d9b-b68d-0c13a48f048a"
},
"acr_values": {
"type": "array",
"description": "The acr value used during authentication process",
"items": {
"type": "string",
"example": "mid_pin"
}
},
"scopes": {
"type": "array",
"description": "The scope requested",
"items": {
"type": "string",
"example": "id_basic"
}
},
"clientId": {
"type": "string",
"description": "An identifier that corresponds to OpenID client used for authentication",
"example": "4664f827-ed61-4b8e-95da-f2186290b495"
},
"clientTenantId": {
"type": "string",
"description": "An identifier that corresponds to the software statement property that presents which Tenant this client is bound to",
"example": "4664f827-ed61-4b8e-95da-f2186290b495"
},
"username": {
"type": "string",
"description": "An identifier that corresponds with the username (derived form of msisdn)",
"example": "E385B617A8FA8FE4A9223D8B34B03B46B508FB271E430659F3654623B387498E"
},
"customMetadata": {
"type": "object",
"description": "A map containing project-specific data as custom key-value pairs. This field is intended for passing additional metadata relevant to specific integration or application needs.",
"additionalProperties": {
"type": "string"
},
"example": {
"ftn_chain_level": "SUBSTANTIAL"
}
}
},
"required": ["acr_values", "scopes", "clientId"]
},
"AuthenticationFailed": {
"type": "object",
"properties": {
"credentialId": {
"type": "string",
"description": "Unique identifier of the Digital Credential, used in the lifecycle API",
"example": "a7a82462-3f72-4f42-ba8a-73fb6c7269dd"
},
"midUid": {
"type": "string",
"description": "Identifier of the deviceCredential ",
"example": "c6c74456-dbe3-4d9b-b68d-0c13a48f048a"
},
"acr_values": {
"type": "array",
"description": "The acr value used during authentication process",
"items": {
"type": "string",
"example": "mid_pin"
}
},
"scopes": {
"type": "array",
"description": "The scope requested",
"items": {
"type": "string",
"example": "id_basic"
}
},
"clientId": {
"type": "string",
"description": "An identifier that corresponds to OpenID client used for authentication",
"example": "4664f827-ed61-4b8e-95da-f2186290b495"
},
"clientTenantId": {
"type": "string",
"description": "An identifier that corresponds to the software statement property that presents which Tenant this client is bound to",
"example": "4664f827-ed61-4b8e-95da-f2186290b495"
},
"username": {
"type": "string",
"description": "An identifier that corresponds with the username (derived form of msisdn)",
"example": "E385B617A8FA8FE4A9223D8B34B03B46B508FB271E430659F3654623B387498E"
},
"U2FAuthenticationRequestToken": {
"type": "string",
"description": "Optional U2F request token used to additional validation",
"example": "eyJrZXlIYW5kbGUiOiAiTURoaU1tRmtZMlF0TmpVNFlpMDBOVFF5TFRnelkyRXRaRE5rTjJGa1lqazVNR0ZqIiwgImFwcGxpY2F0aW9uIjogImh0dHBzOi8vYXBpLm1pZC1lMmUtZmluLXNoYXJlZC50ZXN0LmlkZW50aXR5LWRldi5pZGVtaWEuaW8iLCAiY2hhbGxlbmdlIjogInRkWDAyZEYzUTl3WER0SjVwX1pGNVltNWxUT1h2cUhMM0V0aGxHOTNDemMifQ=="
},
"U2FAuthenticationResponseToken": {
"type": "string",
"description": "Optional U2F response token (signed by device) used to additional validation",
"example": "eyJzaWduYXR1cmUiOiAiQVFBQUFBSXdSZ0loQUlLYlFDcy1WR2FzN1hCMzVfWFZwdnBsME1oUk80WS1yMlh0LU9RVFhObDRBaUVBOEczTHRJMmpiTXdnRnQtemNQVXFhMHRZODVpLWtaQTM3el8yWDdFQzU5QT0ifQ=="
},
"reason": {
"type": "string",
"description": "Reason of failure",
"example": "invalid_scope"
},
"customMetadata": {
"type": "object",
"description": "A map containing project-specific data as custom key-value pairs. This field is intended for passing additional metadata relevant to specific integration or application needs.",
"additionalProperties": {
"type": "string"
},
"example": {
"ftn_chain_level": "SUBSTANTIAL"
}
}
},
"required": ["acr_values", "scopes", "clientId"]
}
}
}
}