Skip to content

Instantly share code, notes, and snippets.

@ChakshuGautam

ChakshuGautam/aadhaar-kyc.md

Last active April 13, 2024 14:57
Show Gist options
  • Save ChakshuGautam/7f97de75f050b101f00c1468ed28dd62 to your computer and use it in GitHub Desktop.
Save ChakshuGautam/7f97de75f050b101f00c1468ed28dd62 to your computer and use it in GitHub Desktop.
Download ZIP
Aadhaar KYC
Raw
aadhaar-kyc.md

Aadhaar KYC

This document assumes that Aadhaar KYC can be done in one of the following ways

  1. Digilocker Login - Digilocker allows for Aadhaar based login and the APIs are provided through Meripehchan. Can be forced to use only Aadhaar or PAN using the acr parameter (page 5 here). Either the user will login through digilocker using aadhaar or a second API call to get the user profile and verify if eadhaar is linked to the DL account (page 9 here)j. This option is self validation and hence can be done for free.
  2. Through AUA - AUAs are generally available in all states and provider wrapper APIs over Aadhaar eKYC APIs. This is a paid API. APIs follow this spec

The recommended strategy would be to have both these strategies to cover all users but push to point 1.

Digilocker Meripehchaan SSO

Here Auth Server is the MeriPehchan Server and Resource Server is DL Server.

image

Assumptions

To get the Digilocker Meripehchaan SSO login button in the login page (of say keycloak or your own custom login page), you would need to use the keycloak theme instead of the custom theme provided by default. The instructions would remain the same even if you are not using keycloak with a custom backend that just takes the refresh_token and stores it in a backend and re generate the access_token as and when those expire.

Pre-requisites

Read more about the digilocker APIs here, page 4 onwards.

[Optional - Keycloak] Steps to integrate Digilocker Meripehchaan SSO in keycloak

  • Goto keycloak admin page <domain>/auth/
  • Login with admin credentials
  • Goto Identity Providers
  • Click on Add provider
  • Select OpenID Connect v1.0
  • Enter the display name to be showed on the login page, Ex: Login with Digilocker Meripehchaan
  • Set the Authorization URL to `https://digilocker.meripehchaan.gov.in/public/oauth2/1/authorize`
  • Set the Token URL to `https://digilocker.meripehchaan.gov.in/public/oauth2/2/token`
  • Turn on Disable User Info button
  • Select Client secret sent as post from Client Authentication` options
  • Set Client Id that was generated in Digilocker partner portal
  • Set Client Secret that was generated in Digilocker partner portal
  • Select consent from Prompt options
  • Enable Use PKCE option
  • Select S256 from PKCE Method options

[Optional - Keycloack] Enable default keycloak theme

  • Goto keycloak admin page <domain>/auth/
  • Login with admin credentials
  • Goto clients -> registry-frontend
  • Select keycloak from Login Theme options
  • Save the changes

Documents and References

@Shruti3004
Copy link

https://www.figma.com/file/IWAndiHyJ15GZD6EP1c2A6/Digilocker?type=design&node-id=101%3A2&mode=design&t=YCokyK7yFKGZOlHs-1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment