Skip to main content

eIDs

Authenticates users using a national electronic identity document

Used when businesses need to authenticate users through government-issued eID schemes. Supports multiple eID providers (e.g. France Identité, German eID) through a unified step, with routing to the appropriate provider managed by IDnow.

Key features

  • Multi-provider support: Routes to the appropriate eID provider backend based on the user's selected method and your organisation's routing configuration.
  • OIDC-based authentication: Authenticates users via OpenID Connect with the eID provider.
  • Flexible method selection: Works with an upstream Verification method selector (v2) step, or can be pre-configured to a fixed method.
  • Provider-agnostic flow: The flow definition carries no provider reference — routing is resolved at runtime by IDnow.

Configuration

AttributeTypeRequiredDescription
preconfigureobjectNoPre-selects a fixed eID method, bypassing the need for an upstream Verification method selector step. When present, the step uses this method directly instead of reading the user's selection from the flow context.
preconfigure.methodstringYes (if preconfigure set)The eID method to use. Accepted values: france_identite, personalausweis.
preconfigure.assuranceLevelstringNoRequired assurance level for the authentication. Accepted values: low, substantial, high.
preconfigure.trustFrameworkstringNoTrust framework governing the assurance level. Accepted values: eidas.
enableRetrybooleanNoWhen true, adds a retry output route that can be used to handle user cancellations. Defaults to false.

Without preconfigure, the step reads the user's eID method selection produced by an upstream VERIFICATION_METHOD_SELECTOR:v2 step. If neither preconfigure nor an upstream selector is present, the flow is misconfigured and will fail at runtime.

Example

With an upstream Verification method selector (recommended for multi-method flows):

{}

With preconfigure (single-method flows, no selector needed):

{
  "preconfigure": {
    "method": "france_identite",
    "assuranceLevel": "substantial",
    "trustFramework": "eidas"
  }
}

Input datablocks

Data blockRequiredDescription
eIDMethodSelectionNoProduced by an upstream VERIFICATION_METHOD_SELECTOR:v2 step when the user selects an eID method. Used to determine which provider to call. When absent, preconfigure must be set.

Verdicts

VerdictDescription
verifiedThe user's identity has been successfully authenticated by the eID provider. The OIDC flow completed and the provider returned a valid ID token with verified identity attributes.
not_verifiedThe authentication attempt failed. The identity could not be verified — for example, the user entered an incorrect PIN or the eID provider rejected the authentication request.

Output datablocks

VerdictData blocks produced
verifiedBasicIdentity, ExtendedIdentity, AuthenticationResult
not_verifiedAuthenticationResult

AuthenticationResult — verified

FieldTypeDescription
resultstringAlways "success".
providerstringThe eID provider used (e.g. "france_identite").
credentialTypestringAlways "eID".
subjectIdstringProvider-assigned subject identifier for the authenticated user.
requestIdstringIDnow-assigned transaction reference.
authenticatedAtstringISO 8601 timestamp of the authentication.
trustFrameworkstringTrust framework of the assurance level achieved (e.g. "eidas"). Present when returned by the provider.
assuranceLevelstringAssurance level achieved (e.g. "substantial"). Present when returned by the provider.

AuthenticationResult — not_verified

FieldTypeDescription
resultstringAlways "failure".
providerstringThe eID provider used (e.g. "france_identite").
credentialTypestringAlways "eID".
requestIdstringIDnow-assigned transaction reference.
attemptedAtstringISO 8601 timestamp of the failed attempt.
reason.codestringAlways "NOT_VERIFIED".
reason.detailsstringHuman-readable description of the failure.