You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: source/index.html.md
+12-2Lines changed: 12 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -190,6 +190,8 @@ You can create a new service on your personal account or any organization where
190
190
***Authentication methods** - choose the authentication methods you wish to support. You can select one or more methods based on your preferred country.
191
191
***Consent screen** (`Authentication`) - configure it to skip the "consent screen", which is the screen where the user must explicitly agree to giving the service access to their data and allow perform operations on their behalf.
192
192
***Choose logo** (`Authentication`) - upload a logo for your service.
193
+
***Age restriction** (`Authentication`, optional) - enable age restriction and set a minimum age for your service. When enabled, eeID checks the authenticated user's date of birth (if present) against the configured minimum age before finalizing consent. If the requirement is not met, the authorization is rejected and the client application receives an `access_denied` error.
194
+
**NB!** Latvian eParaksts and SmartID authentication methods do not provide birthdate at the moment. Age restriction cannot be enforced for users authenticating with these methods, as the required birthdate information will not be available.
193
195
***Submission** - review all the details entered in the form, and if everything is correct, click on `SUBMIT FOR APPROVAL` to submit your service.
194
196
195
197
Once you submit the form, it will be reviewed by the service administrators
The redirect request errors are normally resulted by a misconfiguration; therefore the error description in parameter `error_description` is not needed to be displayed for the user directly. The client application should check whether or not an error message has been sent.
395
+
If the service has age restriction enabled and the authenticated user does not meet the configured minimum age, eeID returns an authorization error:
396
+
397
+
```shell
398
+
GET https://eservice.institution.ee/callback?error=access_denied&error_description=
399
+
User+must+be+at+least+18+years+old.
400
+
&state=0b60fe50138f8fdd56afd2a6ab7a40f9
401
+
```
402
+
<br>
403
+
Redirect request errors can be caused by both technical issues (for example, misconfiguration) and policy decisions (for example, age restriction). The client application should always check whether an `error` parameter is present and handle it accordingly.
394
404
395
405
### Identity token request
396
406
@@ -607,7 +617,7 @@ A prerequisite for testing the eeID authentication service is registering a serv
607
617
Users for successful authentication:
608
618
609
619
- Mobile ID phone and id numbers: EE - `68000769` | `60001017869`, LT - `60000666` | `50001018865`
610
-
- Smart-ID personal codes: EE - `39901012239`, LV - `040404-10003`, LT - `40504040001`, BE - `05040400032`
620
+
- Smart-ID personal codes: EE - `39901012239`, LV - `050405-10009`, LT - `40504040001`, BE - `05040400032`
611
621
- eIDAS country Czech Republic: select `Testovací profily` from the redirection screen and select a test user for authentication
0 commit comments