CPR for private Service Providers - kmd-identity/documentation GitHub Wiki

NemLog-In3 does not issue CPR as a claim for private service providers. If your application needs this claim, the solution is to have a custom claims endpoint, further description is found here. This endpoint must return a response containing the property: "requirecpr". It can have any value, even an empty one.

Either of these examples will get the CPR:

{   "requirecpr": "" }

or {   "requirecpr": "true" }

or {   "requirecpr": "random value" }

How it works

1. During a login flow KMD Identity will call your registered custom claims endpoint.
2. The endpoint will return a JSON response which includes the "requirecpr" property.
3. KMD Identity will ask the user for their CPR.
4. The users input will be validated through a NemLog-in service called ​Subject matches CPR.
5. The CPR will be included in the issued token from KMD Identity.

Important to note

If the custom claims endpoint includes a property named CPR in the JSON, no matter what value it has, KMD Identity will not ask the user for CPR, but add the value from the endpoint.

Example that will not prompt the user for CPR:

{   "requirecpr": "",   "cpr": "any cpr" }

How to get started

If you already have a custom claims endpoint set up with KMD Identity, just include the "requirecpr" property in your JSON response.

Otherwise, you can find the requirements and instructions for setting one up here.