# Conduct a POC with UAE PASS Authentication The following content provides you a step-by-step guide on conducting a simple POC with UAE PASS Authentication Feature using Postman. ## Step 1 #### Set up Staging UAE PASS Account Before you begin you must set up a UAE PASS staging account following the steps given in . {% hint style="success" %} **The account can be either basic or verified. UAE PASS Authentication feature will support SOP1, SOP2 and SOP3 user account types.** {% endhint %} ## Step 2 #### Invoke the Authorization Request. You can use following parameter values for POC purpose. **Authorize Endpoint=** [https://stg-id.uaepass.ae/idshub/authorize](https://stg-id.uaepass.ae/idshub/authorize) **Client\_id**= sandbox\_stage **Scope** = urn:uae:digitalid:profile:general **Redirect\_uri**= For this POC we are using . **acr\_values**= urn:safelayer:tws:policies:authentication:level:low #### Sample Request {% code overflow="wrap" %} ```url https://stg-id.uaepass.ae/idshub/authorize?response_type=code&client_id=sandbox_stage&scope=urn:uae:digitalid:profile:general&state=HnlHOJTkTb66Y5H&redirect_uri=https://localhost:8000&acr_values=urn:safelayer:tws:policies:authentication:level:low ``` {% endcode %} {% hint style="danger" %} Authorization request should be invoked in browser to obtain user authorization. {% endhint %} Once authorization request is invoked user will get the UAE PASS login page to authorize as follows.

## Step 3 #### Enter the identifier of UAE PASS staging account (Email or Mobile or EID) and click on Login. Once you click on Login button you will receive the UAE PASS authentication notification request to the UAE PASS Staging mobile app and a notification request with a specific code in the browser.

Match the Code with Notification Request in Mobile

## Step 4 #### Select the correct code and confirm the notification request.

## Step 5 #### Obtain Authorization Code Once the user accepts the notification request, UAE PASS will issue the authorization code in the response header as shown in below example. #### Sample Response ``` https://localhost:8080/code-bbc69-344553dc-3445fdscc-HnfgmsfsjjH ```

## Step 6 #### Invoke the Access Token Request to obtain the access token. You can use following values for the POC. **Token End point** = [https://stg-id.uaepass.ae/idshub/token](https://stg-id.uaepass.ae/idshub/token) **grant\_type** = authorization\_code **redirect\_uri** = Redirect URL value used in the authorization request (Step 2). **code** = Authorization code received in authorization response. **Authorization Header** = Base64 encoded (client\_ID : client\_Secret)

#### Curl Request for Token API {% code overflow="wrap" %} ``` curl --location --request POST 'https://stg-id.uaepass.ae/idshub/token?grant_type=authorization_code&redirect_uri=https%3A%2F%2Flocalhost%3A8080&code=bbc69c3b-561b-3cc6-a590-16a2bb8448ed' \ --header 'Authorization: Basic c2FuZGJveF9zdGFnZTpzYW5kYm94X3N0YWdl' ``` {% endcode %} {% hint style="danger" %} Token request should be a back-channel request and should use postman or as CURL during the POC to invoke the request. {% endhint %} {% hint style="success" %} Authorization code is one time usage value and will expire once used to obtain an access token. Expiry time will be 10 mins. {% endhint %} As success response you will receive an access token from UAE PASS as shown in below image.

## Step 7 #### Invoke the User Info request to obtain the user details of the authenticated user. You can use following values for the POC. **User info Endpoint** = **Bearer Token** = Access token value received from access token response.

#### Curl Request for User Info API ``` curl --location 'https://stg-id.uaepass.ae/idshub/userinfo' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --header 'Authorization: Bearer 221fb1c8-deb7-3fca-b9f6-1d18281f2929' ``` {% hint style="danger" %} User Info request should be a back-channel request and should use postman or Curl during the POC to invoke the request. {% endhint %} On success you will receive the user information of the authenticated user from UAE PASS.

#### You can download the postman collection for POC from below attachment. {% file src="" %}