Request for Support on E-Signet API Configuration Issue

Dear Community,

We are an IT consulting company currently using the E-Signet API for one of our projects. Following the recent release two weeks ago, we encountered local configuration issues that resulted in an API URL error, without any specific logs returned from our UI.

The project is part of GovStack (the bb-esignature) and we are using the Mosip eSignet endpoints from this repo GitHub - mosip/esignet: Open ID based e-Signet service for large scale verification & authentication. from the release-1.5.x

Our project configuration is stuck at the authentication part as it returns the api error I mentioned in the previous email when we start up the e-signet ui microservice.

Would you be available for a call to help us set up the environment and troubleshoot the issue together?

Thank you for your support.

Hi @SOUFIANE_AMGHAR,

We request you to retest with this tag - GitHub - mosip/esignet at v1.5.0 instead of the “release-1.5.x” branch.

Also sharing the screenshots and logs helps us to understand the issue better and help you faster.

regards,
MOSIP team

Hi @Anusha_sunkadh I just did the version change to v1.5.0 and the issue is still there:

Below are the screenshots post login with e-signet, and I got no specific logs from corresponding containers

Capture d’écran du 2025-02-13 13-38-312634×582 34.1 KB

Ok @SOUFIANE_AMGHAR

So what type of deployment is this?

1. Docker compose
2. Kubernetes based

Hello @Anusha_sunkadh it’s docker compose based

Capture d’écran du 2025-02-13 13-33-462248×894 287 KB

Great, So it means that you should have also imported postman collection based on the readme in the docker-compose folder.

[esignet/docker-compose/README.md at v1.5.0 · mosip/esignet · GitHub](https://How to bring up the complete eSignet setup for a Demo?)

From Step 5 in “how-to-bring-up-the-complete-esignet-setup-for-a-demo”:

1. Onboard relying party in eSignet, import all files under postman-collection folder into your postman. Choose eSignet-with-mock environment in the postman and invoke below requests under OIDC Client Mgmt → Mock folder in postman.

• Get CSRF token

• Create OIDC client → Make sure to update redirect Urls and logo URL as per your requirement in the request body.

• Copy the client ID in the Create OIDC client response.

• Prepare the Authorize URL → http://localhost:3000/authorize?state=eree2311&client_id=client_id_value&redirect_uri=redirect_uri&scope=openid&response_type=code&acr_values=mosip:idp:acr:generated-code&claims_locales=en&ui_locales=en-IN

Below placeholders should be replaced in the authorize URL

→ client_id_value : value should be replaced with the value copied from Create OIDC client response.

→ redirect_uri : As used in ODIC client create request.

• Paste and Go to the updated Authorize URL in the browser.

@SOUFIANE_AMGHAR was the above steps followed?

Hello thank you for the detailed steps
I have encountered a blocking issue caused from running the docker compose file provided in the 1.5.0 repository
Below the logs for both plugins and esignet:

{“@timestamp”:“2025-02-17T16:47:51.842Z”,“@version”:“1”,“message”:“sessionId - applicationId - OIDC_PARTNER - Getting Key CSR for application ID: OIDC_PARTNER, RefId: “,“logger_name”:“io.mosip.kernel.keymanagerservice.service.impl.KeymanagerServiceImpl”,“thread_name”:“main”,“level”:“INFO”,“level_value”:20000,“appName”:“esignet”}
{”@timestamp”:“2025-02-17T16:47:51.879Z”,“@version”:“1”,“message”:“===================== IDP KEY SETUP COMPLETED ========================”,“logger_name”:“io.mosip.esignet.config.AppConfig”,“thread_name”:“main”,“level”:“INFO”,“level_value”:20000,“appName”:“esignet”}
Zip has a parent directory inside
Unzip directory
Archive: client.zip
creating: client/
inflating: client/README.md
extracting: client/ref.proxy
extracting: client/ref.softhsm
inflating: client/pkcs11.cfg
inflating: client/libpkcs11-proxy.so.0.1
inflating: client/install.sh
Renaming directory
mv: cannot move ‘client’ to ‘hsm-client/client’: Directory not empty
Zip has a parent directory inside
Unzip directory
Archive: client.zip
replace client/README.md? [y]es, [n]o, [A]ll, [N]one, [r]ename: NULL
(EOF or read error, treating as “[N]one” …)

d=, keyGenerationTime=2025-02-14T16:40:06.470776, keyExpiryTime=2028-02-14T16:40:06.470776, status=null, certThumbprint=FDEA6640392DCD46873F763EACA7039F9073B46D7B956CE25E9127F2F6E77E55, uniqueIdentifier=730499A7B9BC5C5BEFD1D0DC5A6C62CF53A072ED)“,“logger_name”:“io.mosip.kernel.keymanagerservice.service.impl.KeymanagerServiceImpl”,“thread_name”:“main”,“level”:“INFO”,“level_value”:20000,“appName”:“mock-identity-system”}
{”@timestamp":“2025-02-17T16:47:50.697Z”,“@version”:“1”,“message”:"sessionId - applicationId - MOCK_AUTHENTICATION_SERVICE - Getting Key CSR for application ID: MOCK_AUTHENTICATION_SERVICE, RefId: ",“logger_name”:“io.mosip.kernel.keymanagerservice.service.impl.KeymanagerServiceImpl”,“thread_name”:“main”,“level”:“INFO”,“level_value”:20000,“appName”:“mock-identity-system”}
Zip has a parent directory inside
Unzip directory
Archive: client.zip
creating: client/
inflating: client/README.md
extracting: client/ref.proxy
extracting: client/ref.softhsm
inflating: client/pkcs11.cfg
inflating: client/libpkcs11-proxy.so.0.1
inflating: client/install.sh
Renaming directory
mv: cannot move ‘client’ to ‘hsm-client/client’: Directory not empty
Zip has a parent directory inside
Unzip directory
Archive: client.zip
replace client/README.md? [y]es, [n]o, [A]ll, [N]one, [r]ename: NULL
(EOF or read error, treating as “[N]one” …)

and for esignet-ui:

Pre-requisites download completed.
Replacing public url placeholder with public url
Replacing completed.
generating env-config file
generation of env-config file completed!
starting nginx
Downloading pre-requisites started.
unzip plugins…
./configure_start.sh: line 49: cd: /usr/share/nginx/html/plugins/temp: No such file or directory
Downloading pre-requisites started.
unzip plugins…
./configure_start.sh: line 49: cd: /usr/share/nginx/html/plugins/temp: No such file or directory
Downloading pre-requisites started.
unzip plugins…
./configure_start.sh: line 49: cd: /usr/share/nginx/html/plugins/temp: No such file or directory
Downloading pre-requisites started.
unzip plugins…
./configure_start.sh: line 49: cd: /usr/share/nginx/html/plugins/temp: No such file or directory
Downloading pre-requisites started.
unzip plugins…
./configure_start.sh: line 49: cd: /usr/share/nginx/html/plugins/temp: No such file or directory

logs esignet1186×334 56.6 KB

@Anusha_sunkadh It would be more efficient if you could assist me in a quick call whenever you are available, thanks

Hi @SOUFIANE_AMGHAR,

Yeah, this is a known problem with our docker-compose. As a workaround, we delete the containers and start fresh every time.

I followed the entire process you described and I still got this error when I sign in using eSignet

{
“responseTime”: “2025-02-19T11:12:03.620Z”,
“response”: null,
“errors”: [
{
“errorCode”: “invalid_client_id”,
“errorMessage”: “invalid_client_id”
}
]
}

@Anusha_sunkadh below is my development configuration in the interface side:

{
“development”: {
“BACKEND_URL”: “localhost:8002”,
“API_URL”: “localhost:8002/api/v1”,
“AUTHORIZE_URI”: “http://localhost:3000/authorize”,
“CLIENT_ID”: “IIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm96t+”,
“REDIRECT_URI”: “localhost:7000/auth/callback”,
“TOKEN_URL”: “localhost:8088/v1/esignet/oauth/v2/token”,
“USERINFO_URL”: “localhost:8088/v1/esignet/oidc/userinfo”,
“ESSENTIAL_CLAIMS”: {
“userinfo”: {
“name”: {
“essential”: true
},
“phone_number”: {
“essential”: false
},
“email”: {
“essential”: true
},
“picture”: {
“essential”: true
},
“gender”: {
“essential”: false
},
“birthdate”: {
“essential”: false
},
“address”: {
“essential”: true
}
},
“id_token”: {}
},

Ok. If “invalid_client_id” is thrown when you invoke “authorize/oauth-details” endpoint then the client_id passed in the request body should be cross-checked.

Is it the same as the client ID created in the Create OIDC client response?

Yes it is the same client_id in the Create OIDC client response and yet I still get the error during the login

@Anusha_sunkadh I think it’s better if we can arrange a quick Google meet call to solve this ticket faster whenever you are available