eIDs (v2)
EIDS:v2 is in preview. The Verification data block implementation is not yet finalized and may change before general availability. Use EIDS:v1 for production flows.
Authenticates users using a national electronic identity document
Used when businesses need to authenticate users through government-issued eID schemes. Supports multiple eID providers (e.g. France Identité, German eID) through a unified step, with routing to the appropriate provider managed by IDnow. Results are returned as a unified Verification data block.
Key features
- Multi-provider support — Routes to the appropriate eID provider backend based on the user's selected method and your organisation's routing configuration.
- OIDC-based authentication — Authenticates users via OpenID Connect with the eID provider.
- Flexible method selection — Works with an upstream Verification method selector (v2) step, or can be pre-configured to a fixed method.
- Unified
Verificationdata block — Produces a structured record describing the eID method used, the authority, cryptographic evidence, and the assurance level achieved.
Method selection modes
The step supports two modes for determining which eID method to use:
| Mode | When to use | How to configure |
|---|---|---|
| End-user selection | The end-user chooses their preferred eID method at runtime (e.g. from a list presented by an upstream selector step). | Place a Verification method selector (v2) step before this step. Leave preconfigure unset. |
| Customer-provided selection | The customer's backend system determines the eID method and passes it at session creation time, without any end-user selector step in the flow. | Inject an eIDMethodSelection datablock via the input field when creating the session. Leave preconfigure unset. |
| Pre-configured method | The method is fixed by the flow definition — the end-user has no choice and no runtime input is needed. | Set preconfigure.method in this step's configuration. No upstream selector or session input is needed. |
These modes are mutually exclusive. preconfigure takes precedence over any eIDMethodSelection input. If neither is configured, flow validation will reject the flow definition — the step requires either preconfigure or an upstream eIDMethodSelection input to be wired.
Configuration
| Attribute | Type | Required | Description |
|---|---|---|---|
preconfigure | object | No | Pre-selects a fixed eID method, bypassing the need for an upstream Verification method selector step. When present, the step uses this method directly instead of reading the user's selection from the flow context. |
preconfigure.method | string | Yes (if preconfigure set) | The eID method to use. Accepted values: franceIdentite, personalausweis, lIdentiteNumeriqueLaPoste, spid, itsme, lithuanianMobileId, mojeIdPl, idin, smartId, mitId, norwegianBankId, estonianIdCard, latvianIdCard, lithuanianIdCard, finnishTrustNetwork, frejaEid, belgiumIdCard, edoApp, eParakstsMobile, portugueseIdCard, finnishHenkilokortti, serbianIdCard, swedishBankId. |
preconfigure.assuranceLevel | string | No | Required assurance level for the authentication. Accepted values: low, substantial, high. |
preconfigure.trustFramework | string | No | Trust framework governing the assurance level. Accepted values: eidas. |
enableRetry | boolean | No | When true, adds a retry output route that can be used to handle user cancellations. Defaults to false. |
Without preconfigure, the step reads the user's eID method selection produced by an upstream VERIFICATION_METHOD_SELECTOR:v2 step. If neither preconfigure nor an upstream selector is wired, flow validation will reject the flow definition.
Example
With an upstream Verification method selector (recommended for multi-method flows):
{}
With preconfigure (single-method flows, no selector needed):
{
"preconfigure": {
"method": "franceIdentite",
"assuranceLevel": "substantial",
"trustFramework": "eidas"
}
}
Input data blocks
| Data block | Required | Description |
|---|---|---|
eIDMethodSelection | Conditional | Produced by an upstream VERIFICATION_METHOD_SELECTOR:v2 step when the user selects an eID method. Required when preconfigure is not set. |
Routes
| Route | Description |
|---|---|
verified | The user's identity has been successfully authenticated by the eID provider. The OIDC flow completed and the provider returned a valid identity assertion. |
not_verified | The authentication attempt failed. The identity could not be verified — for example, the user entered an incorrect PIN or the eID provider rejected the authentication request. |
Output data blocks
| Route | Data blocks produced |
|---|---|
verified | BasicIdentity, ExtendedIdentity, Verification |
not_verified | Verification |
Verification data block
The Verification data block produced by EIDS:v2 describes the outcome of the eID authentication.
| Field | Type | Description |
|---|---|---|
status | string | Verification status. One of: verified, rejected, aborted, error. The values fraudDetected and canceled exist in the schema but are not emitted by eID flows. |
provider | string | The eID provider used. One of: "france-identite", "german-eid", "eideasy". |
trustFramework | string | null | Trust framework of the assurance level achieved (e.g. "eidas"). Taken from preconfigure or method selection. |
assuranceLevel | string | null | Assurance level achieved (e.g. "substantial"). Taken from preconfigure or method selection. null on failure paths. |
verifiedAt | string | ISO 8601 timestamp of the authentication. |
verificationProcessId | string | null | Provider transaction or session reference. |
terminationReason | object | null | Present when the process was aborted by the user. Contains code (string) and message (string | null). |
methods | array | Always contains one entry of type eid describing the eID method used. |
methods[].eid
| Field | Type | Description |
|---|---|---|
type | string | Always "eid". |
source | string | "governmentRegister" for government-backed providers (France Identité, German eID) or "financialInstitution" for financial institution-backed providers (eIDEasy methods: SPID, Lithuanian Mobile ID, iDIN, etc.). |
authority | string | The issuing authority. "Agence Nationale des Titres Sécurisés" (France Identité) or "Bundesdruckerei" (German eID). |
countryCode | string | ISO 3166-1 alpha-2 country code. "FR" or "DE". |
evidence | array | Cryptographic evidence. For France Identité on verified: contains the OIDC ID token vault reference. Empty on failure paths or German eID. |
sessionBinding | object | null | OIDC session details (France Identité only). Contains protocol, subjectId, sessionId, transactionId. null on failure paths or German eID. |