Pre-configured Scopes
The Interac Hub supports pre-configured scopes. These scopes cover both the Interac Verification Service and Interac Document Verification Service.
openid onlyVme_scope
This flow presents the user with the Interac® verification service financial institution selection screen. The user has the ability to continue with the web app (as shown below) or the Interac verification service mobile app (on iOS and Android).
openid document_scope
This flow presents the user with the Interac® document verification service screen. The user will then be asked to scan a QR code or open a link delivered via SMS on their phone and use the web app + camera to take photos of their documents and a live selfie.
Supported Document Types (Field: doc_type)
A selection of government IDs are supported and these need to be enabled during onboarding. Hub returns the document scanned in the field doc_type
of the POST /userinfo
response. Below is a mapping of the official government ID document name to corresponding value in the doc_type
field.
Value | Government ID Document Name |
---|---|
passport | Passport |
drivers_license | Driver's License |
national_card | Provincial Photo Card |
resident_permit | Permanent Resident Card |
indigenous_card | Indian Status Card (Only the "Secure Certificate of Indian Status" in Canada is accepted at this time.) |
Allow Partial Results
Additionally, the RP/DAC can configure during onboardingthe flag "allowPartialResults": true
. If this is the case, user claims are returned to the RP/DAC, rather than error messages returned to the redirect_uri
if the scan is SUSPECTED
or REJECTED
. The RP/DAC should take note of the following fields relating to document scanning.
Field: scan_result
The overall confidence in the scanned document. Priority for this field is REJECTED > SUSPECTED > CLEAR
.
Flag | Description |
---|---|
CLEAR | All checks passed successfully |
SUSPECTED | There are signs of tampering or fraud attempts |
REJECTED | Either the images could not be processed, or the document type is not recognized |
If the scan_result
field is anything other than CLEAR
, Hub will return a number of potential fields to indicate why the result is either SUSPECTED
or REJECTED
. These flags will be listed in the form of a JSON array in the userinfo result provided by Hub. See below code blocks on what the userinfo result should look like with these flags returned.
The following is a glossary of all flags which can be returned.
Flag | Description |
---|---|
data_validation | Document data is not in the expected format (e.g. DD/MM/YYYY vs. YYYY-MM-DD, length) |
visual_authenticity | Visual features of the document do not match those of a genuine version (e.g. missing portrait, photo of a screenshot, incorrect fonts, tampered/altered portrait, missing security features, incorrect document template) |
data_consistency | Same document data on 2 or more places did not match (e.g. VIZ vs. barcode/MRZ) |
compromised_document | The document has been flagged as compromised. This is not an authoritative check, but from the 3rd party scanning service. |
police_record | The document has been reported as lost, stolen or compromised by law enforcement to the 3rd party scanning service. NOTE: This flag is NOT available in Canada |
source_integrity | (Live Selfie) The live photo was non-trustworthy (digitally tampered with or taken from a webcam etc...). |
face_match | (Live Selfie) The live photo does not match with the portrait on the document. |
spoofing_detection | (Live Selfie) The live photo was not real (e.g. photo of a portrait or screenshot). |
image_quality | The document image was not of good enough quality to process. |
supported_document | The document is not supported by this service. |
filtered_document | The document is supported by this service, but not enabled for this customer. |
colour_picture | The document image was black and white; such images prevent a full assessment of whether the document is genuine. |
conclusive_document_quality | The document image was not sufficient to determine whether it was genuine or fake; applied via manual review if agent is not able to make a conclusive determination on authenticity. |
document_expiration | The document has expired based on the expiry date/date of expiration. |
face_detection | The document portrait did not have a face. |
face_detected | (Live Selfie) A face of sufficient quality could not be determined from the live photo |
field_validation | One or more document fields listed as mandatory by the customer could not be obtained; likely signifies a critical element such as the document number was missing or could not be seen. |
Additional UserInfo Examples
{
"address": {
"country": "CAN",
"locality": "North York",
"postal_code": "M2P 1N6",
"region": "ON",
"street_address": "4101 Yonge St"
},
"birthdate": "1990-01-31",
"com.securekey.verified.me.ui_locale": "en-CA",
"com.securekey.vids.job_id": "501640cd-d22d-4e5c-875e-ea7df054e9bd",
"doc_number": "S12345678901234",
"doc_type": "drivers_license",
"expiry_date": "2030-01-31",
"family_name": "DOE",
"given_name": "JANE H",
"issue_date": "2020-10-21",
"issuing_authority": "ON",
"issuing_country": "CA",
"nationality": "N/A",
"scan_result": "CLEAR",
"source": "driving_licence",
"sub": "501640cd-d22d-4e5c-875e-ea7df054e9bd"
}
{
"address": {
"country": "N/A",
"locality": "N/A",
"postal_code": "N/A",
"region": "N/A",
"street_address": "N/A"
},
"birthdate": "1990-01-31",
"com.securekey.verified.me.ui_locale": "en-CA",
"com.securekey.vids.job_id": "501640cd-d22d-4e5c-875e-ea7df054e9bd",
"doc_number": "GM123456",
"doc_type": "passport",
"expiry_date": "2030-01-31",
"family_name": "DOE",
"given_name": "JANE HEATHER",
"issue_date": "2020-10-21",
"issuing_authority": "CA",
"issuing_country": "CA",
"nationality": "CAN",
"scan_result": "CLEAR",
"source": "passport",
"sub": "501640cd-d22d-4e5c-875e-ea7df054e9bd"
}
{
"address": {
"country": "CAN",
"locality": "North York",
"postal_code": "M2P 1N6",
"region": "ON",
"street_address": "4101 Yonge St"
},
"birthdate": "1990-01-31",
"com.securekey.verified.me.ui_locale": "en-CA",
"com.securekey.vids.job_id": "501640cd-d22d-4e5c-875e-ea7df054e9bd",
"doc_number": "123AA4567890",
"doc_type": "national_card",
"expiry_date": "2030-01-31",
"family_name": "DOE",
"given_name": "JANE H",
"issue_date": "2020-10-21",
"issuing_authority": "ON",
"issuing_country": "CA",
"nationality": "N/A",
"scan_result": "CLEAR",
"source": "national_identity_card",
"sub": "501640cd-d22d-4e5c-875e-ea7df054e9bd"
}
{
"address": {
"country": "N/A",
"locality": "N/A",
"postal_code": "N/A",
"region": "N/A",
"street_address": "N/A"
},
"birthdate": "1990-01-31",
"com.securekey.verified.me.ui_locale": "en-CA",
"com.securekey.vids.job_id": "501640cd-d22d-4e5c-875e-ea7df054e9bd",
"doc_number": "AA1234567",
"doc_type": "resident_permit",
"expiry_date": "2030-01-31",
"family_name": "DOE",
"given_name": "JANE",
"issue_date": "N/A",
"issuing_authority": "CA",
"issuing_country": "CA",
"nationality": "USA",
"scan_result": "CLEAR",
"source": "residence_permit",
"sub": "501640cd-d22d-4e5c-875e-ea7df054e9bd"
}
{
"address": {
"country": "N/A",
"locality": "N/A",
"postal_code": "N/A",
"region": "N/A",
"street_address": "N/A"
},
"birthdate": "1980-01-13",
"com.securekey.verified.me.ui_locale": "en-CA",
"com.securekey.vids.job_id": "06bcdc6e-c83e-46b9-b38e-4081d98a2b7c",
"doc_number": "110566685",
"doc_type": "indigenous_card",
"expiry_date": "2031-01-13",
"family_name": "JOHNSON",
"given_name": "LOUISE",
"issue_date": "2021-01-03",
"issuing_authority": "CA",
"issuing_country": "CA",
"nationality": "N/A",
"scan_result": "CLEAR",
"source": "indigenous_card",
"sub": "06bcdc6e-c83e-46b9-b38e-4081d98a2b7c"
}
The following are example user claims from the Hub userinfo_endpoint
where document verification failed and "allowPartialResults": true
. Note the scan_result field
and suspected_flags/rejected_flags indicating document verification issues.
{
"sub": "fd43f0ed-db74-46af-8f35-2e16c78308e3",
"address": {
"country": "N/A",
"street_address": "N/A",
"locality": "N/A",
"postal_code": "N/A",
"region": "N/A"
},
"birthdate": "1958-07-02",
"com.securekey.verified.me.ui_locale": "en-CA",
"expiry_date": "2024-09-04",
"doc_number": "GA302922",
"suspected_flags": [
"face_match",
"spoofing_detection"
],
"doc_type": "passport",
"source": "passport",
"given_name": "JOHN TIM",
"com.securekey.vids.job_id": "fd43f0ed-db74-46af-8f35-2e16c78308e3",
"scan_result": "SUSPECTED",
"issue_date": "2014-09-04",
"nationality": "CAN",
"issuing_country": "CA",
"issuing_authority": "CA",
"family_name": "NET"
}
{
"sub": "e54d47c8-1f03-4ab6-b471-15cf926684db",
"address": {
"country": "N/A",
"street_address": "N/A",
"locality": "N/A",
"postal_code": "N/A",
"region": "N/A"
},
"birthdate": "2000-12-25",
"com.securekey.verified.me.ui_locale": "en-CA",
"expiry_date": "2000-12-25",
"doc_number": "N/A",
"suspected_flags": [
"visual_authenticity",
"data_consistency",
"data_validation",
"spoofing_detection"
],
"doc_type": "passport",
"source": "passport",
"given_name": "CLAUS",
"com.securekey.vids.job_id": "e54d47c8-1f03-4ab6-b471-15cf926684db",
"scan_result": "REJECTED",
"issue_date": "2000-12-25",
"nationality": "CAN",
"issuing_country": "CA",
"issuing_authority": "CA",
"family_name": "SANTA",
"rejected_flags": [
"field_validation",
"document_expiration"
]
}
openid general_scope
The flow presents the user with an option to choose Interac® verification service flow OR Documents verification service flow.
openid dual_scope
The flow presents the user with two steps where he/she must complete the Interac® verification service flow first and then Documents Verification as the second step (Interac® verification service AND Interac® document verification service).
If successful Interac® verification service flow and CLEAR
Document Verification status, RPs will receive data from Interac® verification service + Interac® document verification service + Match scores (Interac® verification service data compared to the scanned document data).
If one or both flows fail, the Hub returns an error response message to the RP/DAC via the redirect_uri
specified at the start the Hub API request to the authorization_endpoint
.
IVS | IDVS | Data Matching | Response |
---|---|---|---|
Success | REJECTED | Fail | Return Interac® verification service + Interac® document verification service fail reason + Match score fail reason An authorization_code is returned and UserInfo can be retrieved. |
Success | SUSPECTED | Fail | Return Interac® verification service+ Interac® document verification service fail reason + Match score fail reason An authorization_code is returned and UserInfo can be retrieved. |
Success | FAIL - System Error | Fail | Return Interac® verification service + Interac® document verification service fail reason + Match score fail reason An authorization_code is returned and UserInfo can be retrieved. |
Success | FAIL - User Cancel | Fail | Return Interac® verification service + Interac® document verification service fail reason + Match score fail reason An authorization_code is returned and UserInfo can be retrieved. |
Unsuccessful - Cancel/System Error | CLEAR | Fail | Return Interac® verification service fail reason + Interac® document verification service results + Match score fail reason An authorization_code is returned and UserInfo can be retrieved. |
Unsuccessful - Cancel/System Error | REJECTED | Fail | Return Interac® verification service fail reason + Interac® document verification service fail reason + Match score fail reason. An OAuth error response is returned in the authorization call to the RP/DAC redirect_uri, and no authorization code is returned. |
Unsuccessful - Cancel/System Error | SUSPECTED | Fail | Return Interac® verification service fail reason + Interac® document verification service fail reason + Match score fail reason. An OAuth error response is returned in the authorization call to the RP/DAC redirect_uri, and no authorization code is returned. |
Unsuccessful - Cancel/System Error | FAIL - System Error | Fail | Return Interac® verification service fail reason + Interac® document verification service fail reason + Match score fail reason. An OAuth error response is returned in the authorization call to the RP/DAC redirect_uri, and no authorization code is returned. |
Unsuccessful - Cancel/System Error | FAIL - User Cancel | Fail | Return Interac® verification service fail reason + Interac® document verification service fail reason + Match score fail reason. An OAuth error response is returned in the authorization call to the RP/DAC redirect_uri, and no authorization code is returned. |
Success | CLEAR | Fail - System Error | Return Interac® verification service + Interac® document verification service + Match score fail reason |
Updated 4 months ago