eIDs (v2)
Preview
EIDS:v2 is in preview. The Verification datablock implementation is not yet finalized and may change before general availability. Use EIDS:v1 for production flows.
Authenticates users using a national electronic identity document
Used when businesses need to authenticate users through government-issued eID schemes. Supports multiple eID providers (e.g. France Identité, German eID) through a unified step, with routing to the appropriate provider managed by IDnow. Results are returned as a unified Verification datablock.
Key features
- Multi-provider support — Routes to the appropriate eID provider backend based on the user's selected method and your organisation's routing configuration.
- OIDC-based authentication — Authenticates users via OpenID Connect with the eID provider.
- Flexible method selection — Works with an upstream Verification method selector (v2) step, or can be pre-configured to a fixed method.
- Unified
Verificationdatablock — Produces a structured record describing the eID method used, the authority, cryptographic evidence, and the assurance level achieved.
Configuration
| Attribute | Type | Required | Description |
|---|---|---|---|
preconfigure | object | No | Pre-selects a fixed eID method, bypassing the need for an upstream Verification method selector step. When present, the step uses this method directly instead of reading the user's selection from the flow context. |
preconfigure.method | string | Yes (if preconfigure set) | The eID method to use. Accepted values depend on your organisation's routing configuration (e.g. franceIdentite, personalausweis, spid, lithuanianMobileId). Values are camelCase — v2 has no snake_case preprocessor shim. Contact IDnow to confirm which methods are enabled for your account. |
preconfigure.assuranceLevel | string | No | Required assurance level for the authentication. Accepted values: low, substantial, high. |
preconfigure.trustFramework | string | No | Trust framework governing the assurance level. Accepted values: eidas. |
enableRetry | boolean | No | When true, adds a retry output route that can be used to handle user cancellations. Defaults to false. |
Without preconfigure, the step reads the user's eID method selection produced by an upstream VERIFICATION_METHOD_SELECTOR:v2 step. If neither preconfigure nor an upstream selector is present, the flow is misconfigured and will fail at runtime.
Example
With an upstream Verification method selector (recommended for multi-method flows):
{}
With preconfigure (single-method flows, no selector needed):
{
"preconfigure": {
"method": "franceIdentite",
"assuranceLevel": "substantial",
"trustFramework": "eidas"
}
}
Input datablocks
| Data block | Required | Description |
|---|---|---|
eIDMethodSelection | No | Produced by an upstream VERIFICATION_METHOD_SELECTOR:v2 step when the user selects an eID method. Used to determine which provider to call. When absent, preconfigure must be set. |
Verdicts
| Verdict | Description |
|---|---|
verified | The user's identity has been successfully authenticated by the eID provider. The OIDC flow completed and the provider returned a valid identity assertion. |
not_verified | The authentication attempt failed. The identity could not be verified — for example, the user entered an incorrect PIN or the eID provider rejected the authentication request. |
Output datablocks
| Verdict | Data blocks produced |
|---|---|
verified | BasicIdentity, ExtendedIdentity, Verification |
not_verified | Verification |
Verification datablock
The Verification datablock produced by EIDS:v2 describes the outcome of the eID authentication.
| Field | Type | Description |
|---|---|---|
status | string | Verification status. One of: verified, rejected, aborted, error. The values fraudDetected and canceled exist in the schema but are not emitted by eID flows. |
provider | string | The eID provider used. One of: "france-identite", "german-eid". |
trustFramework | string | null | Trust framework of the assurance level achieved (e.g. "eidas"). Taken from preconfigure or method selection. |
assuranceLevel | string | null | Assurance level achieved (e.g. "substantial"). Taken from preconfigure or method selection. null on failure paths. |
verifiedAt | string | ISO 8601 timestamp of the authentication. |
verificationProcessId | string | null | Provider transaction or session reference. |
terminationReason | object | null | Present when the process was aborted by the user. Contains code (string) and message (string | null). |
methods | array | Always contains one entry of type eid describing the eID method used. |
methods[].eid
| Field | Type | Description |
|---|---|---|
type | string | Always "eid". |
source | string | "governmentRegister" for government-backed providers (France Identité, German eID) or "financialInstitution" for financial institution-backed providers (eIDEasy methods: SPID, Lithuanian Mobile ID, iDIN, etc.). |
authority | string | The issuing authority. "Agence Nationale des Titres Sécurisés" (France Identité) or "Bundesdruckerei" (German eID). |
countryCode | string | ISO 3166-1 alpha-2 country code. "FR" or "DE". |
evidence | array | Cryptographic evidence. For France Identité on verified: contains the OIDC ID token vault reference. Empty on failure paths or German eID. |
sessionBinding | object | null | OIDC session details (France Identité only). Contains protocol, subjectId, sessionId, transactionId. null on failure paths or German eID. |