Step 4. Add and Verify an Alias

All members have human-readable and verifiable aliases. Your Alias specifies your business web domain, an email address, or your certificate, based on the Alias.Type you choose. Moreover, since an alias can only be claimed once, it immediately becomes unique as soon as you provide it, so no other member can use it. Hence, an alias belongs to a single member and must be verified before it can be used.

Adding and Removing an Alias

Under the Member class, the addAlias method attempts to add an alias for a member, but will fail if the alias is already in use. In which case, you will need to choose and use a different alias for that member. The removeAlias method deletes an alias for a member. Upon successfully verifying an alias or aliases, you can then fetch one or more of them.

Here's how to add and remove an alias for a member:

Alias alias = Alias.newBuilder()

    .setType(DOMAIN)

    .setValue("verified-domain.com")

    .build();

 

// add the alias

member.addAliasBlocking(alias);

 

// remove the alias

member.removeAliasBlocking(alias);

For an eIDAS-type alias, you need to set the realmId for the bankMemberId as shown in Step 3.

To determine the memberId of the bank you want to connect to, use the resolveAlias() method.

// resolve memberId of the bank TPP is trying to get access to

String bankMemberId = client

    .resolveAliasBlocking(Alias.newBuilder().setValue(bankId).setType(BANK).build())

    .getId();

Verifying an Alias

Domain-type aliases require manual verification by Token.io. To register a domain alias, take the following steps:

  1. Add your domain name using the addAliasBlocking method.
  2. Send a verification request for the alias to Token.io Client Services. Be sure to include your business member ID. If you don't know your ID, retrieve it using the getMemberIdBlocking method.

To verify an eIDAS-type alias, use a verifyEidas() call with the following methods:

// construct a payload with all the required data

VerifyEidasPayload payload = VerifyEidasPayload

    .newBuilder()

    .setAlgorithm(signingAlgorithm)

    .setAlias(eidasAlias)

    .setCertificate(certificate)

    .setMemberId(tpp.memberId())

    .build();

// verify eIDAS

VerifyEidasResponse response = tpp

    .verifyEidas(payload, signer.sign(payload))

    .blockingSingle();

// get the verification status (useful if verifyEidas response has IN_PROGRESS status)

GetEidasVerificationStatusResponse statusResponse = tpp+

    .getEidasVerificationStatus(response.getVerificationId())

    .blockingSingle();

Tip: This submits an eIDAS certificate for a business member already registered under the realm of a bank. If this member has not yet onboarded, a successful certificate verification will result in onboarding of the member. If the member already has a certificate on file, the result of this call is a certificate substitution/replacement.

Fetching an Alias

The SDK offers two methods to fetch aliases:

  1. aliasesBlocking retrieves the list of the member's aliases.
  2. firstAliasBlocking retrieves only the first alias used by the member.

Here are the relevant API references:

Resolving an Alias

When a member ID can't be found due to a typo or other mismatch, you can look up the correct member ID using a known alias and/or profile. You can also find out if an alias already belongs to a member.

Here's how to resolve an alias:

Alias alias = Alias.newBuilder()

    .setValue("user-email@example.com")

    .build();

 

// If this call fails then the alias does not correspond to an existing member.

TokenMember resolved = client.resolveAliasBlocking(alias);

 

// resolved member ID from alias

String memberId = resolved.getId();

 

// The resolved alias

// will have the correct type, e.g. EMAIL.

Alias resolvedAlias = resolved.getAlias();

Here are the relevant API references: