Validates an ID token from the tenant's configured OIDC provider (e.g. eSignet) and returns a self-service JWT bound to the matching entity. Token issuer is pre-validated against the tenant config before any JWKS fetch (SSRF mitigation). JWKS origin must match the configured authority.
Requires a self-service token. Returns the token's entity plus the forms the citizen may submit.
Returns both applied events (from the audit trail) and pending/rejected reviews, newest first.
Sends a one-time password to the given identifier (phone or email). In production this integrates with an SMS or email gateway. Rate limits: 5 requests per 15 min per IP and per identifier. In non-production environments the plaintext code is returned as `devCode`.
Submits a change request from the beneficiary. Standalone forms (life_event, grievance) are stored for review without entity side-effects. Entity update forms go through the review pipeline when `requireReview` is enabled; otherwise they are applied directly.
Returns a self-service JWT if the supplied national ID and date of birth match a beneficiary in the tenant.
Verifies a one-time password and returns a self-service JWT scoped to the associated entity.