MobileID-Strong-Authentication · thomas4v · Mar 11, 2026 · Mar 2, 2026 · Mar 3, 2026 · Mar 9, 2026
diff --git a/docs/use-the-client-via-cli.md b/docs/use-the-client-via-cli.md
@@ -42,6 +42,9 @@ Arguments:
     -receipt                                            - For sign operation. Send a receipt after the signature is acquired successfully
     
     -geofencing                                         - For sign operation. Request additional geofencing data
+    
+    -app2app="myapp://example"                          - For sign operation (async only). Request App2App service which allows an Application Provider to automatically switch from
+                                                          their App to the Mobile ID App (and the Mobile ID App to automatically switch back to the originating App)
 
     -validate                                           - For sign operation. Validate the signature once it is successfully acquired
 
@@ -78,6 +81,7 @@ Use cases:
     - ./bin/mid-client.sh -profile-query -msisdn=41790000000 -soap
     - ./bin/mid-client.sh -sign -receipt -msisdn=41790000000 -lang=en -dtbs="Do you want to login?" -req-timeout=120
     - ./bin/mid-client.sh -sign -sync -receipt -msisdn=41790000000 -lang=en -dtbs="Do you want to login?" -soap -vv
+    - ./bin/mid-client.sh -sign -async -msisdn=41790000000 -lang=en -app2app="myapp://example" -dtbs="Do you want to login?" -rest -vv
     - ./bin/mid-client.sh \
            -config=my-config.properties \
            -sign -sync -receipt -geofencing \
@@ -95,46 +99,64 @@ Use the _-v_, _-vv_ and _-vvv_ arguments for increasingly detailed log levels, i
 exchanged packets.
 
 ## Examples
+
 Start with a fresh set of configuration files:
+
 ```shell
 ./bin/mid-client.sh -init 
 ```
 
 Get the profile information for a particular phone number (MSISDN) that your application provider is controlling:
+
 ```shell
 ./bin/mid-client.sh -profile-query -msisdn 41790000000 
 ```
 
 Get the same profile information using a particular configuration file and the SOAP interface of Mobile ID:
+
 ```shell
 ./bin/mid-client.sh -profile-query -msisdn 41790000000 -config local-config.properties -soap 
 ```
 
 Request a digital signature to a particular phone number (MSISDN), in sync mode:
+
 ```shell
 ./bin/mid-client.sh -sign -msisdn=41790000000 -geofencing -lang=en -dtbs "Do you want to login?" -sync  
 ```
 
 Request a digital signature to a particular phone number (MSISDN), in async mode (this is the default mode) and with signature receipt:
+
 ```shell
 ./bin/mid-client.sh -sign -msisdn=41790000000 -lang=en -dtbs "Do you want to login?" -receipt -req-timeout 120  
 ```
 
+Request a digital signature to a particular phone number (MSISDN), in async mode (this is the default mode) and with app2app service:
+
+```shell
+./bin/mid-client.sh -sign -msisdn=41790000000 -lang=en -app2app="myapp://example" -req-timeout 120  
+```
+
 Request a Mobile ID Serial number based on particular phone number (MSISDN), in async mode:
+
 ```shell
 ./bin/mid-client.sh -get-mid-sn -msisdn=41790000000 -rest
 ```
 
 Note: when working with arguments that have values (such as _-msisdn_) you can pass the value either as the next argument:
+
 ```shell
 ./bin/mid-client.sh -sign -msisdn 41790000000
 ```
+
 or in the form _name=value_:
+
 ```shell
 ./bin/mid-client.sh -sign -msisdn=41790000000
 ```
+
 Please note that the _-dtbs_ argument is a bit more special, as it will most likely contain spaces, so either the entire name=value
 construct is enclosed in double quotes or, if you use the name<space>value form, then the value is enclosed in double quotes:
+
 ```shell
 ./bin/mid-client.sh -sign -msisdn=41790000000 -dtbs "Do you want to login?"
 ./bin/mid-client.sh -sign -msisdn=41790000000 "-dtbs=Do you want to login?"

diff --git a/mid-java-client-core/src/main/java/ch/swisscom/mid/client/config/DefaultConfiguration.java b/mid-java-client-core/src/main/java/ch/swisscom/mid/client/config/DefaultConfiguration.java
@@ -32,6 +32,7 @@ public class DefaultConfiguration {
     public static final String ADDITIONAL_SERVICE_USER_LANG_URI = "http://mss.ficom.fi/TS102204/v1.0.0#userLang";
     public static final String ADDITIONAL_SERVICE_SIGNATURE_VALIDATION_URI = "http://uri.etsi.org/TS102204/v1.1.2#validate";
     public static final String ADDITIONAL_SERVICE_GEOFENCING = "http://mid.swisscom.ch/as#geofencing";
+    public static final String ADDITIONAL_SERVICE_APP2APP = "http://mid.swisscom.ch/as#app2app";
 
     public static final String SIGNATURE_REQUEST_MAJOR_VERSION = "1";
     public static final String SIGNATURE_REQUEST_MINOR_VERSION = "2";

diff --git a/mid-java-client-core/src/main/java/ch/swisscom/mid/client/impl/Loggers.java b/mid-java-client-core/src/main/java/ch/swisscom/mid/client/impl/Loggers.java
@@ -29,6 +29,8 @@ public class Loggers {
     public static final String REQUEST_RESPONSE = "ch.swisscom.mid.client.requestResponse";
     public static final String FULL_REQUEST_RESPONSE = "ch.swisscom.mid.client.fullRequestResponse";
     public static final String SIGNATURE_VALIDATOR = "ch.swisscom.mid.signatureValidator";
+    public static final String STATUS_QUERY_MODEL_UTILS = "ch.swisscom.mid.client.rest.statusQueryModelUtils";
+    public static final String SIGN_REQ_MODEL_UTILS = "ch.swisscom.mid.client.rest.signatureRequestModelUtils";
 
     // ----------------------------------------------------------------------------------------------------
 

diff --git a/mid-java-client-core/src/main/java/ch/swisscom/mid/client/model/App2App.java b/mid-java-client-core/src/main/java/ch/swisscom/mid/client/model/App2App.java
@@ -0,0 +1,38 @@
+/*
+ *
+ *  * Copyright 2021-2026 Swisscom (Schweiz) AG
+ *  *
+ *  * Licensed under the Apache License, Version 2.0 (the "License");
+ *  * you may not use this file except in compliance with the License.
+ *  * You may obtain a copy of the License at
+ *  *
+ *  * http://www.apache.org/licenses/LICENSE-2.0
+ *  *
+ *  * Unless required by applicable law or agreed to in writing, software
+ *  * distributed under the License is distributed on an "AS IS" BASIS,
+ *  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  * See the License for the specific language governing permissions and
+ *  * limitations under the License.
+ *
+ */
+
+package ch.swisscom.mid.client.model;
+
+public class App2App {
+    private String redirectUri;
+
+    public String getRedirectUri() {
+        return redirectUri;
+    }
+
+    public void setRedirectUri(String redirectUri) {
+        this.redirectUri = redirectUri;
+    }
+
+    @Override
+    public String toString() {
+        return "App2App{" +
+                "redirectUri='" + redirectUri + '\'' +
+                '}';
+    }
+}
diff --git a/mid-java-client-core/src/main/java/ch/swisscom/mid/client/model/SignatureRequest.java b/mid-java-client-core/src/main/java/ch/swisscom/mid/client/model/SignatureRequest.java
@@ -15,15 +15,15 @@
  */
 package ch.swisscom.mid.client.model;
 
-import java.util.ArrayList;
-import java.util.List;
-
 import ch.swisscom.mid.client.config.DefaultConfiguration;
 import ch.swisscom.mid.client.config.TrafficObserver;
+import ch.swisscom.mid.client.model.service.AdditionalService;
+import ch.swisscom.mid.client.model.service.UserLangAdditionalService;
 
-import static ch.swisscom.mid.client.utils.Utils.dataNotEmpty;
-import static ch.swisscom.mid.client.utils.Utils.dataNotNull;
-import static ch.swisscom.mid.client.utils.Utils.dataTrue;
+import java.util.ArrayList;
+import java.util.List;
+
+import static ch.swisscom.mid.client.utils.Utils.*;
 
 public class SignatureRequest {
 
@@ -35,7 +35,7 @@ public class SignatureRequest {
      * If this is not set then the ID from {@link ch.swisscom.mid.client.config.ClientConfiguration} is used.
      */
     private String overrideApId;
-    
+
     /**
      * Optional custom AP password that will override the AP password configured via {@link ch.swisscom.mid.client.config.ClientConfiguration}.
      * If this is not set then the password from {@link ch.swisscom.mid.client.config.ClientConfiguration} is used.
@@ -152,22 +152,22 @@ public void validateYourself() {
         dataNotEmpty(majorVersion, "The major version cannot be null or empty (see DefaultConfiguration for default values)");
         dataNotEmpty(minorVersion, "The minor version cannot be null or empty (see DefaultConfiguration for default values)");
         dataNotEmpty(additionalServices, "Invalid signature request configuration. " +
-                                         "At least the UserLang additional service needs to be configured (call setUserLanguage).");
+                "At least the UserLang additional service needs to be configured (call setUserLanguage).");
         dataNotNull(dataToBeSigned, "The data to be signed cannot be null (call setDataToBeSigned)");
         dataToBeSigned.validateYourself();
         dataNotNull(mobileUser, "The target mobile user cannot be null");
         mobileUser.validateYourself();
         dataNotEmpty(signatureProfile, "The signature profile cannot be null or empty. See " +
-                                       SignatureProfiles.class.getSimpleName() +
-                                       " for a list of possible profiles to choose from");
+                SignatureProfiles.class.getSimpleName() +
+                " for a list of possible profiles to choose from");
         dataTrue(userResponseTimeOutInSeconds >= DefaultConfiguration.SIGNATURE_MINIMUM_TIME_OUT_IN_SECONDS,
-                 "The user response timeout cannot be lower than " +
-                 DefaultConfiguration.SIGNATURE_MINIMUM_TIME_OUT_IN_SECONDS +
-                 " seconds");
+                "The user response timeout cannot be lower than " +
+                        DefaultConfiguration.SIGNATURE_MINIMUM_TIME_OUT_IN_SECONDS +
+                        " seconds");
         dataTrue(userResponseTimeOutInSeconds <= DefaultConfiguration.SIGNATURE_MAXIMUM_TIME_OUT_IN_SECONDS,
-                 "The user response timeout cannot be higher than " +
-                 DefaultConfiguration.SIGNATURE_MAXIMUM_TIME_OUT_IN_SECONDS +
-                 " seconds");
+                "The user response timeout cannot be higher than " +
+                        DefaultConfiguration.SIGNATURE_MAXIMUM_TIME_OUT_IN_SECONDS +
+                        " seconds");
     }
 
     // ----------------------------------------------------------------------------------------------------
@@ -177,14 +177,14 @@ public void validateYourself() {
     @Override
     public String toString() {
         return "SignatureRequest{" +
-               "majorVersion='" + majorVersion + '\'' +
-               ", minorVersion='" + minorVersion + '\'' +
-               ", additionalServices=" + additionalServices +
-               ", dataToBeSigned=" + dataToBeSigned +
-               ", mobileUser=" + mobileUser +
-               ", userResponseTimeOutInSeconds=" + userResponseTimeOutInSeconds +
-               ", signatureProfile='" + signatureProfile + '\'' +
-               ", trafficObserver=" + trafficObserver +
-               '}';
+                "majorVersion='" + majorVersion + '\'' +
+                ", minorVersion='" + minorVersion + '\'' +
+                ", additionalServices=" + additionalServices +
+                ", dataToBeSigned=" + dataToBeSigned +
+                ", mobileUser=" + mobileUser +
+                ", userResponseTimeOutInSeconds=" + userResponseTimeOutInSeconds +
+                ", signatureProfile='" + signatureProfile + '\'' +
+                ", trafficObserver=" + trafficObserver +
+                '}';
     }
 }
diff --git a/...m/mid/client/model/AdditionalService.java → ...ient/model/service/AdditionalService.java b/...m/mid/client/model/AdditionalService.java → ...ient/model/service/AdditionalService.java
@@ -1,45 +1,65 @@
-/*
- * Copyright 2021 Swisscom (Schweiz) AG
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package ch.swisscom.mid.client.model;
-
-/**
- * Base class for requesting additional services via requests to the Mobile ID service. You can either make an instance of this class
- * and set the URI by yourself, or use one of the provided subclasses. There is also a corresponding {@link AdditionalServiceResponse}
- * that contains, as expected, the data that is returned as part of the requested additional service payload.
- *
- * @see UserLangAdditionalService
- * @see SignatureValidationAdditionalService
- * @see GeofencingAdditionalService
- */
-public class AdditionalService {
-
-    private final String uri;
-
-    public AdditionalService(String uri) {
-        this.uri = uri;
-    }
-
-    public String getUri() {
-        return uri;
-    }
-
-    @Override
-    public String toString() {
-        return "AdditionalService{" +
-               "uri='" + uri + '\'' +
-               '}';
-    }
-}
+/*
+ *
+ *  * Copyright 2021-2026 Swisscom (Schweiz) AG
+ *  *
+ *  * Licensed under the Apache License, Version 2.0 (the "License");
+ *  * you may not use this file except in compliance with the License.
+ *  * You may obtain a copy of the License at
+ *  *
+ *  * http://www.apache.org/licenses/LICENSE-2.0
+ *  *
+ *  * Unless required by applicable law or agreed to in writing, software
+ *  * distributed under the License is distributed on an "AS IS" BASIS,
+ *  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  * See the License for the specific language governing permissions and
+ *  * limitations under the License.
+ *
+ */
+
+/*
+ * Copyright 2021 Swisscom (Schweiz) AG
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package ch.swisscom.mid.client.model.service;
+
+import ch.swisscom.mid.client.model.AdditionalServiceResponse;
+
+/**
+ * Base class for requesting additional services via requests to the Mobile ID service. You can either make an instance of this class
+ * and set the URI by yourself, or use one of the provided subclasses. There is also a corresponding {@link AdditionalServiceResponse}
+ * that contains, as expected, the data that is returned as part of the requested additional service payload.
+ *
+ * @see UserLangAdditionalService
+ * @see SignatureValidationAdditionalService
+ * @see GeofencingAdditionalService
+ */
+public class AdditionalService {
+
+    private final String uri;
+
+    public AdditionalService(String uri) {
+        this.uri = uri;
+    }
+
+    public String getUri() {
+        return uri;
+    }
+
+    @Override
+    public String toString() {
+        return "AdditionalService{" +
+                "uri='" + uri + '\'' +
+                '}';
+    }
+}
diff --git a/...ent-core/src/main/java/ch/swisscom/mid/client/model/service/App2AppAdditionalService.java b/...ent-core/src/main/java/ch/swisscom/mid/client/model/service/App2AppAdditionalService.java
@@ -0,0 +1,62 @@
+/*
+ *
+ *  * Copyright 2021-2026 Swisscom (Schweiz) AG
+ *  *
+ *  * Licensed under the Apache License, Version 2.0 (the "License");
+ *  * you may not use this file except in compliance with the License.
+ *  * You may obtain a copy of the License at
+ *  *
+ *  * http://www.apache.org/licenses/LICENSE-2.0
+ *  *
+ *  * Unless required by applicable law or agreed to in writing, software
+ *  * distributed under the License is distributed on an "AS IS" BASIS,
+ *  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  * See the License for the specific language governing permissions and
+ *  * limitations under the License.
+ *
+ */
+
+/*
+ * Copyright 2021 Swisscom (Schweiz) AG
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package ch.swisscom.mid.client.model.service;
+
+import ch.swisscom.mid.client.config.DefaultConfiguration;
+import ch.swisscom.mid.client.model.App2App;
+
+public class App2AppAdditionalService extends AdditionalService {
+
+    private App2App app2app;
+
+    public App2AppAdditionalService() {
+        super(DefaultConfiguration.ADDITIONAL_SERVICE_APP2APP);
+
+    }
+
+    public App2AppAdditionalService(String redirectUri) {
+        super(DefaultConfiguration.ADDITIONAL_SERVICE_APP2APP);
+        this.app2app = new App2App();
+        this.app2app.setRedirectUri(redirectUri);
+
+    }
+
+    public App2App getApp2app() {
+        return app2app;
+    }
+
+    public void setApp2app(App2App app2app) {
+        this.app2app = app2app;
+    }
+}