Online Authentication Rest API
The Digital Credential Platform exposes the following OpenID Connect endpoints to a Relying Party:
-
OpenID Connect Discovery
/.well-known/openid-configurationUsed to retrieve OpenID Connect configuration and metadata. -
OpenID Connect Authorization Endpoint
/authorizeUsed to initiate browser-based Online Authentication through the Authorization Code Flow. -
OpenID Connect CIBA Endpoint
/bc-authorizeUsed to initiate backchannel authentication through the CIBA flow. -
OpenID Connect Token Endpoint
/tokenUsed to retrieve tokens after successful authentication or transaction confirmation.
IMPORTANT
The Digital Credential Platform does not support the OpenID Connect endpoints:
- /end_session
- /userinfo
The /end_session endpoint, typically available in OpenID Connect Identity Providers, is not available in the Digital Credential Platform because SSO session management is not supported. This is aligned with the Identity on the Edge approach, where personal data and identity claims are not stored on the server side.
The /userinfo endpoint is not supported because, with the Identity on the Edge approach, personal data and identity claims are not stored on the server side.
Relying Parties should not rely on
/userinfoto retrieve user attributes. Approved identity attributes are returned as part of the configured OpenID Connect token response, according to the selected flow, requested scopes, and issuer settings.
oxAuth is the OpenID Connect Provider (OP) component of the Gluu Platform.
It implements the complete OpenID Connect and OAuth 2.0 feature set, including the authorization server, discovery, JWKS endpoints.
This deployment includes IDEMIA-specific customizations and is tightly integrated with oxTrust.
In order to make use of the API, please log in