Online Authentication Rest API 

Digital Credential exposes 4 different endpoints to a Relying Party:

  1. OpenID Connect Discovery: Used to get Digital Credential OpenID Connect details.

  2. OpenID Connect Dynamic Registration: To register a client.

  3. OpenID Connect /authorize: For the authorization code flow, or /bc-authorize for CIBA (Client Initiated Backchannel Authentication).

  4. OpenID Connect /token: To retrieve the authentication result.

Note: By design, with an "Identity on the Edge" approach, Digital Credential does not store any personal data, even temporarily, on the server side.

Additionally:

  • /userinfo endpoint, typically available in OpenID Connect IDPs, is not available in Digital Credential. Instead, Digital Credential provides the requested claims directly in the IDToken.

  • /end_session endpoint, typically available in OpenID Connect IDPs, is not available in Digital Credential as SSO is not supported due to the lack of claims on the server side.

Know where is user during online authentication process

oxAuth is the OpenID Connect Provider (OP) component of the Gluu Platform. It implements the complete OpenID Connect and OAuth 2.0 feature set, including the authorization server, discovery, JWKS, User Info, and session/logout endpoints. This deployment includes IDEMIA-specific customizations and is tightly integrated with oxTrust.

In order to make use of the API, please log in

Download dc-authenticate\oxAuth-openapi.json