Online Authentication Rest API 

The Digital Credential Platform exposes the following OpenID Connect endpoints to a Relying Party:

  1. OpenID Connect Discovery
    /.well-known/openid-configuration Used to retrieve OpenID Connect configuration and metadata.

  2. OpenID Connect Authorization Endpoint
    /authorize Used to initiate browser-based Online Authentication through the Authorization Code Flow.

  3. OpenID Connect CIBA Endpoint
    /bc-authorize Used to initiate backchannel authentication through the CIBA flow.

  4. OpenID Connect Token Endpoint
    /token Used to retrieve tokens after successful authentication or transaction confirmation.

IMPORTANT
The Digital Credential Platform does not support the OpenID Connect endpoints:

  • /end_session
  • /userinfo

The /end_session endpoint, typically available in OpenID Connect Identity Providers, is not available in the Digital Credential Platform because SSO session management is not supported. This is aligned with the Identity on the Edge approach, where personal data and identity claims are not stored on the server side.

The /userinfo endpoint is not supported because, with the Identity on the Edge approach, personal data and identity claims are not stored on the server side.

Relying Parties should not rely on /userinfo to retrieve user attributes. Approved identity attributes are returned as part of the configured OpenID Connect token response, according to the selected flow, requested scopes, and issuer settings.

Know where is user during online authentication process

oxAuth is the OpenID Connect Provider (OP) component of the Gluu Platform.

It implements the complete OpenID Connect and OAuth 2.0 feature set, including the authorization server, discovery, JWKS endpoints.

This deployment includes IDEMIA-specific customizations and is tightly integrated with oxTrust.

In order to make use of the API, please log in