You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 30 Next »

The OpenID Connect Provider from BankID (hereafter referred to as the OIDC Provider) is illustrated below. It consists of a industry-standard REST API (left side) in front of various Identity Providers (IDP) and Supplementary Services. The REST API is based on the OpenID Connect 1.0 authentication standard on top of the OAuth 2.0 authorization framework. Consent handling is a key feature of the OIDC Provider.  

The preferred way to integrate with the OIDC Provider is to use a set of JavaScript connectors being front-end wrappers of the API.

A major benefit of the OIDC Provider is to allow merchants start using the BankID Services with minimum integration effort compared to the legacy integration option (ie. install BankID Server, add a BankID merchant certificate and integrate towards the proprietary API of BankID server). For the xID Service  the OIDC Provider is the only integration option available to merchants. 

The  Additional Information service supports a set of standard scopes, claims and token formats related to end-user profile data. This service also includes a resource server (right side) providing such profile data over the standard Userinfo endpoint. The PSD2 service consist of a range of specific (currently non-standard) scopes, claims and token formats tailored for various use-cases under PSD2. The PSD2 service does in contrast not include any corresponding resource servers. PSD2 resources are made availble to AISP/PISPs over an API decided by each ASPSP.

The term OIDC Client is used for any application that integrates with the OIDC Provider, corresponding to the following terms in related vocabularies:

  • OAUth2 clients in OAuth vocabulary
  • Relying Party in OIDC vocabulary
  • Merchant in BankID vocabulary
  • Third Party Provider in PSD2 vocabulary.

OIDC Clients may integrate directly with the OIDC Provider or indirectly via an intermediate party as described in a separate section. OIDC Clients (directly connected or intermediate parties) must authenticate with the OIDC Provider.

The OIDC Provider comes with a default component responsible for all GUI handling.  An OIDC Client may override the default GUI and provide its own customized GUI handling hosted at any URL.

Note

A good way to start exploring the OIDC Provider from BankID and its capabilities is to try out live test clients and also consult GitHub for various source code examples.

Some background reading is recommended for readers that are unfamiliar with OpenID Connect and OAuth2

 

 

 

 

  • No labels