The diagram below shows the key components of the solution

Technical information and flows

OAuth Authorization Code Flow

The authentication flow is executed on the same device through a user agent redirect. The OAuth adapter service within the Trust Platform connects with the Identity provider's existing OAuth service.

QRCode Authentication

A challenge-response-based authentication scheme is performed via scanning a QR, provided that no previous session information about the user exists.

Push Authentication

On subsequent authentications (when a session exists) the identity holder receives a credential-sharing request via a push notification. A proof or token is sent back to the Identity OIDC provider upon consent by using the biometric identification functions of the smartphone. Then the IdP can forward the received attributes in the form of a JSON Web Token to the relying party.

Push Authentication handles both the:

• Client SDKS for mobile operating systems (iOS and Android)

• API layer for generating and checking authentication challenges

Together these turn the end user's mobile device into a secure key.

The Trust Platform Push Verify was built to comply with NIST's recommendations for out-of-band verifiers, including managing secrets, expiration, and rate limiting.