Relying Party User Guide

Getting started as a Relying Party.

Start with the Architecture Overview to become familiar with the key concepts for the IDPartner ecosystem.

IDPartner offers a seamless integration for Relying Parties to access customer identity details through a consent-based approach. The integration follows a standard OIDC (OpenID Connect) process, ensuring compatibility and ease of implementation.

The IDPartner integration process, based on the standard OIDC interface, is designed to be easy and quick to implement. Developers can utilize libraries available in various programming languages to create an OIDC Client for seamless integration with IDPartner's services.

Checkout the NodeJS example to get started quickly

Installing IDPartner into your web application requires installing two components

  1. Verify Button into the front-end application

  2. OIDC Confidential Client to communicate to the identity provider API

Integration Steps for IDPartner Application

Account Selection Process:

  1. Install the IDPartner Button:

    • Add the IDPartner Button to your web front-end application. This button facilitates the integration with IDPartner's services.

  2. Create Backend Routes:

    • Set up two routes in your backend application. The URLs for these routes should be defined when creating an Application in the IDPartner Console.

  3. Account Selection API:

    • Within the origin URL route of your backend application, call the account selection API using the "GET" method and the endpoint "https://auth-api.idpartner.com/oidc-proxy/auth/select-accounts".

    • Include your client ID and visitor ID as query parameters in the origin URL.

    • This API allows the user to select a bank from which you will obtain identity information.

    • The API response will include the issuer URL and ID, provided as query parameters (iss and idp_id) in the response.

OIDC Process:

  1. Retrieve Metadata:

    • If an issuer URL is present in the query parameters, retrieve the request metadata from the "/.well-known/openid-configuration" endpoint.

    • This metadata contains the necessary algorithms and endpoints for securely initiating a request and receiving claims.

  2. Create OIDC Client:

    • Create an OIDC (OpenID Connect) client using the metadata obtained from the well-known endpoint of the issuer.

    • Utilize an OIDC client library that supports your chosen programming language.

  3. User Authentication and Authorization:

    • Once the end-user successfully authenticates, the IDP (Identity Provider) will call the redirect URL with an authorization code.

  4. Exchange Authorization Code:

    • In your backend application, exchange the authorization code received from the IDP for the identity data.

    • This exchange is done through the OIDC token endpoint.

  • Sandbox Environment: Use client secret authentication.

  • Production Environment: Use mutual TLS authentication with a certificate.

Last updated