OpenID Connect (OIDC) is an authentication protocol based on the OAuth 2.0 specifications. While OAuth 2.0 is about resource access and sharing, OIDC is all about end-user authentication.
MIRACL Trust is a standards-compliant OpenID Connect provider. You can use any OIDC Relying Party Library to integrate with MIRACL Trust. For a list of certified OpenID Connect Libraries, see https://openid.net/developers/certified-openid-connect-implementations/.
To use Custom User Verification with OpenID Connect (OIDC), you must set up a Custom Verification URL in the MIRACL Trust Portal. This Custom Verification URL is needed for the verification of the User ID after the end user starts their registration. When the end user’s User ID is verified, you must request the Verification URL to be sent from the platform (as described in Custom User Verification).
Note that the Custom Verification URL is different from the Verification URL. The Custom Verification URL is the URL for registering in your system that you set up in the MIRACL Trust Portal. The Verification URL is issued by the platform and is used to transfer the verification to the platform, finishing the verification flow.
If the registration is successful, the enrolment process is completed. End users can now authenticate using the PIN chosen for the device. They can go through the verification process for each device they want to use for authentication or use QuickCode, if enabled, to enrol additional devices using the already enrolled one.
# Flow
sequenceDiagram Client ->> RPA: Request protected resource RPA ->>+ MIRACL Trust Authorization Page: Redirect to MIRACL Trust OIDC Authorization Page for authentication opt User verification MIRACL Trust Authorization Page -->>+ RPA: Redirect to the Custom Verification URL on record RPA ->> RPA: Verify user RPA ->>- MIRACL API: Provide verification MIRACL API -->> RPA: Return Verification URL RPA -->> Client: Deliver Verification URL Client ->> MIRACL Trust Authorization Page: Open Verification URL MIRACL Trust Authorization Page ->> MIRACL Trust Authorization Page: Enrol device end MIRACL Trust Authorization Page ->> MIRACL Trust Authorization Page: Authenticate MIRACL Trust Authorization Page -->>- Client: Redirect to the OIDC Redirect URL on record Client ->> RPA: Request protected resource with proof of authentication RPA ->>+ MIRACL API: Exchange Access Code for ID Token and Access Token MIRACL API -->>- RPA: Return ID Token and Access Token RPA -->> Client: Provide protected resource
RPA stands for Relying Party Application; in this case, it is your application’s backend.
