Before you can begin integrating with the MIRACL Trust authentication services, you must register as a developer in the management portal at https://miracl.com/get-started/.
Now fill in your details and click ‘Submit’:
You will then be presented with the login screen. Here you can register a new ID and create a PIN code for in-browser authentication. Or you can scan a QR code, either with the MIRACL Trust app if you already have it installed, or with a normal QR reader which will prompt you to download and install the app:
Whether you choose in-browser or mobile app login, you will be prompted to:
- Create identity
- Confirm your identity (by email activation)
- Create a 4-digit PIN
Once logged in, go to ‘Apps’ and click ‘Add a New app’.
Now enter the details for your app:
The Redirect URL is the URL which is used to send the user back to your app once authentication has been approved, to enable the final retrieval of user details.
If your app runs locally on
http://127.0.0.1:5000, then the redirect URL will
have the form of
http://127.0.0.1:5000/login, where the
usually handles the OIDC code exchange for ID and access tokens.
Client ID and secret
When you create a new app, you will be issued with the Client ID and Client Secret credentials that you need to specify when building your app with the SDK. Note that your Client Secret will only be issued to you once so it must be grabbed when first displayed:
Client ID can then be copied at any time from the app settings screen:
You can control the Login Methods available (QR Code requires customer usage of the mobile app. While Browser Login enables logging in within the desktop browser, without the mobile app)
Armed with this information you are now ready to continue your integration!
Generate new app keys
- Click on Apps in the main navigation.
Your apps list is displayed.
- Click on Settings against the required app.
- The App Keys & Settings tab is displayed.
- Click on the Generate New Keys button.
A dialog box is displayed asking if you wish to proceed.
Click on the Yes button.
Click on the Show Keys button to display your newly-generated client secret.
Identities and verification are setup per company. Identities are shared between different application in the company. In this way your users can have the same identity across all your applications.
If you want your identities separated between testing and production, you should create a different company. In other words, if you want to use a test environment that is different to your live environment, use a different company name. We recommend adding “Sandbox” to your company name for such purposes, for example if you are “ABC Ltd”, use “ABC Ltd Sandbox” as your company name for all your testing.
Default identity verification
By default, when a MIRACL Trust application is created, the identity used for this application is an email. To verify the ownership of this email address the platform does an email verification flow. When an enrolment is initiated for an application using the default verification flow the user is asked to enter the email they want to enrol with. At that point, an email is sent to the email address containing a one-time use link. By following the link the user proves that they own the email address and the MPin ID enrolment process is initiated with a PIN prompt. Only the device where the enrolment link is opened is enroled during this process. This way the verification link can’t be used in a phishing attack. To enrol a different device the user can use the Quick Code mechanism that allows users to enrol a second device from an already enroled device using a one-time code.
The verification flow can be completely overhauled using the pluggable verification mechanism.
- To function optimally, the MIRACL Trust portal requires Google Chrome 15+, Internet Explorer 11+, Firefox 46+, Microsoft Edge 11 / 12.
- The mobile application has a minimum requirement of Android 4.1 and iOS 8.