The MPin protocol involves cryptographic operations over stored cryptographic material on the client-side. That is the reason the MIRACL Trust service provides a browser client for its authentication that handles all of that. It handles also enrolment, identity management and much more.
# Custom authentication page
# Enable custom authentication clients
To enable custom authentication clients, CORS requests should be allowed from the MIRACL Trust portal. This is done by setting the Allowed CORS Domains property in your project’s settings to the domain where the web client is hosted.
# What is CORS
Browsers restrict cross-origin HTTP requests by default. This is done to prevent certain attacks. This means that by default a web application can only request resources from the same domain the application is running on. Cross-origin resource sharing (CORS) is an HTTP-header based mechanism that allows restricted resources to be accessed from a domain different than the requesting one. It relies on the “preflight” request that the browser makes to check if the server permits the actual request using headers that indicate the HTTP method and headers of the actual request. If the resource is allowed for the requesting domain, the server response contains the Access-Control-Allow-Origin header with the value of the requesting domain.