OIDC Verifier Client

Configure an OIDC Client

Configures an OIDC Verifier Client on your tenant.

In order to verify a credential using an OpenID Connect Authorization Code Flow, you need to set up an OIDC Client application. This is the client that will engage with your configured OIDC Verifier to inititate the verification workflow. There is a list of OIDC Client apps, also known as Relying Party Libraries, on the OpenID website. Pick one which you feel comfortable with.

When dealing with personal identity information it is strongly recommended to follow the Authorization Code Flow which ensures sensitive data is transmitted via the /token endpoint back-channel.

Analytic events

  • OIDC_VERIFIER_CLIENT_CREATE_START
  • OIDC_VERIFIER_CLIENT_CREATE_SUCCESS
  • OIDC_VERIFIER_CLIENT_CREATE_FAIL
SecuritybearerAuth
Request
path Parameters
id
required
string <uuid>

Verifier ID

Example: 41458e5a-9092-40b7-9a26-d4eb43c5792f
Request Body schema: application/json
required

The client payload

name
required
string

Insert a meaningful name for your OIDC Client.

redirectUris
required
Array of strings <uri>

This array can include a list of URLs. One of the URIs in that list must match the callback URI configured for your OIDC Client for the Authorization Request:

  • Must be a valid URL.
  • Must use the HTTPS protocol.
  • Must not be an IP address.
  • Must not include query parameters.
  • For testing, it’s okay to add a localhost uri like https://localhost:9090/callback
responseTypes
Array of strings

Determines the authorization processing flow.

grantTypes
Array of strings

OAuth Grant Type.

tokenEndpointAuthMethod
string

OAuth Token Endpoint Authentication Method.

idTokenSignedResponseAlg
required
string

Algorithm must match configured jwks. Defaults to ES256.

applicationType
string
logoUri
string <uri>

The logo to display above the QR code.

Responses
201

OIDC Client configured

400

Bad Request

post/ext/oidc/v1/verifiers/{id}/clients
Request samples
application/json
{
  • "name": "OIDC Client for the verifier",
  • "redirectUris": [],
  • "responseTypes": [
    ],
  • "grantTypes": [
    ],
  • "tokenEndpointAuthMethod": "client_secret_post",
  • "idTokenSignedResponseAlg": "ES256",
  • "applicationType": "web",
}
Response samples
application/json
{
  • "id": "da9bb6e4-c9ae-4468-b6ac-72b90d6efd5d",
  • "secret": "H2epdcmNJ46hXJo5opdzvhbZK9W2ZGPkQh.E",
  • "name": "OIDC Client for the verifier",
  • "redirectUris": [],
  • "responseTypes": [
    ],
  • "grantTypes": [
    ],
  • "tokenEndpointAuthMethod": "client_secret_post",
  • "idTokenSignedResponseAlg": "ES256",
  • "applicationType": "web",
}

Retrieve all OIDC Clients

Returns a list of all OIDC Verifier Clients on the Tenant.

Analytic events

  • OIDC_VERIFIER_CLIENT_RETRIEVE_LIST_START
  • OIDC_VERIFIER_CLIENT_RETRIEVE_LIST_SUCCESS
  • OIDC_VERIFIER_CLIENT_RETRIEVE_LIST_FAIL
SecuritybearerAuth
Request
path Parameters
id
required
string <uuid>

Verifier ID

Example: 41458e5a-9092-40b7-9a26-d4eb43c5792f
query Parameters
limit
number [ 1 .. 1000 ]

Range size of returned client entries, default 100

Example: limit=2
cursor
string

Starting point for the range of client entries

Example: cursor=Y3JlYXRlZEF0PTIwMjAtMDgtMjVUMDY6NDY6MDkuNTEwWiZpZD1h
Responses
200

OIDC Clients retrieved

400

Bad Request

get/ext/oidc/v1/verifiers/{id}/clients
Request samples
Response samples
application/json
{
  • "nextCursor": "Y3JlYXRlZEF0PTIwMjAtMDgtMjVUMDY6NDY6MDkuNTEwWiZpZD1hNjZmZmVhNS04NDhlLTQzOWQtODBhNC1kZGE1NWY1M2UzNmM",
  • "data": {
    }
}

Retrieve an OIDC Client

Retrieves an existing OIDC Verifier Client by providing its ID.

Analytic events

  • OIDC_VERIFIER_CLIENT_RETRIEVE_START
  • OIDC_VERIFIER_CLIENT_RETRIEVE_SUCCESS
  • OIDC_VERIFIER_CLIENT_RETRIEVE_FAIL
SecuritybearerAuth
Request
path Parameters
id
required
string <uuid>

OIDC Verifier ID

Example: 41458e5a-9092-40b7-9a26-d4eb43c5792f
clientId
required
string <uuid>

OIDC Verifier Client ID

Example: da9bb6e4-c9ae-4468-b6ac-72b90d6efd5d
Responses
200

OIDC Verifier Client retrieved

400

Bad Request

404

OIDC Verifier Client not found

get/ext/oidc/v1/verifiers/{id}/clients/{clientId}
Request samples
Response samples
application/json
{
  • "id": "da9bb6e4-c9ae-4468-b6ac-72b90d6efd5d",
  • "secret": "H2epdcmNJ46hXJo5opdzvhbZK9W2ZGPkQh.E",
  • "name": "OIDC Client for the verifier",
  • "redirectUris": [],
  • "responseTypes": [
    ],
  • "grantTypes": [
    ],
  • "tokenEndpointAuthMethod": "client_secret_post",
  • "idTokenSignedResponseAlg": "ES256",
  • "applicationType": "web",
}

Update an OIDC Client

Updates an existing OIDC Verifier Client by providing its ID.

Analytic events

  • OIDC_VERIFIER_CLIENT_UPDATE_START
  • OIDC_VERIFIER_CLIENT_UPDATE_SUCCESS
  • OIDC_VERIFIER_CLIENT_UPDATE_FAIL
SecuritybearerAuth
Request
path Parameters
id
required
string <uuid>

OIDC Verifier ID

Example: 41458e5a-9092-40b7-9a26-d4eb43c5792f
clientId
required
string <uuid>

OIDC Verifier Client ID

Example: da9bb6e4-c9ae-4468-b6ac-72b90d6efd5d
Request Body schema: application/json
required

Update a client

name
required
string

Insert a meaningful name for your OIDC Client.

redirectUris
required
Array of strings <uri>

This array can include a list of URLs. One of the URIs in that list must match the callback URI configured for your OIDC Client for the Authorization Request:

  • Must be a valid URL.
  • Must use the HTTPS protocol.
  • Must not be an IP address.
  • Must not include query parameters.
  • For testing, it’s okay to add a localhost uri like https://localhost:9090/callback
responseTypes
Array of strings

Determines the authorization processing flow.

grantTypes
Array of strings

OAuth Grant Type.

tokenEndpointAuthMethod
string

OAuth Token Endpoint Authentication Method.

idTokenSignedResponseAlg
required
string

Algorithm must match configured jwks. Defaults to ES256.

applicationType
string
logoUri
string <uri>

The logo to display above the QR code.

Responses
200

OIDC Verifier Client updated

400

Bad Request

404

OIDC Verifier Client not found

put/ext/oidc/v1/verifiers/{id}/clients/{clientId}
Request samples
application/json
{
  • "name": "OIDC Client for the verifier",
  • "redirectUris": [],
  • "responseTypes": [
    ],
  • "grantTypes": [
    ],
  • "tokenEndpointAuthMethod": "client_secret_post",
  • "idTokenSignedResponseAlg": "ES256",
  • "applicationType": "web",
}
Response samples
application/json
{
  • "id": "da9bb6e4-c9ae-4468-b6ac-72b90d6efd5d",
  • "secret": "H2epdcmNJ46hXJo5opdzvhbZK9W2ZGPkQh.E",
  • "name": "OIDC Client for the verifier",
  • "redirectUris": [],
  • "responseTypes": [
    ],
  • "grantTypes": [
    ],
  • "tokenEndpointAuthMethod": "client_secret_post",
  • "idTokenSignedResponseAlg": "ES256",
  • "applicationType": "web",
}

Delete an OIDC Client

Deletes an existing OIDC Verifier Client by providing its ID.

Analytic events

  • OIDC_VERIFIER_CLIENT_DELETE_START
  • OIDC_VERIFIER_CLIENT_DELETE_SUCCESS
  • OIDC_VERIFIER_CLIENT_DELETE_FAIL
SecuritybearerAuth
Request
path Parameters
id
required
string <uuid>

OIDC Verifier ID

Example: 41458e5a-9092-40b7-9a26-d4eb43c5792f
clientId
required
string <uuid>

OIDC Verifier Client ID

Example: da9bb6e4-c9ae-4468-b6ac-72b90d6efd5d
Responses
204

OIDC Verifier Client deleted.

400

Bad Request

404

OIDC Verifier Client not found

delete/ext/oidc/v1/verifiers/{id}/clients/{clientId}
Request samples
Response samples
application/json
{
  • "code": "BadRequest",
  • "message": "Validation Error",
  • "details": [
    ]
}