Configure an OIDC Client

Configures an OIDC Verifier Client on your tenant.

In order to verify a credential using an OpenID Connect Authorization Code Flow, you need to set up an OIDC Client application. This is the client that will engage with your configured OIDC Verifier to initiate the verification workflow. There is a list of OIDC Client apps, also known as Relying Party Libraries, on the OpenID website. Pick one which you feel comfortable with.

When dealing with personal identity information it is strongly recommended to follow the Authorization Code Flow which ensures sensitive data is transmitted via the /token endpoint back-channel.

Analytics Events

OIDC_VERIFIER_CLIENT_CREATE_STARTOIDC_VERIFIER_CLIENT_CREATE_SUCCESSOIDC_VERIFIER_CLIENT_CREATE_FAIL

Roles

adminverifier

POST/ext/oidc/v1/verifiers/{id}/clients

Authorization

AuthorizationBearer <token>

In: header

Path Parameters

idstring

Verifier ID

Formatuuid

Request Body

The client payload

namestring

Insert a meaningful name for your OIDC Client.

redirectUrisarray<string>

This array can include a list of URLs. One of the URIs in that list must match the callback URI configured for your OIDC Client for the Authorization Request:

Must be a valid URL.
Must use the HTTPS protocol.
Must not be an IP address.
Must not include query parameters.
For testing, it’s okay to add a localhost uri like https://localhost:9090/callback

responseTypes?array<string>

Determines the authorization processing flow.

grantTypes?array<string>

OAuth Grant Type.

tokenEndpointAuthMethod?string

OAuth Token Endpoint Authentication Method.

idTokenSignedResponseAlgstring

Algorithm must match configured jwks. Defaults to ES256.

applicationType?string

logoUri?string

The logo to display above the QR code.

Formaturi

Response Body

curl -X POST "https://example.vii.au01.mattr.global/ext/oidc/v1/verifiers/41458e5a-9092-40b7-9a26-d4eb43c5792f/clients" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "OIDC Client for the verifier",
    "redirectUris": [
      "https://example.com/callback"
    ],
    "responseTypes": [
      "code"
    ],
    "grantTypes": [
      "authorization_code"
    ],
    "tokenEndpointAuthMethod": "client_secret_post",
    "idTokenSignedResponseAlg": "ES256",
    "applicationType": "web",
    "logoUri": "https://example.com/logo.png"
  }'

curl -X POST "https://example.vii.au01.mattr.global/ext/oidc/v1/verifiers/41458e5a-9092-40b7-9a26-d4eb43c5792f/clients" \  -H "Content-Type: application/json" \  -d '{    "name": "OIDC Client for the verifier",    "redirectUris": [      "https://example.com/callback"    ],    "responseTypes": [      "code"    ],    "grantTypes": [      "authorization_code"    ],    "tokenEndpointAuthMethod": "client_secret_post",    "idTokenSignedResponseAlg": "ES256",    "applicationType": "web",    "logoUri": "https://example.com/logo.png"  }'

{
  "id": "da9bb6e4-c9ae-4468-b6ac-72b90d6efd5d",
  "secret": "H2epdcmNJ46hXJo5opdzvhbZK9W2ZGPkQh.E",
  "name": "OIDC Client for the verifier",
  "redirectUris": [
    "https://example.com/callback"
  ],
  "responseTypes": [
    "code"
  ],
  "grantTypes": [
    "authorization_code"
  ],
  "tokenEndpointAuthMethod": "client_secret_post",
  "idTokenSignedResponseAlg": "ES256",
  "applicationType": "web",
  "logoUri": "https://example.com/logo.png"
}

{
  "code": "string",
  "message": "string",
  "details": [
    {
      "value": "string",
      "msg": "Invalid value",
      "param": "id",
      "location": "body"
    }
  ]
}