Learn

Verify a Credential using OIDC Bridge

Overview

OpenID Connect is a standard web authentication protocol that allows developers to manage user identities in a simple and interoperable manner. Its main purpose is to allow software clients to verify the identity of end-users and manage a basic profile associated with each user.

OIDC Bridge is an extension provided by MATTR that enables anyone to seamlessly adopt existing tools and frameworks around OpenID Connect without inheriting many of the limitations that typically come with supporting legacy technology (the protocol was first introduced in 2014). It also puts users, or data subjects, back in control of their data whilst remaining interoperable with the OIDC protocol.

Users who manage credentials they have received in their own Mobile Wallet can create verifiable presentations of that data upon request. Verifiers who need to establish the identity of their users can use existing systems to start an OIDC authentication flow with the OIDC Bridge. The Extension uses the Presentation Request Templates on the Platform to communicate what information the Verifier needs to obtain from a user's credentials and then validates the presentations they receive, authenticating users upon success according to the OIDC protocol.

Steps

To get started verifying credentials using OIDC Bridge, check out the following tutorials:

Before you start make sure that you Create a Presentation Request Template and know the template ID -- A Presentation Request Template defines which credentials are required for presentation. This is used to create the actual Presentation Request that the Mobile Wallet uses to determine which credential(s) that the Verifier will accept.

1. Setup an OIDC Credential Verifier -- An OIDC Credential Verifier kicks off the interaction required for a verifier to request a credential.

2. Configure a Client -- OIDC Clients initiate the Authorization Code Flow with an OAuth2/OIDC Authorization Request, which prompts the platform to create the Presentation Request.

3. Manually Verify a Credential -- The Mobile Wallet must process the Presentation Request to provide a Credential Presentation. This step performs the validation required to establish the integrity and authenticity of a Credential Presentation.

Additionally:

- To have a hands-on approach to running an OIDC Client in a local development environment go to Set up an OpenID Client App.

- Get a list of Common Credential to OpenID Connect Claim Mappings which can be copied into your OIDC Credential Verifier configuration.

- Jump over to learn how to use DID Authentication to Authenticate a DID using the OIDC Bridge which can enable OIDC Clients to be extended for authorization use-cases.