Standards
Last updated
Last updated
Copyright © 2021 MOSIP. This work is licensed under a Creative Commons Attribution (CC-BY-4.0) International License unless otherwise noted.
eSignet implements OpenID Connect and OAuth 2.0 flows to work its magic. We have chosen the most secure and trustworthy flows to ensure user privacy and data security.
It relies on SBI (Secure Biometric Interface) to enable an ecosystem of biometric players. To have a look at the supported devices, click here.
eSignet also leverages emerging standards for using verifiable credentials with OpenID and for wallet integration.
To learn more about the open standards followed by eSignet, read:
As eSignet incorporates OpenID Connect, a wide range of client libraries are available for seamless integration. Therefore, it is recommended to avoid creating custom code for the integration process.
eSignet implements and supports only the flows mentioned below:
Standards | Flow | Client authentication |
---|---|---|
With the principle of security by design, the support is provided for confidential clients only. The authorization code flow involves exchanging an authorization code for a token. This exchange requires client application authentication. Our supported client authentication method is private-key-jwt
only which ensures that the token is given to a legitimate client. We also support the PKCE security extension for exchanging an authorization code for a token, which guarantees that the authorization code was obtained by the same client application performing the exchange.
Note: In eSignet, currently S256 Challenge method is supported in PKCE implementation.
eSignet OAuth2.0 implementation is not a full-fledged authorization server and supports only the bare minimum required for OpenID4VCI and OIDC flow.
eSignet system does not support roles, as it is designed to be integrated with national level identity solution which can be used by the residents of the country, where roles are not required.
OAuth 2.0
Authorization Code with PKCE
private-key-jwt
OIDC
Authorization Code with PKCE
private-key-jwt
OpenID4VCI
Authorization Code flow (Wallet-initiated) returning Just In Time VC
private-key-jwt