Standards & Security
Building on the most trusted security protocols.
Last updated
Was this helpful?
Building on the most trusted security protocols.
Last updated
Was this helpful?
eSignet is built on industry-leading security standards, ensuring robust privacy and data protection. It implements and , leveraging the most secure and trusted authentication flows to safeguard user identities.
eSignet integrates to enable an ecosystem of biometric players. Please refer to view the list of supported devices. Additionally, eSignet:
Adopts emerging standards for verifiable credentials with OpenID and seamless wallet integration.
With eSignet v1.5.0, support has been introduced for under OpenID Connect for fetching the verified user claims and their metadata.
eSignet integrates with HSM PKCE 11 for the safe and secure storage of signing keys.
eSignet implements OpenID Connect Discovery 1.0. Below are the supported well-knowns.
OpenID Configuration
/.well-known/openid-configuration
Jwks Json
/.well-known/jwks.json
Authorization Server
/.well-known/oauth-authorization-server
OpenID Credential Issuer
/.well-known/openid-credential-issuer
eSignet provides a limited implementation of the OpenID protocol, supporting the following RFCs and standards:
- Authorization code flow support
- PKCE security extension
- JWT profile for client authentication
As eSignet incorporates OpenID Connect, a wide range of client libraries are available for seamless integration. Therefore, it is recommended to avoid creating custom code for the integration process.
eSignet implements and supports only the flows mentioned below:
OAuth 2.0
Authorization Code with PKCE
private-key-jwt
OIDC
Authorization Code with PKCE
private-key-jwt
Identity Assurance 1.0
Authorization Code with PKCE
private-key-jwt
Authorization Code Flow – Exchanges an authorization code for a token, requiring client authentication.
Private-key-jwt - Our supported client authentication method is private-key-jwt only which ensures that the token is given to a legitimate client.
eSignet’s OAuth 2.0 implementation is a lightweight solution designed specifically for OIDC authentication flows. It does not function as a full-fledged authorization server but provides the essential capabilities required for identity verification and kyc. Additionally, eSignet:
Does not support role-based access control - As it is designed for integration with national-level identity solutions, where predefined roles are not necessary.
- ID token and access token as JWT
- Followed for both openid and oauth well-knowns
PKCE - We also support the (Proof Key for Code Exchange) security extension for exchanging an authorization code for a token, which guarantees that the authorization code was obtained by the same client application performing the code exchange.