📏Standards

eSignet is built on industry-leading security standards, ensuring robust privacy and data protection. It implements OpenID Connect and OAuth 2.0, leveraging the most secure and trusted authentication flows to safeguard user identities.

Security and Interoperability

• eSignet integrates SBI (Secure Biometric Interface) to enable an ecosystem of biometric players. Please refer here to view the list of supported devices.

• It adopts emerging standards for verifiable credentials with OpenID and seamless wallet integration.

• With eSignet v1.5.0, support has been introduced for Identity Assurance under OpenID Connect for fetching the verified user claims and their metadata.

For more details on the open standards followed by eSignet, please refer to the below links:

• OAuth 2.0

• OpenID Connect

• IEEE SA P3167 SBI 2.0

• Identity Assurance 1.0

Supported Authentication Flows

As eSignet incorporates OpenID Connect, a wide range of client libraries are available for seamless integration. Therefore, it is recommended to avoid creating custom code for the integration process.

eSignet implements and supports only the flows mentioned below:

With the principle of security by design, the support is provided for confidential clients only.

Security Enhancements

The authorization code flow involves exchanging an authorization code for a token. This exchange requires client application authentication.

• Private-key-jwt - Our supported client authentication method is private-key-jwt only which ensures that the token is given to a legitimate client.

• PKCE - We also support the PKCE (Proof Key for Code Exchange) security extension for exchanging an authorization code for a token, which guarantees that the authorization code was obtained by the same client application performing the code exchange.

eSignet as OAuth 2.0 server

• eSignet’s OAuth 2.0 implementation is a lightweight solution designed specifically for OIDC authentication flows. It does not function as a full-fledged authorization server but provides the essential capabilities required for identity verification.

• Additionally, eSignet does not support role-based access control as it is designed for integration with national-level identity solutions, where predefined roles are not necessary.