Standards

eSignet implements OpenID Connect and OAuth 2.0 flows to work its magic. We have chosen the most secure and trustworthy flows to ensure user privacy and data security.

It relies on SBI (Secure Biometric Interface) to enable an ecosystem of biometric players. To have a look at the supported devices, click here.

eSignet also leverages emerging standards for using verifiable credentials with OpenID and for wallet integration.

To learn more about the open standards followed by eSignet, read:

• OAuth 2.0

• OpenID Connect

• OpenID4VCI

• IEEE SA P3167 SBI 2.0

As eSignet incorporates OpenID Connect, a wide range of client libraries are available for seamless integration. Therefore, it is recommended to avoid creating custom code for the integration process.

eSignet implements and supports only the flows mentioned below:

With the principle of security by design, the support is provided for confidential clients only. The authorization code flow involves exchanging an authorization code for a token. This exchange requires client application authentication. Our supported client authentication method is private-key-jwt only which ensures that the token is given to a legitimate client. We also support the PKCE security extension for exchanging an authorization code for a token, which guarantees that the authorization code was obtained by the same client application performing the exchange.

Note: In eSignet, currently S256 Challenge method is supported in PKCE implementation.

eSignet as OAuth 2.0 server

• eSignet OAuth2.0 implementation is not a full-fledged authorization server and supports only the bare minimum required for OpenID4VCI and OIDC flow.

• eSignet system does not support roles, as it is designed to be integrated with national level identity solution which can be used by the residents of the country, where roles are not required.