4 Authenticating using OpenID

MyID provides a standards-based OAuth2 OpenID Connect authentication and authorization service that allows you to:

• Carry out server-to-server authentication for the MyID Core API.

  See the Server-to-server authentication section in the MyID Core API guide.

• Carry out end-user authentication for the MyID Core API.

  See the End-user authentication section in the MyID Core API guide.

• Carry out end-user authentication for your own external systems.

  See section 4.1, Configuring the web service for OpenID and section 4.2, Obtaining an identity token.

The authentication service uses the following standards:

• OAuth2

  This is the authorization framework used by the MyID authentication service.

  For more information, see The OAuth 2.0 Authorization Framework RFC:

  tools.ietf.org/html/rfc6749

• OpenID Connect

  OpenID Connect is an identity layer on top of the OAuth 2.0 protocol that allows external systems to verify the identity of an end user based on the authentication performed by an authorization server (in this case, the MyID authentication service), as well as to obtain basic profile information about the end user.

  For more information, see the OpenID Connect website:

  openid.net/connect

• Proof Key for Code Exchange (PKCE)

  PKCE is a system for securing requests for authorization codes and using them to request access or identity tokens.

  For more information, see the Proof Key for Code Exchange by OAuth Public Clients RFC:

  tools.ietf.org/html/rfc7636

• JSON Web Token (JWT)

  JWT is a standard for the signed tokens that the MyID authentication service issues after authentication. This is either an access token (for example, used by a client to call the MyID Core API) or an identity token (for example, used by an external system to authenticate the identity of an end user).

  For more information, see the JSON Web Token (JWT) RFC:

  tools.ietf.org/html/rfc7519

• Fast IDentity Online (FIDO)

  FIDO is a standard for interoperable authentication tokens.

  For more information, see the FIDO Alliance website:

  fidoalliance.org/fido2/fido2-web-authentication-webauthn

  For information about integrating MyID with FIDO authenticators, see the FIDO Authenticator Integration Guide.