2 Setting up the standalone authentication service

The standard web.oauth2 MyID authentication service (web.oauth2) runs on the MyID web server with the other MyID web services, and communicates with the MyID database through the MyID application server. This places a reliance on the entire MyID system; for a mission-critical authentication service, providing access to crucial systems, you may need to use a standalone version of this service – web.oauth2.ext – that does not rely on the MyID infrastructure.

For example, the MyID AD FS Adapter OAuth relies on the standalone version of the web service instead of the standard MyID authentication service; see section 3, MyID AD FS Adapter OAuth for details. You can choose to use either the standard or standalone versions of the web service when obtaining an identity token using OpenID; see section 4, Authenticating using OpenID Connect.

The standalone authentication service communicates directly with the MyID main and authentication databases; as the service is used for authentication and not registration, it needs read-only access to the main MyID database, and needs read-write access only for the authentication database.

Note: Currently, the standalone authentication service supports only the FIDO method authentication; you cannot use the standalone authentication service to provide authentication using MyID security phrases, smart cards, or authentication codes, for example.

This section contains information on: