iProov OIDC Web — Product Specification
Biometric face verification as an OpenID Connect login · OIDC Core · OAuth 2.0 · FAPI 2.0
Document version 1.1 · June 2026
iProov OIDC Web is a hosted OpenID Provider where logging in is a live face verification in the browser. This specification covers what OIDC Web is and how it works.
Part A — What is OIDC Web
- Overview — What OIDC Web is and why it exists
- Where OIDC Web Fits — Architecture and integration model
- Verification Levels — Dynamic and Express Liveness
- Authentication Modes — What the face is compared against
- First-Factor and Second-Factor Authentication — Deployment patterns
- Managing the User Lifecycle — User-management API overview
- Standards Conformance — The standards OIDC Web is built on
- Why We Prefer Signed Authorization Requests — Security rationale
Part B — Capabilities and Flows
- Authorization Code Flow With PKCE
- Signed Authorization Requests (JAR)
- Pushed Authorization Requests (PAR)
- Decoupled Authentication (CIBA)
- Token Binding and Client Authentication
- What Your Application Receives
- Data Retention and Privacy
- Legacy Flows
- Security Posture
For step-by-step integration instructions, see the Integration & User Guide.