Skip to main content
Version: v2.0 (latest)

Where OIDC Web Fits

OIDC Web sits in the exact place any OpenID Provider sits in your application's architecture:

A standard OIDC integration has three moving parts, and OIDC Web provides two of them:

  • Discovery. OIDC Web publishes an OpenID Provider metadata document at the standard /.well-known/openid-configuration URL. Your OIDC library reads it to learn every endpoint and capability automatically.
  • The authorization endpoint. Your application redirects the user's browser here to start a login. The browser lands on an iProov-hosted verification page, where the user completes a brief face scan. OIDC Web then redirects the browser back to your registered redirect URI, exactly like any OIDC authorization-code redirect.
  • The token and userinfo endpoints. Your application exchanges the returned authorization code for tokens with ordinary OIDC calls, then reads the result claims.

Because the contract is standard OIDC, OIDC Web works with off-the-shelf relying-party libraries in every major language. OIDC Web also plugs directly into enterprise IAM platforms that speak OIDC. Supported platforms include Microsoft Entra ID (as an External Authentication Method), OneLogin, and Ping.