iProov OIDC Web — Integration & User Guide
How to integrate biometric face-verification login over OpenID Connect.
Document version 1.1 · June 2026
Part A — Getting Started
- How to Read This Guide
- Environments and the Discovery Document
- Registering Your Application (iPortal)
- Redirect URIs, Client Types, and Signing Keys
- Enabling OIDC Web: The
faceauthScopes - Choosing the Authentication Mode:
login_hint
Part B — Implementing the Flows
- Authorization Code Flow With PKCE
- Signed Authorization Requests (JAR) — Recommended
- Pushed Authorization Requests (PAR) — Recommended
- Client Authentication
- Sender-Constrained Tokens (DPoP and mTLS)
- Decoupled Authentication (CIBA)
- Using OIDC Web as a Second Factor (Workforce MFA)
- Managing Biometric Profiles: The User-Management API
- Reading the Result: Claims,
acr, and Retries - Logout and Token Revocation
- Legacy Flows (Implicit and Hybrid)
- Best-Practice Checklist
- Common Errors
- What Your Users Will See
For the conceptual overview, see the Product Specification.