Interface Definitions

The interfaces for handling issuance and verification are provided as standard OpenID Connect (OIDC) endpoints.

There are currently two versions of the interface which provide differing levels of compliance with the OIDC standard.

Note

Condatis recommend that Version 2 of the OIDC interface is adopted by Relying Party applications as it is intended that Version 1 will be deprecated in due course.

Version 1

V1 of the OIDC interface provides two sets of endpoints: one set that supports request payloads via Pushed Authorization Request (PAR) and one that does not support PAR payloads.

V1 of the OIDC interface is available in all versions of the Credential Gateway.

PAR Authorisation

PAR provided request payloads can be used for both Issuance and Verification flows.

The endpoints that the Credential Gateway supports to provide PAR based authorisation flows are:

  • GET OpenID Configuration request (PAR specific)
  • POST Pushed Authorization Request
  • GET Authorize (PAR specific)
  • POST Token

Non-PAR Authorisation

Non-PAR requests can only be used for Verification flows.

The endpoints that the Credential Gateway supports to provide non-PAR authorisation flows are:

  • GET OpenID Configuration request (non-PAR specific)
  • GET Authorize (non-PAR specific)
  • POST Token

Version 2

V2 of the OIDC interface provides a consolidated set of endpoints that supports both PAR payloads and non-PAR initiated flows for both Issuance and Verification. It also has improved scope validation.

V2 of the OIDC interface is available in V5.0.0 upwards of the Credential Gateway.

The consolidated OIDC endpoints that the Credential Gateway supports:

  • GET OpenID Configuration request
  • POST Pushed Authorization Request
  • GET Authorize
  • POST Token

Non-PAR Limitation

If your data payload is large, you may run into URL length issues when running non-PAR requests. It is recommended that PAR authorisation requests are used for both issuance and verification to avoid this issue.

Unsupported OIDC Features

The following OIDC features are NOT supported:

  1. Response types 'id_token', 'id_token token', 'code id_token', 'code token' and 'code id_token token' are not supported.
  2. Response modes 'form_post' and 'fragment' are not supported.
  3. POST Authorize is not supported.
  4. OAuth 2.0 requests are not supported.
  5. PKCE is not supported.