Integrations
This tutorial demonstrates how to integrate Criipto Verify with Auth0.
This tutorial demonstrates how to integrate Criipto Verify with Auth0. The following steps are required to complete your first login:
In the following, you'll first configure Criipto Verify, then Auth0, and finally complete the Criipto Verify configuration with the information you get from Auth0. Once everything's configured, you can test your integration from Auth0.
First, you must register your Auth0 tenant as an application in Criipto Verify.
Once you register your Auth0 tenant, you will also need some of the information for configuring Auth0 to communicate with Criipto Verify. You get these details from your application settings in the dashboard.
Specifically, you need the following information to integrate with Auth0:
urn:criipto:samples:myapplication:no1
samples.criipto.io
If you are registering a new application, please save the initial configuration first.
After saving, you can configure the OAuth2 Code Flow for this application by following the three steps:
plainJson
to enable retrieval of plain JSON user information from the /oauth2/userinfo
endpoint.
userinfo
request. In those cases, you will need to fetch the user data directly from the token
endpoint as opposed to the userinfo
endpoint. You can do this by choosing fromTokenEndpoint
as a User info response strategy
.
Criipto Verify supports four modes for retrieving user information:
plainJson
): User information is returned from the userinfo
endpoint as a standard JSON object.signedJwt
): User information is returned from the userinfo
endpoint as a digitally signed JSON Web Token.signedAndEncryptedJwt
): User information is returned from the userinfo
endpoint as a signed and encrypted JSON Web Encryption(JWE) object.token
endpoint, embedded in the id_token
(fromTokenEndpoint
). The fromTokenEndpoint
flow is not standard, but can be useful if you are working with a product that does not call the userinfo
endpoint.You can leverage either an Enterprise Connection, or a Custom Social Connection to connect Criipto Verify with Auth0.
To integrate Criipto Verify with Auth0, you create an Auth0 OpenID Connect(OIDC) connection to communicate with Criipto Verify. Because Auth0 will not pass the acr_values
to Criipto Verify, you will have to create a new connection for every eID option that you intend to use. (acr_values
is a parameter in the /authorize
request to Criipto Verify needed to specify which kind of eID is requested).
For those cases, you can leverage our login-method specific metadata endpoints (for Enterprise Connections) and authorize URLs (for Custom Social Connections). Each of these contain an embedded and base64-encoded variant of the "raw" value normally supplied in the acr_values
.
Syntax:
https://yourdomain.criipto.id/BASE64(acr_values)/.well-known/openid-configuration
https://yourdomain.criipto.id/BASE64(acr_values)/oauth2/authorize
For example, the acr_values
of Norwegian BankID login method is urn:grn:authn:no:bankid
. This translates to dXJuOmdybjphdXRobjpubzpiYW5raWQ=
in base64 (UTF-8 charset), so the syntax will be:
https://yourdomain.criipto.id/dXJuOmdybjphdXRobjpubzpiYW5raWQ=/.well-known/openid-configuration
https://yourdomain.criipto.id/dXJuOmdybjphdXRobjpubzpiYW5raWQ=/oauth2/authorize
Below is a list of supported login methods with the corresponding base64 encoded acr_values
. Choose the ones you intend to use.
Login method | acr_values | base64 encoded |
---|---|---|
Norwegian BankID | ||
Mobile or Web (user choice): | urn:grn:authn:no:bankid | dXJuOmdybjphdXRobjpubzpiYW5raWQ= |
BankID Biometrics (level substantial): | urn:grn:authn:no:bankid:substantial | dXJuOmdybjphdXRobjpubzpiYW5raWQ6c3Vic3RhbnRpYWw= |
Norwegian Vipps Login | ||
Login with Vipps app: | urn:grn:authn:no:vipps | dXJuOmdybjphdXRobjpubzp2aXBwcw== |
Swedish BankID | ||
All options (user chooses): | urn:grn:authn:se:bankid | dXJuOmdybjphdXRobjpzZTpiYW5raWQ= |
Same device: | urn:grn:authn:se:bankid:same-device | dXJuOmdybjphdXRobjpzZTpiYW5raWQ6c2FtZS1kZXZpY2U= |
Another device (aka mobile): | urn:grn:authn:se:bankid:another-device | dXJuOmdybjphdXRobjpzZTpiYW5raWQ6YW5vdGhlci1kZXZpY2U= |
QR code: | urn:grn:authn:se:bankid:another-device:qr | dXJuOmdybjphdXRobjpzZTpiYW5raWQ6YW5vdGhlci1kZXZpY2U6cXI= |
Danish MitID | ||
Level low: | urn:grn:authn:dk:mitid:low | dXJuOmdybjphdXRobjpkazptaXRpZDpsb3c= |
Level substantial: | urn:grn:authn:dk:mitid:substantial | dXJuOmdybjphdXRobjpkazptaXRpZDpzdWJzdGFudGlhbA== |
MitID Erhverv (MitID Business): | urn:grn:authn:dk:mitid:business | dXJuOmdybjphdXRobjpkazptaXRpZDpidXNpbmVzcw== |
Finnish Trust Network | ||
BankID: | urn:grn:authn:fi:bankid | dXJuOmdybjphdXRobjpmaTpiYW5raWQ= |
Mobile certificate (Mobiilivarmenne): | urn:grn:authn:fi:mobile-id | dXJuOmdybjphdXRobjpmaTptb2JpbGUtaWQ= |
Both of the above: | urn:grn:authn:fi:all | dXJuOmdybjphdXRobjpmaTphbGw= |
Itsme | ||
Basic: | urn:grn:authn:itsme:basic | dXJuOmdybjphdXRobjppdHNtZTpiYXNpYw== |
Advanced: | urn:grn:authn:itsme:advanced | dXJuOmdybjphdXRobjppdHNtZTphZHZhbmNlZA== |
Belgium | ||
Verified e-ID: | urn:grn:authn:be:eid:verified | dXJuOmdybjphdXRobjpiZTplaWQ6dmVyaWZpZWQ= |
You can connect Auth0 to Criipto Verify by creating an OIDC Enterprise Connection. You create an OIDC connection for every login method you intend to use.
After you save a connection, you may get an error: "Error! Something happened while trying to save your connection: Issuer metadata missing the following attributes: token_endpoint".
This is due to a bug in Auth0's frontend, nothing to worry about. In this case, under the Issuer URL select Show Issuer Details and under Token Endpoint enter https://<YOUR COMPANY>.criipto.id/oauth2/token
If you are creating multiple connections, you have to enter Callback URL only once. It will be the same for every OpenID Connect connection.
To test your OpenID Connect connection, go back to the list of all OpenID Connect connections and select Try button on the right side of the connection you want to test. You will need a test user to perform testing.
Alternatively, you can leverage a Custom Social Connection to integrate with Criipto Verify via OpenID Connect. Create an OIDC connection for every login method you intend to use.
https://yourdomain.criipto.id/dXJuOmdybjphdXRobjpubzpiYW5raWQ=/oauth2/authorize?scope=openid&client_id=urn:criipto:samples:no1&redirect_uri=https://jwt.io&response_type=code
https://yourdomain.criipto.id/oauth2/token
userInfo
endpoint, e.g.:function fetchUserProfile(accessToken, context, callback) {
request.get(
{
url: 'https://yourdomain.criipto.id/oauth2/userinfo',
headers: {
Authorization: 'Bearer ' + accessToken,
},
},
(err, resp, body) => {
if (err) {
return callback(err);
}
if (resp.statusCode !== 200) {
return callback(new Error(body));
}
let bodyParsed;
try {
bodyParsed = JSON.parse(body);
} catch (jsonError) {
return callback(new Error(body));
}
const profile = {
user_id: bodyParsed.uuid,
name: bodyParsed.name,
};
callback(null, profile);
}
);
}
https://{yourAuth0Domain}/login/callback
) to your Criipto Verify application. Go to your Criipto Dashboard, and enter the Auth0 Callback URL under Callback URLs in Criipto Verify application management.Test your Custom Social Connection by clicking the Try Connection button located in the top right corner.
Almost all eID types have a notion of test users and real users.
Real users are real people logging in to a web site, thus voluntering their real name and typically also a social security number, SSN.
Test users are either created by you for the occasion, or we provide you with access to already created test users.
You may read more in the section on eIDs
How to integrate your application with Auth0 depends on the technology you are working with. Refer to the Auth0 quickstart guide for more details.