# Credify's OpenID Connect
# What's OpenID Connect?
TIP
OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol. It allows Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server, as well as to obtain basic profile information about the End-User in an interoperable and REST-like manner.
OpenID Connect allows clients of all types, including Web-based, mobile, and JavaScript clients, to request and receive information about authenticated sessions and end-users. The specification suite is extensible, allowing participants to use optional features such as encryption of identity data, discovery of OpenID Providers, and session management, when it makes sense for them.
Reference: https://openid.net/connect/
OAuth generates access token, while OpenID Connect (OIDC) issues ID token as well as access token. ID token has user's authorized claim values encoded. Scope has many claims, and each claim will represent some data like email, phone, profile, etc.
# Available scopes in Credify
# Standard scopes
The following scopes are provided by Credify idX. When you use the Credify's OIDC with the following scopes, users will be able to determine whether or not they will give the permissions to your service. Each piece of data is represented as a claim, but OIDC clients can use scopes to specify which claims they want to receive.
| Scope | Description |
|---|---|
openid | Indication of OpenID Connect to generate ID Token (required) |
offline_access | This will enable the OIDC clients to call userinfo API if endusers are not logged in |
profile | Name |
phone | Phone number |
email | Email address |
address | Address |
blockchain_id | Addresses associated blockchain accounts if any |
ekyc | KYC information |
Each scope has a verified flag as well as the value.
# Custom claims
You can change the role of your service to claim provider in Credify Dashboard. Claim provider can register new custom scopes to provide other participants with its data. Once you register your custom claims, you will need to call Credify's API to attach claim values to idX users, who are also users on your service. Then, other participants will be able to access the data you have shared with idX users.
# Scopes list
There is a list of available scopes in serviceX UI.
# The usage of access token
Users that go through OIDC will obtain access token and ID token. Access token allows you to call Credify's userinfo API to retrieve the user's claim values. All the claim values are encrypted with your encryption public key (RSA key), so only your service can decrypt it.