Integration Overview

How It Works

BindID is based upon the OpenID Connect (OIDC) standard—offering you a simple and easy deployment. The BindID SDK makes integrating even easier.

  1. Your web app uses the BindID SDK to request authorization with the BindID Service.
  2. BindID authenticates the user using strong authenticators supported by the mobile device or computer.
  3. BindID returns an auth code to your redirect URI.
  4. Your app uses a backend API to exchange the auth code for ID and access tokens containing info on the authenticated user.
  5. If needed, your app uses a backend API to access UserInfo.
  6. If needed, your app uses a backend API to report additional authentication you performed for the user and set a user alias.

Architecture

The following diagram provides a high-level illustration of the BindID architecture:

The BindID architecture includes the following:

  • Users—Each associated with one or more devices and authenticators
  • Service Provider Frontend—Web applications integrated with the BindID SDK, running on a Browser
  • Service Provider Backend—Servers used to host the web apps, and invoke backend BindID APIs
  • BindID Service—Server used to execute the BindID authentication process and backend BindID APIs

Integration Steps

Step 1: Enroll with BindID Service

Enroll with BindID to get your credentials, customize your branding, and configure other provider-level settings.

Step 2: Integrate BindID SDK

Integrate the client SDK into your web application, which will be used to execute an OIDC-based authentication for the user.

Step 3: Get User Identity and Trust

Implement the backend OIDC /token API used to exchange the OIDC authorization code for an ID token, which identifies the user and contains trust indicators. If needed, you can integrate the OIDC /userinfo API to exchange your access token for the user info.

Step 4: Validate ID Tokens

Implement the backend OIDC /jwks API used to validate ID tokens obtained from the /token endpoint.

Step 5: Provide Session Feedback

Implement the backend session-feedback API used to report direct authentication you execute for the user and set a user alias, so that it will be reflected in the ID token for subsequent requests.