Identity Hub 1.0 - Integration Guide
Introduction
This section describes the technical integration with the Connective Identity Hub.
The API for the Identity Hub is based on the OpenID Connect protocol, specifically the Authorization Code Flow. The Connective implementation is a basic implementation of this protocol. This document will describe the protocol as implemented for the Connective Identity Hub.
The OpenID Connect protocol goes as follows:
- The customer application redirects the end user’s browser to the Identity Hub’s Authorization Endpoint, indicating what user information will be requested.
- The Identity Hub redirects to the Authorization Endpoint of the requested Identity Provider.
- The user identifies himself by a means supported by the Identity Provider.
- The Identity Hub redirects the user’s browser to customer application with a “code”.
- The customer application’s backend calls the Token Endpoint and authorizes itself, in exchange the customer application receives an “access token” (to get access to the user’s data) and an “id token” which mainly serves as an identifier for the user.
- The customer application’s backend calls the UserInfo endpoint to retrieve the requested user information formatted as claims.
The Identity Hub also implements the Jwks Endpoint which lets the customer application retrieve all public keys necessary to verify JWT tokens which were issued by the service.
The OpenID Connect Discovery endpoint can be called to retrieve information of where all the other endpoints are located and what modes are supported.