BioID Connect - The Biometric Identity Service

BioID Connect
BioID Connect

With the BioID Web Service (BWS) we provide an anonymous biometric service. To handle the users that want to use biometrics for authentication, we additionally provide an identity service we call BioID Connect, which connects BWS with individual users.

BioID Connect uses ASP.NET Core Identity to manage the users, assigns a Biometric Class ID (BCID) to each user to deal with the biometric data of the user and gives developers access to the identities via OpenID Connect and/or the OAuth 2.0 authorization framework.

BioID Connect is built on our BioID Web Service, and so offers the same biometric quality and features (enrollment, verification, liveness detection, anonymous user data, etc.)

Although a standard BWS implementation is also relatively easy, using BioID Connect has several advantages:

  • No UI development or hosting and little or no development required
  • Shorter learning curve due to use of standard protocol
  • No need to touch any biometric data (just like a payment gateway lets you avoid touching credit card data)

OpenID Connect Identity Provider

OpenID Foundation

BioID Connect is an OpenID Connect Identity Provider (OpenID Provider) as described by the OpenID Connect Specification. BioID Connect therefore supports OpenID Connect as well as the OAuth 2.0 authorization framework.

Using standard OpenID Connect clients, developers can authenticate their users using biometrics across websites and apps without implementing their own password- and BCID-management.

BioID's OpenID Provider implementation

The BioID Connect implementation is based on the open source project AspNet.Security.OpenIdConnect.Server. The OpenID Provider Issuer URL of this implementation is https://account.bioid.com/connect. Therefore, to obtain the OpenID Provider Configuration Information the JSON discovery document is available at: https://account.bioid.com/connect/.well-known/openid-configuration

{
  "issuer": "https://account.bioid.com/",
  "authorization_endpoint": "https://account.bioid.com/connect/authorize",
  "token_endpoint": "https://account.bioid.com/connect/token",
  "introspection_endpoint": "https://account.bioid.com/connect/introspect",
  "end_session_endpoint": "https://account.bioid.com/connect/logout",
  "userinfo_endpoint": "https://account.bioid.com/connect/userinfo",
  "jwks_uri": "https://account.bioid.com/connect/.well-known/jwks",
  "grant_types_supported": [
    "implicit",
    "authorization_code",
    "refresh_token",
    "client_credentials",
    "password"
  ],
  "response_types_supported": [
    "token",
    "code",
    "code token",
    "id_token",
    "id_token token",
    "code id_token",
    "code id_token token"
  ],
  "response_modes_supported": [
    "form_post",
    "fragment",
    "query"
  ],
  "scopes_supported": [
    "openid",
    "bcid",
    "email",
    "offline_access",
    "phone",
    "profile"
  ],
  "id_token_signing_alg_values_supported": [
    "RS256"
  ],
  "code_challenge_methods_supported": [
    "plain",
    "S256"
  ],
  "subject_types_supported": [
    "public"
  ],
  "token_endpoint_auth_methods_supported": [
    "client_secret_basic",
    "client_secret_post"
  ],
  "introspection_endpoint_auth_methods_supported": [
    "client_secret_basic",
    "client_secret_post"
  ]
}

BioID Connect client application credentials

To use the BioID Connect mechanism via OpenID Connect or via OAuth 2.0, you have to register a client application to obtain the credentials that are required to send requests to the various endpoints. For this purpose, registered client applications get a client ID and a client secret assigned. Also, at least one authorized redirect URI must be registered. Other information can be added which is shown to the user with the so called Consent-Dialog, which pops up the first time a user logs in into your client application.

You can register and manage your clients on the BioID Connect settings page of your BioID profile.

BioID mobile authenticator

With BioID Connect and our mobile app you can add strong facial recognition to your mobile websites and apps in minutes.