OpenID Connect Identity Provider

OpenID Connect 1.0

BioID now also has an OpenID Connect Identity Provider (OpenID Provider) available. Using standard OpenID Connect clients, developers can now authenticate their users using biometrics across websites and apps without implementing their own password- and BCID-management.

Please note that a client-ID and -secret is required to use the BioID Connect services. In order to register and manage your clients, go to your profile page.

BioID's OpenID Provider implementation

The OpenID Provider Issuer URL of our implementation is https://account.bioid.com/connect. Therfore, to obtain the OpenID Provider Configuration Information the JSON discovery document is available at: https://account.bioid.com/connect/.well-known/openid-configuration

{
  "issuer": "https://account.bioid.com/",
  "authorization_endpoint": "https://account.bioid.com/connect/authorize",
  "token_endpoint": "https://account.bioid.com/connect/token",
  "introspection_endpoint": "https://account.bioid.com/connect/introspect",
  "end_session_endpoint": "https://account.bioid.com/connect/logout",
  "userinfo_endpoint": "https://account.bioid.com/connect/userinfo",
  "jwks_uri": "https://account.bioid.com/connect/.well-known/jwks",
  "grant_types_supported": [
    "implicit",
    "authorization_code",
    "refresh_token",
    "client_credentials",
    "password"
  ],
  "response_types_supported": [
    "token",
    "code",
    "code token",
    "id_token",
    "id_token token",
    "code id_token",
    "code id_token token"
  ],
  "response_modes_supported": [
    "form_post",
    "fragment",
    "query"
  ],
  "scopes_supported": [
    "openid",
    "bcid",
    "email",
    "offline_access",
    "phone",
    "profile"
  ],
  "id_token_signing_alg_values_supported": [
    "RS256"
  ],
  "code_challenge_methods_supported": [
    "plain",
    "S256"
  ],
  "subject_types_supported": [
    "public"
  ],
  "token_endpoint_auth_methods_supported": [
    "client_secret_basic",
    "client_secret_post"
  ],
  "introspection_endpoint_auth_methods_supported": [
    "client_secret_basic",
    "client_secret_post"
  ]
}

The implementation is based on a OpenID Connect server middleware project at GitHub: AspNet.Security.OpenIdConnect.Server

Please refer to the OpenID Connect web site for a description and the specification of OpenID Connect.

Clients (Relying Parties): Any standard OpenID Connect client should be able to use this OpenID Provider. Anyway, for testing we currently use the Microsoft OWIN OpenID Connect client, which is available as a NuGet package.

Important note:

Our OpenID Connect server implementation is still in a beta state!