Skip to main content

Set up an OIDC client

To start authenticating users with OpenID Connect, you first need to register an OIDC client in the Signicat Dashboard.

An OIDC client provides you with a Client ID that you use in your authentication requests. Depending on the authentication grant type (flow), you may need to add a client secret.

On this page, you can learn about how to create and configure an OIDC client in the Signicat Dashboard and prepare yourself to connect to eIDs in the Signicat eID and Wallet Hub.

Video instructions

You can find a video that shows you how to set up an OIDC client in the Tutorial video section.

Add a new OIDC client

To add a new OIDC client in the Signicat Dashboard, do the following:

  1. Go to Signicat Dashboard > Products > eID and Wallet Hub > OIDC clients.
  2. Select Add client.
  3. Configure the following properties:
    • Primary grant type: Choose the grant type you want to implement. We strongly recommend AuthorizationCode. For more information about grant types, refer to the OIDC specification and the OAuth 2.0 specification.
    • Create client from template: Optional. Choose a template to suit your use case. Doing this prefills your client configuration automatically.
    • Client name: Enter a name for the client.
    • Redirect URI: Enter the URL where you want to redirect your end-user after they authenticate with an eID. You can add several redirect URIs after you create the client.
    • Scope: Select the scopes for the user attributes you want to retrieve with this client. openid is mandatory. profile and nin are necessary in most cases. You can see the definition of profile and other predefined scopes in the OIDC specification. You find scope definitions in the specific eIDs documentation.
  4. Select Create to create the new client.
Success!

You have now created a new OIDC client. You can view and edit your client in the Products > eID and Wallet Hub > OIDC clients page.

Before you can start using the client in your application, you might need to add extra configurations. The next sections explain how to extend your client configuration for the different types of authentication flow.

How to create a client secret

To add a secret to your OIDC client, do the following:

  1. In the Signicat Dashboard, navigate to Products > eID and Wallet Hub > OIDC clients.
  2. Select Edit next to your client name.
  3. In the client menu, go to the Secrets tab, then select Add secret.
  4. Enter a name for your client secret, then select Generate secret.
  5. Copy your new client secret and store it safely.
Important

Make sure you copy and store your client secret securely. You can view your client secret only once, when you create it. If you ever lose your secret, you must create a new one.

OIDC configuration options

We support additional configuration options for OIDC clients, such as:

  • PKCE (Proof Key for Code Exchange): We strongly recommend using PKCE. To enable PKCE in your OIDC client, navigate to the Advanced > Security tab and tick Require PKCE.
  • Encryption: If you require encryption, you can upload a public key by navigating to the Advanced > Public keys tab and clicking + Add public key.
  • Redirect URIs: To configure additional redirect URIs, navigate to the URIs tab, then click Add new.
  • Scopes: To add or remove scopes from your client, navigate to the Access tab and enter the scope code in the Allowed scopes field.

Try it out

You can run a test authentication with your OIDC application by using OAuth Tools, a public web application to test OIDC flows.

To learn how to run a test authentication with an eID, visit the Test connections guide.

Tutorial video

This video shows you how to set up an OpenID Connect (OIDC) Client for our solutions in the Signicat Dashboard.

On this page