Skip to main content

Integration guide with OIDC

This page describes how to integrate with SPID using the OpenID Connect (OIDC).

Prerequisites

To integrate using OIDC, you must to configure:

Learn how to do this in the eID and Wallet Hub Quick start guide.

SPID Flows

SPID is designed to provide alternative flows to meet your business needs. SPID flows determine the attributes of an individual's data that a service provider can retrieve.

Signicat matches the different SPID flow with different configuration options. This section describes how to control those flow options when using the OIDC protocol.

You can control the SPID flow by choosing the scope parameter connected to the OIDC client:

For an overview of the attributes that belong to each scope, see the scopes and claims for OIDC table.

Scopes

To associate a specific scope with your OIDC client:

  1. In the Signicat Dashboard, navigate to Products > eID and Wallet Hub > OIDC clients and select the OIDC client you configured for SPID.
  2. Select Edit to view your client configuration.
  3. Navigate to the Access tab.
  4. In the "Allowed scopes" section, add the SPID scopes. You can choose between:
    • openid (required)
    • nin
    • spid
    • spid-extra
  5. Select Update to save your changes.

Example of authentication

Here is an example authentication URL:

https://test.sandbox.signicat.example/auth/open/connect/authorize?
&client_id=dev-test-client-123
&response_type=code
&scope=openid%20nin%20spid
&redirect_uri=https://myservice.example/redirect
&state=1599045135410-jFe
&prompt=login

The URL consists of a base URL https://<YOUR_SIGNICAT_DOMAIN>/auth/open/connect/authorize and the parameters:

  • client_id: OIDC Client ID you created on Dashboard.
  • scope: OIDC scopes that determine the SPID flow. openid is a required parameter.
    SPID scopes

    SPID supports the following scopes: spid, nin, spid-extra. You can find a complete overview in the Attributes reference page.

  • redirect_uri: the URI where the end-user is redirected to at the end of the authentication flow.
  • response_type: based on the response flow you set for the OIDC Client (this is an advanced feature).

You can view examples of responses and explore the scopes and claims in the Attributes reference page.

On this page